Log Analysis..

CyberHunter · June 6, 2013

Hello, I ran, Norton Security, MalwareBytes, SpyBot SD, and a few others it seems not to detect anything. I assume its a Browser Hijack, because my web pages don't directly go to their page, it changes to:

Click.Sureonlinefind.com OR http://myfindhere.in/index.php?search=free pc help

hijack see this.txt

OTL.Txt

Extras.Txt

Starbuck · June 7, 2013

Hi CyberHunter and welcome to FPCH.

P2P Warning

Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Ares, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. That is no longer true.

P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

You will not then be surprised to hear that:

Click.Sureonlinefind.com redirect virus is also prevalent on peer-to-peer file sharing websites and is often packaged with pirated or illegally acquired software.

Step 1

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 2

Download CKScanner

Important - Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file has been saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

In your next reply, please submit:

JRT.txt

CKFiles.txt

Thanks.

CyberHunter · June 8, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by COMPUTER on Sat 06/08/2013 at 13:28:24.78

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\fun web products

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\funwebproducts

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibar_install_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibar_install_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\incredibartoolbar_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9DC9122A-65A5-4EC1-AF06-F9DB919BC693}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\adawaretb"

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"

Successfully deleted: [Folder] "C:\Users\COMPUTER\appdata\local\tempdir"

Successfully deleted: [Folder] "C:\Users\COMPUTER\appdata\local\wondershare"

Successfully deleted: [Folder] "C:\Users\COMPUTER\appdata\locallow\adawaretb"

Successfully deleted: [Folder] "C:\Users\COMPUTER\appdata\locallow\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\COMPUTER\appdata\locallow\funwebproducts"

Successfully deleted: [Folder] "C:\Users\COMPUTER\appdata\locallow\mywebsearch"

Successfully deleted: [Folder] "C:\Users\COMPUTER\appdata\locallow\search settings"

Successfully deleted: [Folder] "C:\Program Files (x86)\adawaretb"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\mybabylon_english"

Successfully deleted: [Folder] "C:\Program Files (x86)\search settings"

Successfully deleted: [Folder] "C:\Program Files (x86)\wondershare"

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{077989B1-402E-48E5-9820-34947E514701}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{08A7AF1E-128D-4614-A3B5-7FA28DBD8F7B}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{1A933DD5-B6C3-4455-B679-BE08ABDF6B51}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{1EA6BC8F-A57A-4490-95F4-CEC701EDE209}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{356FC923-B922-43AC-8568-B824D90791A6}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{3B02054F-41E2-485D-81E3-B38ED7E21703}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{468B3A08-4A2A-4B00-A8B9-95D47087E595}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{6366C6AD-CD45-4E9F-8D6F-5C6FB25471CC}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{649D6A68-CF0F-4A86-9949-F90C974F21EE}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{6DBD1973-49AE-44FF-AAC5-FE527E4306B7}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{70C70C75-B5C5-4DF9-AD33-59C6A29377D9}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{74379F66-CBAA-4B5B-931C-4E5058884034}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{7CE5CB05-8848-49C8-9D6B-9B1097CA3AEF}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{88C3116F-1213-4A6C-9D6D-D1ED829E44D5}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{8919BDF2-EC4E-4DCC-AC61-0D6D9CEC89D4}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{A04A4888-0F77-44C8-B3D2-B2E45DC3F8AE}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{A4B7C769-AE2C-4DD2-A861-7098AACBFD3D}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{A93ED406-6C85-465E-AF0A-96FB30FDBC61}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{B68D3F8A-2819-4094-BFB5-12D743AE7419}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{CA58C408-867A-49E2-8498-A3571D441DD7}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{D2F6F8C9-116B-4798-ADA9-6DF2533853E8}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{D5A6F3C4-239D-4623-90FF-8F3FE9311D6C}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{D6260D3E-0119-4FAE-8629-C6FEDAACDCC9}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{D658EEF4-89F9-4886-8DE7-E6EB6153E8BB}

Successfully deleted: [Empty Folder] C:\Users\COMPUTER\appdata\local\{F9D73A2E-749E-4637-AC4A-30D2CBB8D239}

~~~ FireFox

Successfully deleted: [File] C:\user.js

~~~ Chrome

Dumping contents of C:\Users\COMPUTER\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\COMPUTER\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg

C:\Users\COMPUTER\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\background.js

C:\Users\COMPUTER\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\ContentScript.js

C:\Users\COMPUTER\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\manifest.json

Successfully deleted: [Folder] C:\Users\COMPUTER\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/08/2013 at 13:32:15.59

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CyberHunter · June 8, 2013

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad

c:\users\computer\desktop\desktop files to organize\cracked files bbb\bbb.nfo

c:\users\computer\desktop\desktop files to organize\cracked files bbb\msvcr90.dll

c:\users\computer\desktop\desktop files to organize\recover-my-files-professional-v4-5-2-751\huong-dan-crack.txt

c:\users\computer\desktop\dvdfab platinum v8.1.5.9 + crack [chattchitto rg]\dvdfab platinum v8.1.5.9 + crack [chattchitto rg].exe

c:\users\computer\desktop\music hits 2012\[kat.ph]minecraft.1.5.1.cracked.full.installer.online.server.list.torrent

c:\users\computer\desktop\music hits 2012\[kat.ph]minecraft.1.5.2.cracked.full.installer.online.server.list.torrent

c:\users\computer\desktop\music hits 2012\[kat.ph]spyhunter.4.1.11.0.crack.torrent

c:\users\computer\desktop\music hits 2012\[kat.ph]wondershare.video.converter.ultimate.v6.0.0.18.including.crack.h33t.iahq76.torrent

c:\users\computer\desktop\spyhunter 4.1.11.0 + crack\readme.txt

c:\users\computer\desktop\spyhunter 4.1.11.0 + crack\spyhunters.exe

c:\users\computer\desktop\wondershare video converter ultimate v6.0.0.18 including crack [h33t][iahq76]\readme!.txt

c:\users\computer\desktop\wondershare video converter ultimate v6.0.0.18 including crack [h33t][iahq76]\video-converter-ultimate_full.exe

c:\users\kevin\desktop\cynthia crack.txt

scanner sequence 3.IJ.11.QKAPPC

----- EOF -----

Starbuck · June 9, 2013

Hi CyberHunter

As you can see your system has quite a few Cracked programs installed.

It is the site policy here to refuse help until all cracked programs are removed.

These cracked programs are illegal.

We can't be seen to help with illegal actions.... and we won't.

Once you have removed them, re-run CKScanner and posted the new report we can continue.

CyberHunter · June 9, 2013

Okay understood.

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11.GGCFRF

----- EOF -----

Starbuck · June 9, 2013

Hi CyberHunter

That's great, thank you.

Step 1

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 7 Update 21 and save it to your desktop.
Scroll down to where it says "Java SE 7 Update 21".
Click the "Download JRE" button.
Accept the license agreement.
select 'Windows x64.exe' from the list.
Save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on downloaded icon to install the newest version.

Step 2

Let's have a fresh set of OTL reports now so we can see what is left to deal with.

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.
Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Thanks

CyberHunter · June 9, 2013

OTL logfile created on: 6/9/2013 1:04:45 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\COMPUTER\Desktop\SPYWARE LOGS

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.44 Gb Available Physical Memory | 73.98% Memory free

12.00 Gb Paging File | 10.13 Gb Available in Paging File | 84.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 8.80 Gb Free Space | 1.89% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: COMPUTER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\COMPUTER\Desktop\SPYWARE LOGS\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

PRC - C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)

PRC - C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe (Portrait Displays, Inc)

PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)

PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe ()

PRC - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()

PRC - C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link)

PRC - C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll ()

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\wincfi39.dll ()

MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()

MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll ()

MOD - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll ()

MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Floater.exe ()

MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe ()

MOD - C:\Program Files (x86)\Portrait Displays\Pivot Software\Winphook.dll ()

MOD - C:\Windows\SysWOW64\WlanApp.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ScsiAccess) -- C:\Program Files (x86)\Photodex\ProShowGold\scsiaccess.exe ()

SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe (Symantec Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (Realtek87B) -- C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)

SRV - (DTSRVC) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe ()

SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA64.sys (Symantec Corporation)

DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.sys (Symantec Corporation)

DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)

DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Ironx64.sys (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symnets.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.sys (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (RTL8187) -- C:\Windows\SysNative\drivers\rtl8187.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\Dnetr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )

DRV:64bit: - (PdiPorts) -- C:\Windows\SysNative\drivers\pdiports.sys (Portrait Displays, Inc.)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130608.009\ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130608.009\eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130607.001\IDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {9DC9122A-65A5-4EC1-AF06-F9DB919BC693}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 A2 39 5F E9 62 CE 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/19 00:09:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013/06/08 16:40:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013/06/09 13:00:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/06 17:45:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/03 05:46:02 | 000,000,000 | ---D | M]

[2013/06/05 10:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COMPUTER\AppData\Roaming\Mozilla\Extensions

[2013/06/07 14:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\lxhpeyqt.default\extensions

[2013/06/07 14:34:12 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\lxhpeyqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2013/03/04 02:09:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/12/05 00:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2013/06/05 10:27:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/06/05 10:27:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/06/08 16:40:44 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPLGN

[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Norton Safe Search (Enabled)

CHR - default_search_provider: search_url = http://nortonsafe.search.ask.com/web?q={searchTerms}&o=15527&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&tpr=111

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.bing.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Switchy! Chrome Extension 1.6 (Enabled) = C:\Users\COMPUTER\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\plugins/npSwitchy.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Proxy Switchy! = C:\Users\COMPUTER\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\

CHR - Extension: AdBlock = C:\Users\COMPUTER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\

CHR - Extension: Norton Identity Protection = C:\Users\COMPUTER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.0.32_0\

O1 HOSTS File: ([2013/06/06 12:31:11 | 000,000,902 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\IPS\ipsbho.dll (Symantec Corporation)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\coieplg.dll (Symantec Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found

O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe (D-Link)

O4 - HKLM..\Run: [DT HPW] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()

O4 - HKLM..\Run: [PivotSoftware] C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Facebook Update] "C:\Users\COMPUTER\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found

O4 - HKCU..\Run: [Google Update] "C:\Users\COMPUTER\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found

O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\Run: [skinClock] C:\Users\COMPUTER\Desktop\DTClock.exe File not found

O4 - Startup: C:\Users\COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E3A3E8A-AA4D-4373-972E-9469F699F7B5}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AE47F9B-8E1C-46F5-B612-64C394EF9706}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E084EC-2CFA-44D7-9C90-B47D0E816E74}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013/06/06 12:27:56 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{d3e8d382-e180-11e1-a07a-cf5a3e479e60}\Shell - "" = AutoRun

O33 - MountPoints2\{d3e8d382-e180-11e1-a07a-cf5a3e479e60}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/09 12:57:42 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013/06/09 12:57:41 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/06/09 12:57:41 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/06/09 12:57:37 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/06/09 12:57:37 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/06/09 12:57:37 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/06/09 12:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/06/09 12:51:41 | 033,119,648 | ---- | C] (Oracle Corporation) -- C:\Users\COMPUTER\Desktop\jre-7u21-windows-x64.exe

[2013/06/08 19:13:33 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\The Incredible Burt Wonderstone (2013)

[2013/06/08 16:57:35 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1

[2013/06/08 16:55:36 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files

[2013/06/08 16:40:04 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013/06/08 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared

[2013/06/08 16:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec

[2013/06/08 16:39:47 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA64.sys

[2013/06/08 16:39:47 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.sys

[2013/06/08 16:39:47 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS64.sys

[2013/06/08 16:39:47 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symnets.sys

[2013/06/08 16:39:47 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Ironx64.sys

[2013/06/08 16:39:47 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.sys

[2013/06/08 16:39:47 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.sys

[2013/06/08 16:39:47 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymELAM.sys

[2013/06/08 16:39:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64

[2013/06/08 16:39:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1401000.018

[2013/06/08 16:39:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

[2013/06/08 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security

[2013/06/08 16:37:55 | 145,802,744 | ---- | C] (Symantec Corporation) -- C:\Users\COMPUTER\Desktop\NIS-TW-30-20-1-0-24-EN-US.exe

[2013/06/08 13:28:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/06/08 13:27:39 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/08 13:27:19 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\COMPUTER\Desktop\JRT.exe

[2013/06/07 14:41:42 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\ThuggyIpod

[2013/06/07 14:32:17 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Local\yahoo.venom

[2013/06/07 14:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging

[2013/06/07 14:21:54 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll

[2013/06/07 12:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender

[2013/06/07 12:53:46 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\QuickScan

[2013/06/07 12:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender

[2013/06/07 04:18:01 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Bitdefender Total Security 2013 v16.28.0.1789 x86 +trial reset

[2013/06/07 03:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses

[2013/06/07 03:39:04 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\INVATION WORD

[2013/06/07 01:32:34 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\AbiSuite

[2013/06/07 01:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor

[2013/06/06 22:31:19 | 000,051,496 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2013/06/06 17:49:29 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\LavasoftStatistics

[2013/06/06 17:46:00 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\SPYWARE LOGS

[2013/06/06 17:45:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations

[2013/06/06 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner

[2013/06/06 17:44:33 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

[2013/06/06 12:27:43 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

[2013/06/06 12:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group

[2013/06/06 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2013/06/05 17:31:16 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\RK_Quarantine

[2013/06/05 17:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2013/06/05 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/06/05 12:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/06/05 11:41:40 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\moco pix 2013

[2013/06/05 10:26:15 | 021,289,608 | ---- | C] (Mozilla) -- C:\Users\COMPUTER\Desktop\Firefox Setup 21.0.exe

[2013/06/05 02:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2013/06/02 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Identity Thief (2013)

[2013/06/01 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\The Incredible Hulk (2008)

[2013/06/01 17:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param

[2013/06/01 17:13:19 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Documents\Wondershare Video Converter Ultimate

[2013/06/01 17:13:19 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\Wondershare Video Converter Ultimate

[2013/06/01 17:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare

[2013/06/01 17:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare Video Converter Ultimate

[2013/06/01 15:08:21 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Hansel.and.Gretel.Witch.Hunters.2013.DVDRip.XviD-P2P

[2013/06/01 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Jack the Giant Slayer (2013)

[2013/05/30 13:29:46 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Hells Kitchen Season 3

[2013/05/28 15:38:58 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\.minecraft

[2013/05/25 00:57:07 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Cd Church

[2013/05/24 22:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2013/05/24 22:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2013/05/22 22:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold

[2013/05/22 22:55:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex Presenter

[2013/05/22 22:55:27 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\Netscape

[2013/05/22 22:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photodex

[2013/05/22 22:54:11 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\Photodex

[2013/05/22 22:54:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Photodex

[2013/05/19 13:58:04 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Kevin vids

[2013/05/18 11:04:38 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\[ www.UsaBit.com ] - Iron Man 3 2013 R6 LiNE READNFO XViD - JUSTiCE

[2013/05/16 10:48:10 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Llorar me llama

[2013/05/16 10:45:52 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Pata Maria

[2013/05/16 10:44:49 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Pata Maria 2

[2013/05/15 10:50:49 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Hells Kitchen Season 1

[2013/05/14 21:01:06 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Hells Kitcken Season One

[2013/05/14 19:20:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/14 19:20:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/14 19:20:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/05/14 19:20:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/05/14 19:20:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/05/14 19:20:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/14 19:20:32 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/05/14 19:20:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/05/14 19:20:32 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/05/14 19:20:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/05/14 19:20:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/05/14 19:20:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/05/14 19:20:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/14 19:20:30 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/14 19:20:30 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/14 18:31:47 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/14 18:31:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/14 18:31:39 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/14 18:31:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/14 18:31:38 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/14 18:31:38 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/14 18:31:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/05/13 18:34:41 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\ClipConverter

[2013/05/13 18:33:34 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\AppData\Roaming\Lunaweb

[2013/05/13 11:41:42 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\Gangster Squad (2013) DVDRip XviD-MAXSPEED

[2013/05/12 01:20:45 | 000,000,000 | ---D | C] -- C:\Users\COMPUTER\Desktop\The Hurt Locker (2008)

[2010/06/28 18:16:59 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\COMPUTER\AppData\Roaming\pcouffin.sys

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/09 13:07:06 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/09 13:07:06 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/09 13:00:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cbffcde443ddcb.job

[2013/06/09 12:59:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/09 12:59:24 | 536,260,607 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/09 12:57:31 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/06/09 12:57:31 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/06/09 12:57:31 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/06/09 12:57:30 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/06/09 12:57:30 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013/06/09 12:57:30 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/06/09 12:51:54 | 033,119,648 | ---- | M] (Oracle Corporation) -- C:\Users\COMPUTER\Desktop\jre-7u21-windows-x64.exe

[2013/06/09 03:40:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/09 02:35:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1302321551-618078555-2556507216-1001UA.job

[2013/06/09 02:18:56 | 000,431,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/06/08 21:27:40 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/06/08 21:27:40 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/06/08 21:27:40 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/06/08 20:35:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1302321551-618078555-2556507216-1001Core.job

[2013/06/08 17:31:56 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\VT20130115.021

[2013/06/08 16:57:36 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2013/06/08 16:55:26 | 135,933,721 | ---- | M] () -- C:\Users\COMPUTER\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe

[2013/06/08 16:40:40 | 002,308,027 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Cat.DB

[2013/06/08 16:40:04 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS

[2013/06/08 16:40:04 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013/06/08 16:40:04 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013/06/08 16:38:53 | 145,802,744 | ---- | M] (Symantec Corporation) -- C:\Users\COMPUTER\Desktop\NIS-TW-30-20-1-0-24-EN-US.exe

[2013/06/08 13:46:42 | 000,459,264 | ---- | M] () -- C:\Users\COMPUTER\Desktop\CKScanner.exe

[2013/06/08 13:27:27 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\COMPUTER\Desktop\JRT.exe

[2013/06/08 02:52:23 | 000,007,022 | ---- | M] () -- C:\Users\COMPUTER\Desktop\billy.jpg

[2013/06/08 02:43:02 | 000,006,166 | ---- | M] () -- C:\Users\COMPUTER\Desktop\mason1.jpg

[2013/06/08 02:16:53 | 000,028,207 | ---- | M] () -- C:\Users\COMPUTER\Desktop\bill-clinton-picture.jpg

[2013/06/07 21:47:55 | 000,238,422 | ---- | M] () -- C:\ProgramData\1370666820.bdinstall.bin

[2013/06/07 14:28:11 | 000,573,676 | ---- | M] () -- C:\ProgramData\1370639802.bdinstall.bin

[2013/06/07 14:23:16 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml

[2013/06/07 14:22:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf

[2013/06/07 14:14:38 | 000,059,203 | ---- | M] () -- C:\ProgramData\1370639613.bdinstall.bin

[2013/06/07 12:56:28 | 000,554,680 | ---- | M] () -- C:\ProgramData\1370634777.bdinstall.bin

[2013/06/07 12:51:10 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/06/07 02:47:23 | 000,026,693 | ---- | M] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_01 Jun. 07 02.47.gif

[2013/06/06 22:31:19 | 000,051,496 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys

[2013/06/06 17:44:32 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

[2013/06/06 17:41:21 | 000,032,702 | ---- | M] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_02 Jun. 06 17.41.gif

[2013/06/06 17:41:08 | 000,031,805 | ---- | M] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_01 Jun. 06 17.41.gif

[2013/06/06 13:53:33 | 000,077,520 | ---- | M] () -- C:\ProgramData\1370551967.bdinstall.bin

[2013/06/06 13:52:46 | 000,022,880 | ---- | M] () -- C:\ProgramData\1370551965.bdinstall.bin

[2013/06/06 13:50:09 | 000,025,016 | ---- | M] () -- C:\ProgramData\1370551803.bdinstall.bin

[2013/06/06 13:50:03 | 000,023,548 | ---- | M] () -- C:\ProgramData\1370551800.bdinstall.bin

[2013/06/06 13:49:53 | 000,137,358 | ---- | M] () -- C:\ProgramData\1370551595.bdinstall.bin

[2013/06/06 12:31:11 | 000,000,902 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/06/06 12:27:56 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2013/06/05 17:25:27 | 000,003,848 | ---- | M] () -- C:\Windows\SysNative\.crusader

[2013/06/05 12:42:19 | 000,000,195 | ---- | M] () -- C:\Windows\wininit.ini

[2013/06/05 10:27:45 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/05 10:26:21 | 021,289,608 | ---- | M] (Mozilla) -- C:\Users\COMPUTER\Desktop\Firefox Setup 21.0.exe

[2013/06/05 02:10:09 | 001,402,880 | ---- | M] () -- C:\Users\COMPUTER\Desktop\HiJackThis.msi

[2013/05/22 23:16:50 | 011,045,133 | ---- | M] () -- C:\Users\COMPUTER\Desktop\Marcela.pxc

[2013/05/22 23:08:28 | 000,086,300 | ---- | M] () -- C:\Users\COMPUTER\Desktop\Marcela.psh

[2013/05/22 22:55:31 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\ProShow Gold.lnk

[2013/05/21 02:48:08 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCOMPUTER.job

[2013/05/15 01:51:23 | 000,017,091 | ---- | M] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_01 May. 15 01.51.gif

[2013/05/15 00:21:36 | 002,998,339 | ---- | M] () -- C:\Users\COMPUTER\Desktop\Llora, me llama - Grupo Play [LETRA].mp3

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/08 17:32:05 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\VT20130115.021

[2013/06/08 16:57:36 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk

[2013/06/08 16:52:13 | 135,933,721 | ---- | C] () -- C:\Users\COMPUTER\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe

[2013/06/08 16:40:05 | 002,308,027 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Cat.DB

[2013/06/08 16:40:04 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT

[2013/06/08 16:40:04 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF

[2013/06/08 16:39:39 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA.inf

[2013/06/08 16:39:39 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS.inf

[2013/06/08 16:39:39 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymNet.inf

[2013/06/08 16:39:39 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.inf

[2013/06/08 16:39:39 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.inf

[2013/06/08 16:39:39 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symELAM.inf

[2013/06/08 16:39:39 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.inf

[2013/06/08 16:39:39 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Iron.inf

[2013/06/08 16:39:29 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymELAM64.cat

[2013/06/08 16:39:29 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymVTcer.dat

[2013/06/08 16:39:29 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.cat

[2013/06/08 16:39:29 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.cat

[2013/06/08 16:39:29 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA64.cat

[2013/06/08 16:39:29 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symnet64.cat

[2013/06/08 16:39:29 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.cat

[2013/06/08 16:39:29 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS64.cat

[2013/06/08 16:39:29 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\iron.cat

[2013/06/08 16:39:29 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\isolate.ini

[2013/06/08 13:46:40 | 000,459,264 | ---- | C] () -- C:\Users\COMPUTER\Desktop\CKScanner.exe

[2013/06/08 02:52:22 | 000,007,022 | ---- | C] () -- C:\Users\COMPUTER\Desktop\billy.jpg

[2013/06/08 02:43:01 | 000,006,166 | ---- | C] () -- C:\Users\COMPUTER\Desktop\mason1.jpg

[2013/06/08 02:16:51 | 000,028,207 | ---- | C] () -- C:\Users\COMPUTER\Desktop\bill-clinton-picture.jpg

[2013/06/08 00:30:29 | 000,001,235 | ---- | C] () -- C:\Users\COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

[2013/06/07 21:47:55 | 000,238,422 | ---- | C] () -- C:\ProgramData\1370666820.bdinstall.bin

[2013/06/07 14:28:11 | 000,573,676 | ---- | C] () -- C:\ProgramData\1370639802.bdinstall.bin

[2013/06/07 14:23:16 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml

[2013/06/07 14:22:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf

[2013/06/07 14:14:38 | 000,059,203 | ---- | C] () -- C:\ProgramData\1370639613.bdinstall.bin

[2013/06/07 12:56:28 | 000,554,680 | ---- | C] () -- C:\ProgramData\1370634777.bdinstall.bin

[2013/06/07 02:47:23 | 000,026,693 | ---- | C] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_01 Jun. 07 02.47.gif

[2013/06/06 17:41:21 | 000,032,702 | ---- | C] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_02 Jun. 06 17.41.gif

[2013/06/06 17:41:08 | 000,031,805 | ---- | C] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_01 Jun. 06 17.41.gif

[2013/06/06 13:53:33 | 000,077,520 | ---- | C] () -- C:\ProgramData\1370551967.bdinstall.bin

[2013/06/06 13:52:46 | 000,022,880 | ---- | C] () -- C:\ProgramData\1370551965.bdinstall.bin

[2013/06/06 13:50:09 | 000,025,016 | ---- | C] () -- C:\ProgramData\1370551803.bdinstall.bin

[2013/06/06 13:50:03 | 000,023,548 | ---- | C] () -- C:\ProgramData\1370551800.bdinstall.bin

[2013/06/06 13:49:53 | 000,137,358 | ---- | C] () -- C:\ProgramData\1370551595.bdinstall.bin

[2013/06/06 12:27:56 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2013/06/05 17:25:27 | 000,003,848 | ---- | C] () -- C:\Windows\SysNative\.crusader

[2013/06/05 12:42:18 | 000,000,195 | ---- | C] () -- C:\Windows\wininit.ini

[2013/06/05 10:27:45 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/06/05 02:10:08 | 001,402,880 | ---- | C] () -- C:\Users\COMPUTER\Desktop\HiJackThis.msi

[2013/06/01 17:05:30 | 000,727,952 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll

[2013/05/24 22:10:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2013/05/22 23:08:28 | 011,045,133 | ---- | C] () -- C:\Users\COMPUTER\Desktop\Marcela.pxc

[2013/05/22 23:08:28 | 000,086,300 | ---- | C] () -- C:\Users\COMPUTER\Desktop\Marcela.psh

[2013/05/15 01:51:23 | 000,017,091 | ---- | C] () -- C:\Users\COMPUTER\Desktop\ScreenHunter_01 May. 15 01.51.gif

[2013/05/15 00:21:30 | 002,998,339 | ---- | C] () -- C:\Users\COMPUTER\Desktop\Llora, me llama - Grupo Play [LETRA].mp3

[2013/05/14 21:03:02 | 1470,877,902 | ---- | C] () -- C:\Users\COMPUTER\Desktop\The Hobbit An Unexpected Journey {2012} DVDRIP. Jaybob.avi

[2013/01/22 19:41:12 | 000,121,052 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/10/03 05:34:44 | 000,007,432 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys

[2012/10/02 17:12:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/08/10 05:22:24 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2012/07/27 18:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/07/27 18:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/01/07 01:26:14 | 000,004,608 | ---- | C] () -- C:\Users\COMPUTER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/30 17:54:46 | 000,000,716 | ---- | C] () -- C:\Users\COMPUTER\AppData\Roaming\DesktopTrayClock.ini

[2011/10/30 17:43:26 | 000,000,553 | ---- | C] () -- C:\Users\COMPUTER\AppData\Roaming\FreeDesktopClock.ini

[2011/10/11 09:39:43 | 000,000,089 | ---- | C] () -- C:\Windows\ScreenHunter.INI

[2011/10/10 23:08:37 | 000,000,632 | RHS- | C] () -- C:\Users\COMPUTER\ntuser.pol

[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/07/30 11:24:16 | 004,429,199 | ---- | C] () -- C:\Users\COMPUTER\2 Pac Feat Outlaws -Troublesome 96'(1).mp3

[2011/04/21 18:20:00 | 000,112,640 | ---- | C] () -- C:\Users\COMPUTER\AppData\Roaming\chrtmp

[2011/04/07 19:36:32 | 000,035,916 | ---- | C] () -- C:\Users\COMPUTER\ScreenHunter_01 Apr. 07 19.36.gif

[2011/04/07 19:30:12 | 000,015,182 | ---- | C] () -- C:\Users\COMPUTER\CONNECTION ERROR.gif

[2011/04/04 16:28:47 | 005,221,663 | ---- | C] () -- C:\Users\COMPUTER\2pac-gangsters paradise5.mp3

[2011/03/11 14:05:49 | 000,018,065 | ---- | C] () -- C:\Users\COMPUTER\ScreenHunter_02 Mar. 11 13.05.gif

[2011/03/11 14:05:37 | 000,017,863 | ---- | C] () -- C:\Users\COMPUTER\ScreenHunter_01 Mar. 11 13.05.gif

[2011/03/09 17:32:37 | 000,068,997 | ---- | C] () -- C:\Users\COMPUTER\ScreenHunter_03 Mar. 09 16.32.gif

[2011/03/09 17:31:15 | 000,068,649 | ---- | C] () -- C:\Users\COMPUTER\ScreenHunter_02 Mar. 09 16.31.gif

[2011/03/09 17:27:20 | 000,017,976 | ---- | C] () -- C:\Users\COMPUTER\ScreenHunter_01 Mar. 09 16.27.gif

[2011/02/23 16:44:13 | 000,018,724 | ---- | C] () -- C:\Users\COMPUTER\rog clones.gif

[2011/02/23 15:36:12 | 000,018,181 | ---- | C] () -- C:\Users\COMPUTER\laker (2).gif

[2011/02/08 19:00:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/06/28 18:16:59 | 000,099,384 | ---- | C] () -- C:\Users\COMPUTER\AppData\Roaming\inst.exe

[2010/06/28 18:16:59 | 000,007,859 | ---- | C] () -- C:\Users\COMPUTER\AppData\Roaming\pcouffin.cat

[2010/06/28 18:16:59 | 000,001,167 | ---- | C] () -- C:\Users\COMPUTER\AppData\Roaming\pcouffin.inf

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

CyberHunter · June 9, 2013

OTL Extras logfile created on: 6/9/2013 1:04:45 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\COMPUTER\Desktop\SPYWARE LOGS

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.44 Gb Available Physical Memory | 73.98% Memory free

12.00 Gb Paging File | 10.13 Gb Available in Paging File | 84.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.66 Gb Total Space | 8.80 Gb Free Space | 1.89% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: COMPUTER | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{014091F2-4569-44B4-BEEB-03FF77B1AABD}" = rport=138 | protocol=17 | dir=out | app=system |

"{096D55BE-1D06-4EB3-9E4D-DF816E1F90C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{19C1CDC8-1216-40F5-A657-980E40DC3012}" = rport=137 | protocol=17 | dir=out | app=system |

"{1DA446EE-E3DE-4517-BF1D-43CA2450FC29}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |

"{217F2426-349C-4D16-A70D-03126B3EAB73}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2331C96A-BAFC-4C03-BD9B-D2E3F375147E}" = rport=139 | protocol=6 | dir=out | app=system |

"{23DA56D6-2336-4584-8277-34C1C05181FF}" = lport=3390 | protocol=6 | dir=in | app=system |

"{241A4E7C-E70E-40E8-9241-B19071D3E771}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{27632F8B-8911-402A-9566-14346F6E0D37}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |

"{2A586C47-CAA2-4FB2-9088-8D4C9FE57C47}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

"{2D656B63-1531-46A5-95B4-D994E8545C84}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{35C0053C-2081-42C8-A742-9C3363BE09A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{39B2C6F7-A9E3-4836-8A6E-B56E1CEFA31F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |

"{4E55E6EC-9BA3-4A9F-9605-A9B25E36218A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{55E742FE-00C5-4B94-A72A-BBE9195143D2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5C6E4C67-C56F-4D55-8782-BAEB44E88AC4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{5DE02A12-B8DC-428A-9393-77046754EF52}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{651AAE4B-7667-4214-A353-87DA2E3C5412}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{6CCD9D33-C990-4556-A6B3-CF9844745873}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{78AB2D25-61C6-4DCF-A6ED-115FCE59C551}" = lport=445 | protocol=6 | dir=in | app=system |

"{81A9BE80-2DFC-42CD-BF13-B89BFE4222E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{88CC08D3-8440-46C1-B7DB-D420C8A62761}" = lport=10244 | protocol=6 | dir=in | app=system |

"{9320199C-7BD6-4B3C-8EAA-CB60D00F07E5}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{95FB0553-90B2-43DC-81BE-80E6DB24A65C}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |

"{9C413B4F-7E5C-41DC-922E-0955526C5759}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{9EA5793F-0862-4B43-A1F6-80A9FCD270E2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{A4CF5D87-6634-40EB-919B-2CA0DCCF71AF}" = lport=10244 | protocol=6 | dir=in | app=system |

"{A7C3A96D-6B13-4142-BBA9-8E2DBBD61E58}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{A9761BB1-6699-4A85-A27A-D4F5A712909B}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{AB8D879F-5D98-42D6-BB95-D9A685E048E7}" = lport=139 | protocol=6 | dir=in | app=system |

"{BB298114-0D2C-43A4-8D97-5D778C007ADA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{BDC59AE3-B29D-4AC8-968A-DBEC77DE1697}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{BE7AAA34-14FC-4CBA-8880-8BDBFA0F7EEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{C07FFF1B-B4CD-451D-94BF-68CE59C38FC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{C8CF793A-48A6-43ED-BBC1-6DCC03DFCDCA}" = lport=3390 | protocol=6 | dir=in | app=system |

"{D60B1A43-9EFA-44A7-89F2-E5801C4C4892}" = lport=138 | protocol=17 | dir=in | app=system |

"{DC5C2A7D-6E12-4DE8-817E-FA60CB462A34}" = lport=137 | protocol=17 | dir=in | app=system |

"{E7EE15A6-700D-4042-A3EE-6CBE52D44211}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E9C1F5B6-7D51-422C-831C-953F40651E63}" = rport=445 | protocol=6 | dir=out | app=system |

"{EEC3E617-8F1D-4CF7-8DD8-D950811E5D72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{F023D570-0820-475F-889C-C2D609A64E06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{F817D013-52FE-45A7-9411-E645BCF9B8EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{F8C4D796-2752-42C0-B802-2AD466EB28D6}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

"{F9F12537-24EB-4FDB-9B78-EDCC47FD83E3}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |

"{FAAB718E-4000-40A3-A1DD-6EDDA004CF6F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{FCFCAEDE-7313-4202-9A8A-76AB850F4857}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00A86D89-F07A-4E4A-A18A-071F59BA04B0}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |

"{046F1621-62A8-42FC-8E0A-31A1580095C6}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |

"{084BBB2F-3607-49D9-9A4F-D35BD2769699}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{09CBAAAD-2D89-4954-A405-918E55B85DDC}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{1457C5E7-B302-403B-9420-D6FC34C8F31A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{1E5A85CA-7CE3-4A81-B81E-EFED0A6B5703}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{231CAC8B-7F6B-4F07-B445-8FB89A1DC2E8}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{2490FF51-24C4-428C-8862-4B1CAE242726}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |

"{2ABF96F2-3EE9-4673-9F06-F917A25666F2}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{2B0FC211-390D-45B1-9118-9431229AAFC8}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{32E3FA75-4314-4084-B042-581377E4826D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{32F0DF75-8521-45B9-8CEA-B0962650834C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |

"{369FB810-BFCA-4093-A180-F3EB92C96DFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{36A79AD1-F8AA-4BE2-9163-2196990B2902}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{370422ED-1283-4953-811C-1DB7984AA014}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{38FCBEA5-92D6-4E1E-871E-A2BF595A18F6}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{3BB91622-E682-4720-A145-457FE7669A2E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{3D5EADC3-1CB5-47F9-9DB3-DDC1797F872B}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |

"{40F08F88-B852-471E-AC7E-57799ADB413D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{43056852-5A15-4A1B-A523-7DD05FE9E4EC}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |

"{4BB20279-3D66-4EE9-AFD3-F2E345C32BDD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{4DE89F37-C4AB-4A57-B2B5-7C0D25F54677}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{4E8B4FE4-FC9F-42BA-9048-34ABCA0AAEB1}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |

"{50C36094-8EFD-4F83-90D0-0D56A002AC62}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{53BE2319-2AF1-4F1C-A2ED-CDA9E074A58B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{56E005C5-CD9B-4C00-9148-6FDA4A8F3666}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{584FD93A-C471-49EC-9E68-D889D4F1107F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{59A7F285-6F94-459A-BC65-B403EA42D7F3}" = protocol=6 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{5D09E3DA-FEC9-460D-87EB-6ED7FA4CB8B5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5DED55BF-A2EB-4FAD-A9F1-42A33D706F6B}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{648F4FAD-48DD-4C92-8AA2-CF7CF50B9275}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{7F4F1BB5-6309-484F-98A2-DDDF172674AA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{839E5099-89C1-45CA-9823-9C55DF27FCF8}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{859497D8-8681-40E1-BDD1-B581F78DFBFB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{865019E4-F296-45CE-94D2-50D1F8BB3B39}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8EF27A89-3C10-4FD9-9B3B-03A64BCC9429}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |

"{93C7A63F-E0CB-49A4-89B3-F47BE3CCB604}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |

"{9A5DC597-F565-4CA2-ACDB-587689FAEA30}" = protocol=6 | dir=out | app=c:\windows\ehome\mcrmgr.exe |

"{9AAD7ABE-52D8-4A36-A002-89BD20CCDEE1}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{9E0BDB62-656D-4C75-8BB6-516DFC8DD3A4}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{9E0E71E7-FAFD-43AB-9EE9-E6371A8C13E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AA024062-EA78-4D2C-B57B-B59BAF626F3A}" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |

"{AACAB8B4-577F-40FD-A275-8502509A09FA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |

"{C8B66352-2453-4E64-A82A-A41F2D92378E}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |

"{CA2DC483-1BBB-44D6-A808-CB2E3CE98129}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe |

"{CD028A4F-5612-4A0B-ADB8-AFA43EAF0B4F}" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |

"{D04FF77C-0DDF-4C63-9754-50F8407788AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{D5958A31-0036-4FCC-974D-B41E7986397E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |

"{DCB9E092-E199-4B66-A634-4B28B2B3903E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{DD5028E1-9015-49E7-99A9-DB86545B8B33}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{E142888B-9682-4661-8090-CD73C69BCA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |

"{E5C65E5C-0729-454F-92BC-B2439D725B42}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{ECEBDC2E-734F-447A-9B1B-22B0AD797733}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\rtl8187 wireless lan utility\rtwlan.exe |

"{F9179F79-E07A-401C-956A-77798C21327F}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"TCP Query User{6D500F88-A921-4EC5-A965-744127A1586C}C:\program files (x86)\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |

"TCP Query User{A5EA94BB-CE16-484C-87F0-DE729C1BA888}C:\program files (x86)\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |

"TCP Query User{F3EB12CB-AA45-4DCA-BF6B-9CA152B565EF}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |

"TCP Query User{FB281739-3596-49E2-9821-EDF848AB1A9C}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |

"UDP Query User{618B0A2C-BD89-4057-AD95-6ADC5B4BEFE7}C:\program files (x86)\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tixati\tixati.exe |

"UDP Query User{724CDF2F-9E02-4514-B2AB-D451AAFCB14A}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)

"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)

"{2CF5323E-8999-FD18-114C-82278D81A7B0}" = AMD Drag and Drop Transcoding

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{506DB9B0-4372-4C70-36AA-3AF7274F5CAB}" = ATI Problem Report Wizard

"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)

"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)

"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64914CE9-CBF8-6475-E025-826938D7D7D7}" = ATI AVIVO64 Codecs

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)

"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)

"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)

"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune

"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64

"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)

"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2DAB009-8236-48A0-AD7F-E940F5AB1578}" = HP Photosmart Plus B209a-m All-in-One Driver 14.0 Rel. 6

"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)

"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"WinRAR archiver" = WinRAR archiver

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French

"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software

"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK

"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish

"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish

"{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian

"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian

"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai

"{5F05C28D-DEA9-4AD6-A73A-064175988EAB}" = Search Settings v1.2.3

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center

"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek

"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian

"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{914A8694-9CDC-1F8E-4D21-D1013CDB04CD}" = HydraVision

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1

"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B2B123D3-E780-4EB0-B540-18F5FCC6EFE9}_is1" = ISO Image Burner 1.1

"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer

"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean

"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CDC8DBA8-37FF-4C82-84FF-DEBEDF93BEC4}" = PS_AIO_06_B209a-m_SW_Min

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common

"{D6174060-52D9-4886-8DBF-4EBF7C1CBCAA}" = MSRedx64

"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional

"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link RangeBooster N DWA-140

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All

"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian

"{EFB3F069-188B-1FF2-2442-DC59EEC559D5}" = CCC Help German

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish

"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Any Video Converter 5_is1" = Any Video Converter 5 5.0.4

"CamStudio" = CamStudio

"Combat Arms" = Combat Arms

"DivX Setup" = DivX Setup

"DVDCover+_is1" = DVDCover+ 2.0

"Google Chrome" = Google Chrome

"Media Player - Codec Pack" = Media Player Codec Pack 3.9.6

"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)

"nfsDigitalClock01 New Free Screensaver_is1" = NewFreeScreensaver nfsDigitalClock01

"NIS" = Norton Internet Security

"Photodex Presenter" = Photodex Presenter

"ProShow Gold" = ProShow Gold

"Revo Uninstaller" = Revo Uninstaller 1.94

"ShortKeys Lite" = ShortKeys Lite

"VLC media player" = VLC media player 2.0.6

"WinLiveSuite" = Windows Live Essentials

"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free

"Yahoo! Messenger" = Yahoo! Messenger

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/9/2013 5:19:27 AM | Computer Name = COMPUTER-PC | Source = ESENT | ID = 455

Description = Windows (3404) Windows: Error -1811 occurred while opening logfile

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001F4.log.

Error - 6/9/2013 5:19:27 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 9000

Description =

Error - 6/9/2013 5:19:27 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 7040

Description =

Error - 6/9/2013 5:19:27 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 7042

Description =

Error - 6/9/2013 5:19:27 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 9002

Description =

Error - 6/9/2013 5:19:28 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 3029

Description =

Error - 6/9/2013 5:19:29 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 3029

Description =

Error - 6/9/2013 5:19:29 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 6/9/2013 5:19:29 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 6/9/2013 5:19:29 AM | Computer Name = COMPUTER-PC | Source = Windows Search Service | ID = 7010

Description =

[ System Events ]

Error - 6/9/2013 5:19:30 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Search service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 30000 milliseconds:

Restart the service.

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = DCOM | ID = 10005

Description =

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Search service to connect.

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Search service to connect.

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Search service to connect.

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

Search service to connect.

Error - 6/9/2013 5:19:39 AM | Computer Name = COMPUTER-PC | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

%%1053

< End of report >

Starbuck · June 10, 2013

Hi CyberHunter

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 8.80 Gb Free Space | 1.89% Space Free | Partition Type: NTFS

Windows needs a minimum of about 18% Free Space to operate properly.

You really need to free up some space from the system or Windows will just crawl along and will start to throw up all kinds of errors.

Try clearing out some of the old films..... they will take up a lot of space. (or move them to an external storage if you have one)

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKCU..\Run: [Facebook Update] "C:\Users\COMPUTER\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [Google Update] "C:\Users\COMPUTER\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [skinClock] C:\Users\COMPUTER\Desktop\DTClock.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/06/05 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/05 12:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SkinClock - hkey= - key= -  File not found
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

Return to OTL,
right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
Click the red Run Fix button.

http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
OTL will reboot your system once the fix has completed.
After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

Step 2

Because of the 'Extras' that the original malware can bring with it, we need to run a more indepth scan now.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please submit:

Otl fix report

Combofix.txt

How is the system running now?

Thanks.

CyberHunter · June 10, 2013

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkinClock deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.

C:\ProgramData\Spybot - Search & Destroy folder moved successfully.

C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Facebook Update\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Google Update\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SkinClock\ not found.

ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\COMPUTER\Desktop\SPYWARE LOGS\cmd.bat deleted successfully.

C:\Users\COMPUTER\Desktop\SPYWARE LOGS\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: COMPUTER

->Temp folder emptied: 1253908 bytes

->Temporary Internet Files folder emptied: 5116288 bytes

->Java cache emptied: 5143468 bytes

->FireFox cache emptied: 19324458 bytes

->Google Chrome cache emptied: 38888171 bytes

->Flash cache emptied: 506 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 134 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Jenny

->Temp folder emptied: 43981736 bytes

->Temporary Internet Files folder emptied: 289516628 bytes

->Java cache emptied: 292968 bytes

->FireFox cache emptied: 47421743 bytes

->Google Chrome cache emptied: 280145124 bytes

->Flash cache emptied: 6687 bytes

User: Kevin

->Temp folder emptied: 2149 bytes

->Temporary Internet Files folder emptied: 36710930 bytes

->Java cache emptied: 88605 bytes

->FireFox cache emptied: 64001801 bytes

->Google Chrome cache emptied: 242893788 bytes

->Flash cache emptied: 523 bytes

User: Marcela

->Temp folder emptied: 395981532 bytes

->Temporary Internet Files folder emptied: 267665903 bytes

->Java cache emptied: 50118 bytes

->FireFox cache emptied: 48302157 bytes

->Google Chrome cache emptied: 248177386 bytes

->Flash cache emptied: 10789 bytes

User: Mcx1-COMPUTER-PC

->Temp folder emptied: 516 bytes

->Temporary Internet Files folder emptied: 628111 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 820793 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12048 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67758 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,942.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 06102013_141223

Files\Folders moved on Reboot...

C:\Users\COMPUTER\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\COMPUTER\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

CyberHunter · June 10, 2013

ComboFix 13-06-08.02 - COMPUTER 06/10/2013 15:27:12.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4085 [GMT -7:00]

Running from: c:\users\COMPUTER\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe

c:\programdata\1370551595.bdinstall.bin

c:\programdata\1370551800.bdinstall.bin

c:\programdata\1370551803.bdinstall.bin

c:\programdata\1370551965.bdinstall.bin

c:\programdata\1370551967.bdinstall.bin

c:\programdata\1370634777.bdinstall.bin

c:\programdata\1370639613.bdinstall.bin

c:\programdata\1370639802.bdinstall.bin

c:\programdata\1370666820.bdinstall.bin

.

((((((((((((((((((((((((( Files Created from 2013-05-10 to 2013-06-10 )))))))))))))))))))))))))))))))

.

2013-06-10 22:33 . 2013-06-10 22:33 -------- d-----w- c:\users\Mcx1-COMPUTER-PC\AppData\Local\temp

2013-06-10 22:33 . 2013-06-10 22:33 -------- d-----w- c:\users\Marcela\AppData\Local\temp

2013-06-10 22:33 . 2013-06-10 22:33 -------- d-----w- c:\users\Kevin\AppData\Local\temp

2013-06-10 22:33 . 2013-06-10 22:33 -------- d-----w- c:\users\Jenny\AppData\Local\temp

2013-06-10 22:33 . 2013-06-10 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-10 21:12 . 2013-06-10 21:12 -------- d-----w- C:\_OTL

2013-06-09 19:57 . 2013-06-09 19:57 971680 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-09 19:57 . 2013-06-09 19:57 311200 ----a-w- c:\windows\system32\javaws.exe

2013-06-09 19:57 . 2013-06-09 19:57 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-06-09 19:57 . 2013-06-09 19:57 188832 ----a-w- c:\windows\system32\javaw.exe

2013-06-09 19:57 . 2013-06-09 19:57 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-06-09 19:57 . 2013-06-09 19:57 188320 ----a-w- c:\windows\system32\java.exe

2013-06-09 19:57 . 2013-06-09 19:57 -------- d-----w- c:\program files\Java

2013-06-08 23:40 . 2013-06-08 23:40 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2013-06-08 23:40 . 2013-06-08 23:40 -------- d-----w- c:\program files\Symantec

2013-06-08 23:40 . 2013-06-08 23:40 -------- d-----w- c:\program files\Common Files\Symantec Shared

2013-06-08 23:39 . 2013-06-08 23:39 -------- d-----w- c:\windows\system32\drivers\NISx64

2013-06-08 23:39 . 2013-06-08 23:39 -------- d-----w- c:\program files (x86)\Norton Internet Security

2013-06-08 20:28 . 2013-06-08 20:28 -------- d-----w- c:\windows\ERUNT

2013-06-08 20:27 . 2013-06-08 20:28 -------- d-----w- C:\JRT

2013-06-08 15:01 . 2013-05-14 08:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4DB84FD3-3F9A-4D4F-A0D5-0C93AE04432D}\mpengine.dll

2013-06-08 02:02 . 2013-06-08 02:44 -------- d-----w- c:\users\Kevin\AppData\Roaming\Bitdefender

2013-06-07 21:32 . 2013-06-07 21:32 -------- d-----w- c:\users\COMPUTER\AppData\Local\yahoo.venom

2013-06-07 21:22 . 2013-06-07 21:29 -------- d-----w- c:\programdata\BDLogging

2013-06-07 21:21 . 2007-04-11 18:11 511328 ----a-w- c:\windows\capicom.dll

2013-06-07 19:56 . 2013-06-08 04:49 -------- d-----w- c:\program files\Bitdefender

2013-06-07 19:53 . 2013-06-07 19:53 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\QuickScan

2013-06-07 19:39 . 2013-06-08 04:47 -------- d-----w- c:\program files\Common Files\Bitdefender

2013-06-07 10:43 . 2013-06-07 10:43 -------- d-----w- c:\programdata\Licenses

2013-06-07 08:32 . 2013-06-07 08:34 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\AbiSuite

2013-06-07 05:31 . 2013-06-07 05:31 51496 ----a-w- c:\windows\system32\drivers\stflt.sys

2013-06-07 01:13 . 2013-06-07 01:14 -------- d-----w- c:\users\Jenny\AppData\Local\adawarebp

2013-06-07 01:13 . 2013-06-07 01:13 -------- d-----w- c:\users\Jenny\AppData\Roaming\Ad-Aware Antivirus

2013-06-07 00:49 . 2013-06-07 00:49 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\LavasoftStatistics

2013-06-07 00:45 . 2013-06-07 00:45 -------- d-----w- c:\programdata\Downloaded Installations

2013-06-07 00:45 . 2013-06-07 00:45 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2013-06-07 00:44 . 2013-06-07 00:44 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-06-06 19:27 . 2013-06-06 19:27 -------- d-----w- c:\program files (x86)\Enigma Software Group

2013-06-06 19:27 . 2013-06-06 19:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-06-06 19:19 . 2013-06-06 19:25 3021720 ----a-w- c:\users\COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter4.exe

2013-06-06 06:11 . 2013-06-06 06:11 -------- d-----w- c:\users\Jenny\AppData\Roaming\Malwarebytes

2013-06-06 06:10 . 2013-06-06 06:10 -------- d-----w- c:\users\Jenny\AppData\Local\VirtualStore

2013-06-06 05:59 . 2013-06-06 05:59 -------- d-----w- c:\users\Kevin\AppData\Local\VirtualStore

2013-06-06 00:16 . 2013-06-06 00:26 -------- d-----w- c:\programdata\HitmanPro

2013-06-05 09:11 . 2013-06-05 09:11 -------- d-----w- c:\program files (x86)\Trend Micro

2013-06-02 00:52 . 2013-06-02 02:28 -------- d-----w- c:\programdata\xml_param

2013-06-02 00:13 . 2013-06-02 00:13 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\Wondershare Video Converter Ultimate

2013-06-02 00:05 . 2013-06-02 00:05 -------- d-----w- c:\program files\Common Files\Wondershare

2013-06-02 00:05 . 2012-09-07 01:40 727952 ----a-w- c:\windows\SysWow64\WSCM64.dll

2013-06-02 00:05 . 2013-06-02 02:30 -------- d-----w- c:\programdata\Wondershare Video Converter Ultimate

2013-05-31 06:49 . 2013-06-06 00:25 -------- d-----w- c:\users\Kevin\AppData\Local\Bugsplat

2013-05-28 22:38 . 2013-05-29 03:58 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\.minecraft

2013-05-25 05:10 . 2013-05-25 05:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-05-23 06:17 . 2013-05-23 06:17 -------- d-----w- c:\users\Jenny\AppData\Roaming\Photodex

2013-05-23 05:55 . 2013-05-23 05:55 -------- d-----w- c:\program files (x86)\Photodex Presenter

2013-05-23 05:55 . 2013-05-23 05:55 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\Netscape

2013-05-23 05:55 . 2013-05-23 05:55 -------- d-----w- c:\program files (x86)\Photodex

2013-05-23 05:54 . 2013-05-23 05:55 -------- d-----w- c:\programdata\Photodex

2013-05-23 05:54 . 2013-05-23 05:54 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\Photodex

2013-05-21 02:23 . 2013-05-21 02:23 -------- d-----r- c:\users\Jenny\Podcasts

2013-05-15 01:31 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-14 01:34 . 2013-05-14 01:34 -------- d-----w- c:\users\COMPUTER\ClipConverter

2013-05-14 01:33 . 2013-05-14 01:34 -------- d-----w- c:\users\COMPUTER\AppData\Roaming\Lunaweb

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-15 02:24 . 2011-07-27 00:23 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-09 03:48 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 09:06 . 2010-06-22 03:22 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-01 23:33 . 2013-05-04 07:23 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-04-13 05:49 . 2013-05-15 01:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 01:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 01:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 01:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 01:31 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 01:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 18:26 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-27 03:16 . 2013-03-27 03:16 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-27 03:16 . 2013-03-27 03:16 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-27 03:16 . 2013-03-27 03:16 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-27 03:16 . 2013-03-27 03:16 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-27 03:16 . 2013-03-27 03:16 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-27 03:16 . 2013-03-27 03:16 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-27 03:16 . 2013-03-27 03:16 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-27 03:16 . 2013-03-27 03:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-27 03:16 . 2013-03-27 03:16 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-27 03:16 . 2013-03-27 03:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-27 03:16 . 2013-03-27 03:16 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-27 03:16 . 2013-03-27 03:16 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-27 03:16 . 2013-03-27 03:16 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-27 03:16 . 2013-03-27 03:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-27 03:16 . 2013-03-27 03:16 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-27 03:16 . 2013-03-27 03:16 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-27 03:16 . 2013-03-27 03:16 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-27 03:16 . 2013-03-27 03:16 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-27 03:16 . 2013-03-27 03:16 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-27 03:16 . 2013-03-27 03:16 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-27 03:16 . 2013-03-27 03:16 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-27 03:16 . 2013-03-27 03:16 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-27 03:16 . 2013-03-27 03:16 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-27 03:16 . 2013-03-27 03:16 441856 ----a-w- c:\windows\system32\html.iec

2013-03-27 03:16 . 2013-03-27 03:16 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-27 03:16 . 2013-03-27 03:16 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-27 03:16 . 2013-03-27 03:16 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-27 03:16 . 2013-03-27 03:16 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-27 03:16 . 2013-03-27 03:16 235008 ----a-w- c:\windows\system32\url.dll

2013-03-27 03:16 . 2013-03-27 03:16 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-27 03:16 . 2013-03-27 03:16 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-27 03:16 . 2013-03-27 03:16 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-27 03:16 . 2013-03-27 03:16 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-27 03:16 . 2013-03-27 03:16 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-27 03:16 . 2013-03-27 03:16 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-27 03:16 . 2013-03-27 03:16 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-27 03:16 . 2013-03-27 03:16 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-27 03:16 . 2013-03-27 03:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-27 03:16 . 2013-03-27 03:16 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-27 03:16 . 2013-03-27 03:16 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-27 03:16 . 2013-03-27 03:16 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-27 03:16 . 2013-03-27 03:16 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-27 03:16 . 2013-03-27 03:16 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-27 03:16 . 2013-03-27 03:16 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-27 03:16 . 2013-03-27 03:16 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-27 03:16 . 2013-03-27 03:16 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-27 03:16 . 2013-03-27 03:16 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-27 03:16 . 2013-03-27 03:16 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-27 03:16 . 2013-03-27 03:16 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-27 03:15 . 2013-03-27 03:15 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-03-27 03:15 . 2013-03-27 03:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-03-27 03:15 . 2013-03-27 03:15 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-03-27 03:15 . 2013-03-27 03:15 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-03-27 03:15 . 2013-03-27 03:15 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-03-27 03:15 . 2013-03-27 03:15 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-03-27 03:15 . 2013-03-27 03:15 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-03-27 03:15 . 2013-03-27 03:15 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-03-27 03:15 . 2013-03-27 03:15 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-03-27 03:15 . 2013-03-27 03:15 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-03-27 03:15 . 2013-03-27 03:15 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-03-27 03:15 . 2013-03-27 03:15 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-03-27 03:15 . 2013-03-27 03:15 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-03-27 03:15 . 2013-03-27 03:15 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-03-27 03:15 . 2013-03-27 03:15 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-03-27 03:15 . 2013-03-27 03:15 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-03-27 03:15 . 2013-03-27 03:15 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-03-27 03:15 . 2013-03-27 03:15 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-03-27 03:15 . 2013-03-27 03:15 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-03-27 03:15 . 2013-03-27 03:15 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-03-27 03:15 . 2013-03-27 03:15 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-03-27 03:15 . 2013-03-27 03:15 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-03-27 03:15 . 2013-03-27 03:15 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-02-10 393216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2009-03-03 694824]

"DT HPW"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2009-10-06 86016]

"D-Link D-Link RangeBooster N DWA-140"="c:\program files (x86)\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]

"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]

.

c:\users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]

.

c:\users\COMPUTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1401000.018\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1401000.018\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1401000.018\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1401000.018\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1401000.018\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1401000.018\ccSetx64.sys [x]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130607.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130607.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1401000.018\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1401000.018\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1401000.018\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1401000.018\SYMNETS.SYS [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe [x]

S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]

S2 Realtek87B;Realtek87B;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe;c:\program files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-05 04:40 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1302321551-618078555-2556507216-1001Core.job

- c:\users\Marcela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-28 03:30]

.

2013-06-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1302321551-618078555-2556507216-1001UA.job

- c:\users\Marcela\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-28 03:30]

.

2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbffcde443ddcb.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-05 03:14]

.

2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-05 03:14]

.

2013-05-21 c:\windows\Tasks\HPCeeScheduleForCOMPUTER.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 363544]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 385560]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\lxhpeyqt.default\

FF - ExtSQL: 2013-06-07 14:34; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\COMPUTER\AppData\Roaming\Mozilla\Firefox\Profiles\lxhpeyqt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-06-08 16:40; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn

FF - ExtSQL: 2013-06-08 16:40; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.1.0.24\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1302321551-618078555-2556507216-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1302321551-618078555-2556507216-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&98671ce&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Device Parameters\MODES]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\4&98671ce&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A2\5&1a739caa&0&UID512\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

Completion time: 2013-06-10 15:35:58

ComboFix-quarantined-files.txt 2013-06-10 22:35

.

Pre-Run: 11,058,446,336 bytes free

Post-Run: 10,410,778,624 bytes free

.

- - End Of File - - 800F9F2AB01E98DF20011D01D850D8C5

A36C5E4F47E84449FF07ED3517B43A31

CyberHunter · June 10, 2013

Hi CyberHunter

How is the system running now?

Thanks.

I've ran almost every very well known AV's Internet Security Softwares, Norton, Bitdenfender, Kaspersky, MalwareBytes and other ones. Mostly it was only detecting " Tracking Cookies " as threats? I am not sure if its a bad thing or not. I suspect its a hijack browser thing or an extention/add on that's doing it? I deleted an unknown extension from Chrome " default ".

Starbuck · June 11, 2013

Hi CyberHunter

I've ran almost every very well known AV's Internet Security Softwares, Norton, Bitdenfender, Kaspersky, MalwareBytes and other ones

Yes i had noticed from the reports.

To be honest, this doesn't help.

Installing one AV when another is already installed will only cause system problems and conflicts between the AV's .... so you won't get a proper report from them.

If the reports i ask for keep changing it only confuses the issue.

Mostly it was only detecting " Tracking Cookies " as threats? I am not sure if its a bad thing or not.

It helps if you are aware of what 'Cookies' and 'Tracking Cookies' are and how they differ.

A cookie is a small file stored on your computer by a web browser, that contains information about your visit to a specific website. It might hold details about when you last viewed the website, your viewing preferences, or products you recently clicked on.

It may also record your IP address, the time of your visit and the browser you use. Cookies are harmless, since they are no more than a text file, and without them some aspects of the web, such as shopping carts, would not work properly.

Tracking cookies are slightly different. These are cookies placed on your computer by a website affiliated with the one you visit, and are sometimes called third-party cookies. Often this is a company that provides adverts for multiple websites, such as Doubleclick.

These companies’ websites can use tracking cookies to build up a picture of your web surfing habits. It cannot track every site you visit, only those that carry that company’s adverts.

While some people see this as an invasion of privacy, these cookies are not the same as other malicious software, and cannot infect your PC. Don’t worry about them too much, as they are used in a lot of places and, after visiting a number of websites, it’s almost inevitable a few will end up on your PC. But it doesn’t hurt to remove them if you wish.

You can set your browser to not accept 3rd party cookies, this will stop most of the tracking cookies.

I suspect its a hijack browser thing or an extention/add on that's doing it?

Doing what?

Do you mean.... adding the Tracking Cookies?

If so, my explanation on Cookies will explain how the Tracking Cookies get there.

Are you still getting redirected to Sureonlinefind.com?

CyberHunter · June 11, 2013

Hi CyberHunter

Yes i had noticed from the reports.
To be honest, this doesn't help.
Installing one AV when another is already installed will only cause system problems and conflicts between the AV's .... so you won't get a proper report from them.
If the reports i ask for keep changing it only confuses the issue.

It helps if you are aware of what 'Cookies' and 'Tracking Cookies' are and how they differ.

A cookie is a small file stored on your computer by a web browser, that contains information about your visit to a specific website. It might hold details about when you last viewed the website, your viewing preferences, or products you recently clicked on.

It may also record your IP address, the time of your visit and the browser you use. Cookies are harmless, since they are no more than a text file, and without them some aspects of the web, such as shopping carts, would not work properly.

Tracking cookies are slightly different. These are cookies placed on your computer by a website affiliated with the one you visit, and are sometimes called third-party cookies. Often this is a company that provides adverts for multiple websites, such as Doubleclick.

These companies’ websites can use tracking cookies to build up a picture of your web surfing habits. It cannot track every site you visit, only those that carry that company’s adverts.

While some people see this as an invasion of privacy, these cookies are not the same as other malicious software, and cannot infect your PC. Don’t worry about them too much, as they are used in a lot of places and, after visiting a number of websites, it’s almost inevitable a few will end up on your PC. But it doesn’t hurt to remove them if you wish.

You can set your browser to not accept 3rd party cookies, this will stop most of the tracking cookies.

Thanks for explaining the differences of Cookies. :cool:

CyberHunter · June 11, 2013

Hi CyberHunter

Doing what?
Do you mean.... adding the Tracking Cookies?
If so, my explanation on Cookies will explain how the Tracking Cookies get there.

Are you still getting redirected to Sureonlinefind.com?

I said this because I was getting annoyed with the AD from Sureonlinefind.com and other AD sites, I agree I could've caused damage to my computer but I only was testing out which AV's dected threats. As for a " Browser Hijack ", one of the Malware Programs I ran detected a " BabyLon Toolbar " plus I was suspicious of a Chrome Add-on, it had no name so I deleted it. To answer your question It seems its gone, (In my User Profile), My Computer is a Family type with 4 User Profiles. My brother says he still sees " Sureonlinefind.com " ...

Starbuck · June 11, 2013

Hi CyberHunter

My Computer is a Family type with 4 User Profiles. My brother says he still sees " Sureonlinefind.com " ...

If your brothers user account is set as an 'Administrator' account, get him to run the Junkware Removal Tool on his account.

See if that gets rid of it. (sometimes each user account has to be cleaned separately)

Note:

Remove the version already on the system and download a fresh copy.... as the tool is updated frequently

As a piece of information.. to determine if a browser is effected by any addons, they can be run with addons disabled.

This will give you a good indication.

Internet Explorer:

Click Start >>All Programs >> Accessories >> System Tools >> Internet Explorer (No Addons)

Firefox:

Open Firefox, then click on the Help tab and select: Restart with Addons disabled

Edited June 11, 2013 by Starbuck

CyberHunter · June 14, 2013

I had to wait for them to get back and I managed to run a SCAN, on every UserAccount, this messaged showed up first ..

http://i41.tinypic.com/maicdt.gif

I don't know if its normal or not...here are the 3Logs ...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Jenny on Thu 06/13/2013 at 15:46:09.81

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\simplitec"

Successfully deleted: [Folder] "C:\Users\Jenny\AppData\Roaming\simplitec"

Successfully deleted: [Folder] "C:\Users\Jenny\appdata\local\adawarebp"

Successfully deleted: [Folder] "C:\Users\Jenny\appdata\locallow\vshare"

Failed to delete: [Folder] "C:\Program Files (x86)\simplitec"

~~~ FireFox

Successfully deleted: [File] C:\Users\Jenny\AppData\Roaming\mozilla\firefox\profiles\ktp7q82g.default\extensions\scxtshcomr@scxtshcomr.org.xpi [Tracur]

~~~ Chrome

Dumping contents of C:\Users\Jenny\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\Jenny\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg

C:\Users\Jenny\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\background.js

C:\Users\Jenny\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\ContentScript.js

C:\Users\Jenny\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\manifest.json

Successfully deleted: [Folder] C:\Users\Jenny\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 06/13/2013 at 15:50:22.36

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited June 14, 2013 by CyberHunter

CyberHunter · June 14, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Kevin on Thu 06/13/2013 at 17:50:26.88

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\simplitec"

Successfully deleted: [Folder] "C:\Users\Kevin\AppData\Roaming\simplitec"

Successfully deleted: [Folder] "C:\Users\Kevin\appdata\locallow\vshare"

Failed to delete: [Folder] "C:\Program Files (x86)\simplitec"

~~~ FireFox

Successfully deleted: [File] C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\16mpywb9.default\extensions\scxtshcomr@scxtshcomr.org.xpi [Tracur]

Emptied folder: C:\Users\Kevin\AppData\Roaming\mozilla\firefox\profiles\16mpywb9.default\minidumps [30 files]

~~~ Chrome

Dumping contents of C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Default

C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg

C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\background.js

C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\ContentScript.js

C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Default\aaaaaddbdgggdjdidfgbdggfgfgegegg\manifest.json

Successfully deleted: [Folder] C:\Users\Kevin\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 06/13/2013 at 17:54:51.47

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CyberHunter · June 14, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Marcela on Thu 06/13/2013 at 21:25:43.38

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\simplitec"

Successfully deleted: [Folder] "C:\Users\Marcela\AppData\Roaming\simplitec"

Successfully deleted: [Folder] "C:\Users\Marcela\appdata\locallow\vshare"

Failed to delete: [Folder] "C:\Program Files (x86)\simplitec"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 06/13/2013 at 21:29:50.96

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Starbuck · June 14, 2013

Hi CyberHunter

this messaged showed up first ..

Need not worry about that.

How are the other user accounts now, problem gone?

CyberHunter · June 14, 2013

It seems like its gone, I hope! ...

1 more Question, I know there's no best AntiVirus/Malware programs. But in your opinion which ( Free ) and ( Paid ) AV's+FireWall , do you recommend?

Thank you for your help & time.

Edited June 14, 2013 by CyberHunter

Starbuck · June 16, 2013

Hi CyberHunter

It seems like its gone

That's good to hear.

I know there's no best AntiVirus/Malware programs. But in your opinion which ( Free ) and ( Paid ) AV's+FireWall , do you recommend?

Like you say there's not really a best in this.

No software program is going to see and stop everything.

They all miss things occasionally.

AntiVirus: Free

Avira AntiVir ... see note* ....installation guide Here
Avast free
MS Security Essentials ... see note** ... installation guide Here

Note*:

Avira has been known to include the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

Note**:

Upon installation MS Security Essentials will check that your OS is a legal copy.

AntiVirus: Paid

Kaspersky Internet Security

Avira Antivirus Premium

Firewall

Online Armor Free
ZoneAlarm ...Important note below

NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

Both these Firewalls have free and Paid versions available.

Please remember that i haven't tried all the software programs available, so can only advise on what i have tried.

CyberHunter · June 17, 2013

Thank you very much, for donations do I donate to you Mr Sarbuck or Site? Not sure how it works.

RandyL · June 17, 2013

Hi CyberHunter.

I see you're online so I will answer for Starbuck. Donations go to the owner of the site to offset some of the costs to keep us up and running. If you do choose to donate just use the Donate link and the owner will get it.

We appreciate the help to keep us running. We always move donators to a special group and change the username to green to show our appreciation.

Best of luck.

Sign In

Log Analysis..

Recommended Posts

CyberHunter

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Starbuck

CyberHunter

CyberHunter

Starbuck

CyberHunter

Starbuck

CyberHunter

CyberHunter

Starbuck

CyberHunter

CyberHunter

CyberHunter

Starbuck

CyberHunter

CyberHunter

Starbuck

CyberHunter

CyberHunter

CyberHunter

Starbuck

CyberHunter

Starbuck

CyberHunter

RandyL

Join the conversation

Browse

Activity

Site Info