Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible infection. [Solved]

Started by UpTheCreek , Jul 03 2012 11:19 PM

  • This topic is locked This topic is locked

#1
UpTheCreek
Posted 03 July 2012 - 11:19 PM

UpTheCreek

    Member

  • Member
  • PipPip
  • 20 posts
I opened my browser to login to chatango chat room and had just loaded an m3u in JetAudio. After I tried to login to chatango I was confronted with an Adobe flash player update that wouldn't go away. Then I had windows popping up for a fake virus scan from Live Security Platinum which I tried closing by clicking the x and then it asked if I wanted to continue unprotected. At this time the malware or whatever had completely shut down most of my processes. I had a firewall security message asking if I wanted to allow explorer.exe to connect locally or privately to which I just clicked cancel. I was unable to run anything but explorer. I tried my shortcuts for programs, I tried ctrl shift esc, ctrl alt delete, tried regedit, nothing would load. I was asked if I wanted to allow these programs to run and I said yes but they'd just disappear. I've since booted to safe mode, run registryfix.reg, rkill, malware bytes (several times now), EmsisoftEmergencyKit and a couple of anti-rootkits. I've looked through my startup in msconfig and have come across paomf.exe in Appdata\Roaming\Ahma which I've since deleted while in safemode after disabling everything in my startup, I also deleted mshnf.dll that was in Roaming. For awhile now I've been able to run everything but a browswer because when I've tried to load certain pages it would redirect to a Norton Anti-virus webpage or Hotmail login. Since deleting those files I'm able to browse but I would still like to make absolutely certain I've found every trace of it.

Here is the log you requested.

OTL logfile created on: 7/3/2012 9:50:01 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\yardape\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.26 Gb Available Physical Memory | 78.24% Memory free
16.00 Gb Paging File | 14.01 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.98 Gb Total Space | 283.96 Gb Free Space | 30.93% Space Free | Partition Type: NTFS
Drive D: | 13.44 Gb Total Space | 1.65 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 717.46 Gb Free Space | 77.02% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 13.71 Gb Free Space | 0.74% Space Free | Partition Type: NTFS
Drive I: | 7.42 Gb Total Space | 5.54 Gb Free Space | 74.64% Space Free | Partition Type: NTFS
Drive N: | 14.53 Gb Total Space | 14.44 Gb Free Space | 99.38% Space Free | Partition Type: NTFS
Drive R: | 1863.01 Gb Total Space | 493.90 Gb Free Space | 26.51% Space Free | Partition Type: NTFS

Computer Name: YARDAPE-HP | User Name: yardape | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/03 21:49:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\yardape\Downloads\OTL.exe
PRC - [2012/03/12 15:46:20 | 000,108,136 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/03/03 22:38:38 | 001,592,160 | ---- | M] () -- C:\Users\yardape\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/19 04:47:20 | 002,698,624 | ---- | M] (TeamViewer GmbH) -- c:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012/01/19 04:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 04:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/01/16 03:04:46 | 001,007,472 | ---- | M] () -- C:\Users\yardape\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/08/20 18:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 09:19:37 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/06/15 21:17:34 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 08:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/16 03:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\yardape\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/08/20 18:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 19:06:17 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 10:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\72B0.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/25 20:39:00 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\prwntdrv.sys -- (prwntdrv)
DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/11 07:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/06/30 22:24:56 | 002,143,600 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX6000Xp.sys -- (VX6000)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/07/04 00:22:50 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\yardape\Downloads\Programs\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/08/25 20:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\prwntdrv.sys -- (prwntdrv)
DRV - [2010/07/01 10:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Users\yardape\Downloads\Programs\unlocker1.9.0-portable\x64\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "109.123.111.99 "
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "109.123.111.99 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "109.123.111.99 "
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "109.123.111.99 "
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\yardape\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\yardape\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/26 19:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 19:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/03/12 15:47:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{48037356-C557-11E1-8270-B8AC6F996F26}: C:\Users\yardape\AppData\Local\{48037356-C557-11E1-8270-B8AC6F996F26}\ [2012/07/03 14:37:18 | 000,000,000 | ---D | M]

[2012/02/04 16:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yardape\AppData\Roaming\Mozilla\Extensions
[2012/07/03 13:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yardape\AppData\Roaming\Mozilla\Firefox\Profiles\ux6n7ldt.default\extensions
[2012/07/03 13:23:49 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\yardape\AppData\Roaming\Mozilla\Firefox\Profiles\ux6n7ldt.default\extensions\[email protected]
[2012/04/10 18:11:28 | 000,000,000 | ---D | M] (deduplicate-tabs) -- C:\Users\yardape\AppData\Roaming\Mozilla\Firefox\Profiles\ux6n7ldt.default\extensions\jid0-pE828rrRNdlp4WBW4dmjZn7z4lQ@jetpack
[2012/02/20 08:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/04 16:50:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/20 08:10:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/14 15:45:30 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2012/07/03 14:37:18 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\YARDAPE\APPDATA\LOCAL\{48037356-C557-11E1-8270-B8AC6F996F26}
[2012/06/26 09:15:02 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/02/07 18:30:36 | 000,067,810 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2A}.XPI
[2012/02/29 22:11:47 | 000,005,927 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{C82BCF0E-EBFF-486F-BC3E-58AB0BA5286A}.XPI
[2012/02/04 16:59:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/20 19:07:37 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/04/17 02:05:56 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/06/23 20:19:54 | 000,013,459 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
[2012/06/22 00:48:49 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/02/23 13:28:59 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/05/30 22:48:58 | 000,012,941 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/02/04 17:11:40 | 000,091,769 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/02/07 18:13:43 | 000,226,493 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/03/30 10:02:49 | 000,038,773 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/02/26 21:18:23 | 000,073,297 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\yardape\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\yardape\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\yardape\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\yardape\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: AdBlock+ = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\
CHR - Extension: Google Search = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11786EB2-45FA-4447-A30C-135446FD5CA8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACBADAB-053A-4E2F-99FE-7B4AB37270D9}: NameServer = 64.59.144.92,64.59.150.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 21:08:41 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2012/07/03 20:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/03 20:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/03 20:00:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/03 19:27:49 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{FF0E9FBE-E454-4392-BDEA-06F097233DC3}
[2012/07/03 19:27:37 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9C746F7C-7E50-4583-B9E5-594F64E27A3A}
[2012/07/03 16:37:58 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/03 16:34:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Backup
[2012/07/03 16:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/03 14:40:24 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012/07/03 14:37:18 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4803A98A-C557-11E1-8270-B8AC6F996F26}
[2012/07/03 14:37:18 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{48037356-C557-11E1-8270-B8AC6F996F26}
[2012/07/03 14:36:23 | 000,142,848 | -HS- | C] (DT Soft Ltd) -- C:\Users\yardape\AppData\Roaming\cetaz.dll
[2012/07/03 14:36:23 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\HTML
[2012/07/03 14:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B3E00112B60006F53F7A60145BE
[2012/07/03 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Uwypew
[2012/07/03 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Ahma
[2012/07/03 07:27:11 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{E869759D-53D2-4201-B594-39BED3B8AFBA}
[2012/07/02 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{DFC7702C-6578-40BA-AA6F-E767DDB790DC}
[2012/07/02 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{FAFA71A0-C2C0-45CD-935B-7E4D39DF0746}
[2012/07/01 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9B356425-E87F-400A-BFA5-624B02DE269E}
[2012/07/01 07:25:34 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{050D3B67-1A3D-4D1E-9368-AC280C60CDBD}
[2012/06/30 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4963724F-B89A-4636-9EE3-4EBED391EFCD}
[2012/06/30 14:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[2012/06/30 14:57:28 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\APN
[2012/06/30 14:50:21 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2012/06/30 14:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar
[2012/06/30 13:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
[2012/06/30 13:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Software
[2012/06/30 13:35:00 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\PandoraRecovery
[2012/06/30 13:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2012/06/30 13:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
[2012/06/30 13:22:10 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/30 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/30 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Notepad++
[2012/06/30 13:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/06/30 07:24:44 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9C8FB3E5-D0F4-4594-A665-87D65A767774}
[2012/06/29 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{CA8CDA55-FCD3-490C-9050-EF8053F10685}
[2012/06/29 07:23:54 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{57D4B4CB-28C7-4008-920C-7F36CB2EC6C7}
[2012/06/28 19:23:29 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{A33C0B31-E4D2-4E4D-BB95-D293D5C4F83A}
[2012/06/28 07:23:03 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4FA2F935-0C1A-41E4-A973-19F3ABA9F346}
[2012/06/27 19:22:39 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{74FA37CD-52B5-4C93-BED4-094B96D38111}
[2012/06/27 07:22:15 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{EC5EC384-1B1D-4FC9-9A5F-E0DF1FE0375B}
[2012/06/26 19:21:50 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{0B2EE770-C49D-434C-9942-A45AA07DB97E}
[2012/06/26 19:21:38 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4AF5ECD7-E9D7-492C-A55B-830B86A09193}
[2012/06/26 07:21:11 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1F1EA23C-B94C-4159-A752-5CE5A86A8374}
[2012/06/26 07:21:00 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{170990B0-BC7C-49A2-B2C3-CC74CFD6D09B}
[2012/06/25 19:20:45 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1C23A051-18B2-4306-A236-487E8A622C17}
[2012/06/25 19:20:34 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9E852833-8347-4431-9A47-C9CB8D9FE002}
[2012/06/25 07:20:20 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{2DCF8BBF-C794-40D3-9202-14D04E4B7F14}
[2012/06/25 07:20:08 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1E112034-7998-4C60-BA8D-977645FD848D}
[2012/06/24 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{430D2717-FD39-4305-AC2E-E522D4472BEA}
[2012/06/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{469ACF7C-B1DE-4D81-AE5A-C5510B5AF73D}
[2012/06/24 07:19:03 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{A0E1CC70-126B-4845-B79B-D414769F6C64}
[2012/06/24 07:18:51 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{F0D50583-B4A2-42CA-9D5F-B0326BF33DEE}
[2012/06/23 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{F85AB44E-1022-4048-A0F9-EECAD97FBEED}
[2012/06/23 19:18:27 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{57C85A3E-CE90-42D3-817B-E37C4DA36617}
[2012/06/23 07:18:12 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{3A0E226F-6C31-4C20-A7D9-E4D12996E073}
[2012/06/23 07:18:00 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9825B284-6631-4A21-860C-A6757781D7D0}
[2012/06/22 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{F0ED38DC-B2D5-4CCA-97E8-65A21AA60FDD}
[2012/06/22 19:17:35 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{16969061-AFB2-4ADA-9671-8701CFC29A5D}
[2012/06/22 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{54E39BF4-D6CC-4381-AAE9-4A5A471CAB11}
[2012/06/22 07:17:09 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{FCFCEAA0-2824-4EAB-8530-3A3F935AAB41}
[2012/06/21 19:16:55 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{7C3E0A27-B072-4E6E-82CA-B046E243C6AE}
[2012/06/21 19:16:44 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{529CEF76-9DEC-4ADB-8007-CA9808D8AC1B}
[2012/06/21 10:14:29 | 000,000,000 | ---D | C] -- C:\Users\yardape\Documents\logs
[2012/06/21 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{06EAA0A4-31F2-47BE-B05D-E77CD287BECE}
[2012/06/21 07:16:17 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1219FD9C-0FB9-4089-AAB2-A1CABE676988}
[2012/06/21 07:12:18 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/21 07:11:08 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/06/21 07:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/21 07:00:34 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{8485DFE9-9DAD-45E6-90F8-29CF45E33194}
[2012/06/21 07:00:17 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{B9710E38-06C6-43CE-AB64-C351C40F79DA}
[2012/06/20 00:07:01 | 000,000,000 | ---D | C] -- C:\mircscripts
[2012/06/19 11:55:31 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{72B6447F-9A43-468C-A22A-A87DEFDFD485}
[2012/06/19 11:55:14 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{D98C248A-4D69-4608-98E6-00D123736DFB}
[2012/06/18 02:06:48 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{AC6C1A72-FBF1-4EF9-B8C4-7098FFBBE097}
[2012/06/14 03:41:50 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{7219E4BC-B7B5-4405-9EC0-0DAF8145454F}
[2012/06/14 03:41:27 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{B9A57AA1-CEF1-4BA3-ACD5-BB7B81A512CA}
[2012/06/12 05:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/12 05:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 05:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 05:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/10 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012/06/10 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\PokerStars
[2012/06/10 20:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2012/06/10 20:47:53 | 020,294,728 | ---- | C] (PokerStars) -- C:\Users\yardape\Documents\PokerStarsInstall.exe
[2012/06/05 22:29:20 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{30C6B07B-E4DE-4CCB-B0D8-767B10F1F73C}
[2012/06/05 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{8DE0F444-EE46-47D9-ACBC-74A260DDE1D6}
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/03 21:35:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 21:35:32 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 21:34:05 | 000,788,174 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/03 21:34:05 | 000,669,016 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/03 21:34:05 | 000,129,302 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/03 21:28:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/03 21:28:00 | 2146,910,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 21:07:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-214343487-374336361-2003765759-1000UA.job
[2012/07/03 19:06:17 | 000,033,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/03 16:37:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/03 14:36:14 | 000,142,848 | -HS- | M] (DT Soft Ltd) -- C:\Users\yardape\AppData\Roaming\cetaz.dll
[2012/07/02 16:07:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-214343487-374336361-2003765759-1000Core.job
[2012/07/02 09:06:56 | 000,007,618 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120702_090652.reg
[2012/06/30 14:50:21 | 000,001,324 | ---- | M] () -- C:\Users\yardape\Desktop\PC Inspector File Recovery.lnk
[2012/06/30 13:49:30 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012/06/30 13:49:30 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk
[2012/06/30 13:48:16 | 000,001,224 | ---- | M] () -- C:\Users\yardape\Desktop\Install GetDataBack Data Recovery.lnk
[2012/06/30 13:34:57 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/06/30 13:22:10 | 000,001,059 | ---- | M] () -- C:\Users\yardape\Desktop\Notepad++.lnk
[2012/06/29 20:08:59 | 000,002,375 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/26 09:26:56 | 000,000,536 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120626_092647.reg
[2012/06/25 00:30:30 | 000,003,870 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120625_003024.reg
[2012/06/21 10:09:39 | 000,000,682 | ---- | M] () -- C:\Users\yardape\Documents\remote.ini
[2012/06/21 07:04:16 | 000,001,135 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/21 06:42:43 | 000,000,930 | ---- | M] () -- C:\Users\yardape\Documents\Popupstemp.ini
[2012/06/21 06:42:09 | 000,001,055 | ---- | M] () -- C:\Users\yardape\Documents\Aliasestemp.ini
[2012/06/20 23:58:45 | 000,002,973 | ---- | M] () -- C:\Users\yardape\Documents\popups.ini
[2012/06/19 15:56:04 | 000,001,220 | ---- | M] () -- C:\Users\yardape\Documents\aliases.ini
[2012/06/18 05:04:21 | 000,003,584 | ---- | M] () -- C:\Users\yardape\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/18 02:05:04 | 000,010,392 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120618_020446.reg
[2012/06/18 01:44:53 | 000,001,033 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\ExtractNow.lnk
[2012/06/14 03:40:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForYARDAPE-HP$.job
[2012/06/14 03:39:55 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/10 20:51:16 | 000,001,087 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/06/10 20:49:01 | 020,294,728 | ---- | M] (PokerStars) -- C:\Users\yardape\Documents\PokerStarsInstall.exe
[2012/06/10 19:12:22 | 000,076,498 | ---- | M] () -- C:\Users\yardape\Documents\President Porky.png
[2012/06/05 22:27:04 | 000,001,328 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120605_222659.reg
[2012/06/04 23:57:38 | 000,201,646 | ---- | M] () -- C:\Users\yardape\Documents\FF5.PNG
[2012/06/04 23:56:53 | 000,309,107 | ---- | M] () -- C:\Users\yardape\Documents\FF4.PNG
[2012/06/04 23:56:03 | 000,189,670 | ---- | M] () -- C:\Users\yardape\Documents\FF3.PNG
[2012/06/04 23:55:00 | 000,499,785 | ---- | M] () -- C:\Users\yardape\Documents\FF2.PNG
[2012/06/04 23:53:46 | 000,560,831 | ---- | M] () -- C:\Users\yardape\Documents\FF1.PNG
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/03 19:06:17 | 000,033,096 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/03 18:13:21 | 000,016,896 | ---- | C] () -- C:\Users\yardape\AppData\Local\{b94355b0-612e-56a3-42f8-f3fa37ea0df0}\U\80000000.@
[2012/07/03 18:13:21 | 000,001,696 | ---- | C] () -- C:\Users\yardape\AppData\Local\{b94355b0-612e-56a3-42f8-f3fa37ea0df0}\U\00000001.@
[2012/07/02 09:06:54 | 000,007,618 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120702_090652.reg
[2012/06/30 14:50:21 | 000,001,324 | ---- | C] () -- C:\Users\yardape\Desktop\PC Inspector File Recovery.lnk
[2012/06/30 13:49:30 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012/06/30 13:49:30 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk
[2012/06/30 13:48:16 | 000,001,224 | ---- | C] () -- C:\Users\yardape\Desktop\Install GetDataBack Data Recovery.lnk
[2012/06/30 13:34:57 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/06/30 13:22:10 | 000,001,059 | ---- | C] () -- C:\Users\yardape\Desktop\Notepad++.lnk
[2012/06/26 09:26:52 | 000,000,536 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120626_092647.reg
[2012/06/25 00:30:26 | 000,003,870 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120625_003024.reg
[2012/06/21 10:14:00 | 000,002,973 | ---- | C] () -- C:\Users\yardape\Documents\popups.ini
[2012/06/21 10:14:00 | 000,001,220 | ---- | C] () -- C:\Users\yardape\Documents\aliases.ini
[2012/06/21 10:12:55 | 000,000,682 | ---- | C] () -- C:\Users\yardape\Documents\remote.ini
[2012/06/21 07:04:16 | 000,001,135 | ---- | C] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/21 06:42:43 | 000,000,930 | ---- | C] () -- C:\Users\yardape\Documents\Popupstemp.ini
[2012/06/21 06:42:09 | 000,001,055 | ---- | C] () -- C:\Users\yardape\Documents\Aliasestemp.ini
[2012/06/18 05:04:21 | 000,003,584 | ---- | C] () -- C:\Users\yardape\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/18 02:04:50 | 000,010,392 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120618_020446.reg
[2012/06/10 20:51:16 | 000,001,087 | ---- | C] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/06/10 19:12:21 | 000,076,498 | ---- | C] () -- C:\Users\yardape\Documents\President Porky.png
[2012/06/05 22:27:01 | 000,001,328 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120605_222659.reg
[2012/06/04 23:57:37 | 000,201,646 | ---- | C] () -- C:\Users\yardape\Documents\FF5.PNG
[2012/06/04 23:56:53 | 000,309,107 | ---- | C] () -- C:\Users\yardape\Documents\FF4.PNG
[2012/06/04 23:56:03 | 000,189,670 | ---- | C] () -- C:\Users\yardape\Documents\FF3.PNG
[2012/06/04 23:55:00 | 000,499,785 | ---- | C] () -- C:\Users\yardape\Documents\FF2.PNG
[2012/06/04 23:53:46 | 000,560,831 | ---- | C] () -- C:\Users\yardape\Documents\FF1.PNG
[2012/06/01 17:45:59 | 000,114,008 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/04/11 01:59:22 | 000,007,618 | ---- | C] () -- C:\Users\yardape\AppData\Local\Resmon.ResmonCfg
[2012/02/10 02:21:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/02/07 16:00:55 | 000,765,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 01:47:51 | 000,121,701 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2012/02/05 08:50:03 | 000,098,696 | ---- | C] () -- C:\Windows\SysWow64\setupprwdrv03.exe
[2012/02/05 08:50:03 | 000,013,704 | ---- | C] () -- C:\Windows\SysWow64\prwntdrv.sys
[2012/02/05 04:04:55 | 000,002,048 | -HS- | C] () -- C:\Users\yardape\AppData\Local\{b94355b0-612e-56a3-42f8-f3fa37ea0df0}\@
[2011/01/05 05:36:44 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/05 04:54:55 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/01/05 04:40:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/07/03 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Ahma
[2012/02/16 13:33:13 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\avidemux
[2012/04/26 08:20:53 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\COWON
[2012/02/09 21:03:11 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Digiarty
[2012/04/06 00:21:10 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\FileZilla
[2012/02/20 07:42:01 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Foxit Software
[2012/04/16 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Free Download Manager
[2012/03/10 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\IObit
[2012/05/10 18:49:22 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Leadertech
[2012/07/03 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Mikogo 4
[2012/05/01 17:03:41 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Mobipocket
[2012/06/30 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Notepad++
[2012/05/28 22:57:13 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Opera
[2012/06/30 13:35:00 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\PandoraRecovery
[2012/07/03 13:23:09 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\SoftGrid Client
[2012/02/07 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\TeamViewer
[2012/02/23 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\TeraCopy
[2012/02/04 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Tific
[2012/02/07 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\TP
[2012/05/29 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\uTorrent
[2012/07/03 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Uwypew
[2012/02/10 02:48:38 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\VSO
[2012/06/04 23:09:55 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\X-Chat 2
[2012/02/23 06:34:49 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\xWeasel
[2009/07/13 22:08:49 | 000,023,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Any help you could give me would be greatly appreciated.
  • 0

Advertisements

#2
Essexboy
Posted 04 July 2012 - 08:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can get this off of your system. Did you set up a Proxy within Firefox ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    [2012/07/03 14:36:14 | 000,142,848 | -HS- | M] (DT Soft Ltd) -- C:\Users\yardape\AppData\Roaming\cetaz.dll
    [2012/06/30 13:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Software
    [2012/06/30 13:35:00 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\PandoraRecovery
    [2012/06/30 13:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
    [2012/06/30 13:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora Recovery
    [2012/06/30 13:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runtime Software
    [2012/07/03 14:40:24 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum

    :Files
    C:\Users\yardape\AppData\Local\{b94355b0-612e-56a3-42f8-f3fa37ea0df0}

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
UpTheCreek
Posted 04 July 2012 - 09:29 AM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here's the OTL Log. Running combofix now.

All processes killed
========== OTL ==========
C:\Users\yardape\AppData\Roaming\cetaz.dll moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Software folder moved successfully.
C:\Users\yardape\AppData\Roaming\PandoraRecovery folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery folder moved successfully.
C:\Program Files (x86)\Pandora Recovery\Lang folder moved successfully.
C:\Program Files (x86)\Pandora Recovery folder moved successfully.
C:\Program Files (x86)\Runtime Software\GetDataBack for NTFS folder moved successfully.
C:\Program Files (x86)\Runtime Software\GetDataBack for FAT and NTFS folder moved successfully.
C:\Program Files (x86)\Runtime Software\GetDataBack folder moved successfully.
C:\Program Files (x86)\Runtime Software folder moved successfully.
C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum folder moved successfully.
========== FILES ==========
C:\Users\yardape\AppData\Local\{b94355b0-612e-56a3-42f8-f3fa37ea0df0}\U folder moved successfully.
C:\Users\yardape\AppData\Local\{b94355b0-612e-56a3-42f8-f3fa37ea0df0}\L folder moved successfully.
C:\Users\yardape\AppData\Local\{b94355b0-612e-56a3-42f8-f3fa37ea0df0} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: yardape
->Temp folder emptied: 61690980 bytes
->Temporary Internet Files folder emptied: 38936799 bytes
->Java cache emptied: 52955 bytes
->FireFox cache emptied: 59560311 bytes
->Google Chrome cache emptied: 856432 bytes
->Opera cache emptied: 1321339 bytes
->Flash cache emptied: 3899 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 12288 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12218 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33234 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045865 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 189.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07042012_082052

Files\Folders moved on Reboot...
C:\Users\yardape\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\yardape\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIHTXTO4\ads-in-client[1].js moved successfully.
C:\Users\yardape\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIHTXTO4\xd_arbiter[5].htm moved successfully.
C:\Users\yardape\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OBGY1AW\ADSAdClient31[10].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\yardape\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\yardape\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIHTXTO4\ads-in-client[1].js not found!
File C:\Users\yardape\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIHTXTO4\xd_arbiter[5].htm not found!
File C:\Users\yardape\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OBGY1AW\ADSAdClient31[10].htm not found!

Registry entries deleted on Reboot...
  • 0

#4
UpTheCreek
Posted 04 July 2012 - 09:56 AM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Here's the log combofix created. I also think I made a small mistake. I forgot the quick scan with OTL after the reboot so I'm adding the newly created log to the bottom of this post.


ComboFix 12-07-04.03 - yardape 04/07/2012 8:31.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8191.6741 [GMT -7:00]
Running from: c:\users\yardape\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
d:\driver\info
d:\driver\info\Desktop.ini
e:\driver\info
e:\driver\info\Desktop.ini
h:\driver\info
h:\driver\info\Desktop.ini
r:\driver\info
r:\driver\info\Desktop.ini
r:\driver\info\explorer.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 15:36 . 2012-07-04 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 15:20 . 2012-07-04 15:20 -------- d-----w- C:\_OTL
2012-07-04 04:08 . 2011-05-12 21:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-07-04 03:35 . 2012-07-04 03:35 -------- d-----w- c:\program files (x86)\Sophos
2012-07-04 02:06 . 2012-07-04 02:06 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-03 23:37 . 2012-07-03 23:37 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-03 23:34 . 2012-07-03 23:34 -------- d--h--w- c:\programdata\Backup
2012-07-03 23:29 . 2012-07-03 23:37 -------- d-----w- c:\programdata\HitmanPro
2012-07-03 21:37 . 2012-07-03 21:37 -------- d-----w- c:\users\yardape\AppData\Local\{4803A98A-C557-11E1-8270-B8AC6F996F26}
2012-07-03 21:37 . 2012-07-03 21:37 -------- d-----w- c:\users\yardape\AppData\Local\{48037356-C557-11E1-8270-B8AC6F996F26}
2012-07-03 21:36 . 2012-07-04 01:20 -------- d-----w- c:\users\yardape\AppData\Local\HTML
2012-07-03 21:36 . 2012-07-04 01:09 -------- d-----w- c:\programdata\B7E85B3E00112B60006F53F7A60145BE
2012-07-03 21:36 . 2012-07-04 03:02 -------- d-----w- c:\users\yardape\AppData\Roaming\Ahma
2012-07-03 21:36 . 2012-07-03 21:36 -------- d-----w- c:\users\yardape\AppData\Roaming\Uwypew
2012-07-03 17:54 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCFFAD07-0FD1-46DC-8DD5-50BC9C465433}\mpengine.dll
2012-06-30 21:57 . 2012-06-30 21:57 -------- d-----w- c:\users\yardape\AppData\Local\APN
2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\program files (x86)\Convar
2012-06-30 20:22 . 2012-06-30 20:23 -------- d-----w- c:\users\yardape\AppData\Roaming\Notepad++
2012-06-30 20:22 . 2012-06-30 20:22 -------- d-----w- c:\program files (x86)\Notepad++
2012-06-21 14:12 . 2012-06-21 14:12 -------- d-----w- c:\windows\en
2012-06-21 14:11 . 2012-06-21 14:11 -------- d-----w- c:\windows\fr
2012-06-21 14:07 . 2012-06-21 14:07 -------- d-----w- c:\program files\Windows Live
2012-06-21 14:02 . 2012-06-21 14:02 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7e50d5441cd4fb603\DSETUP.dll
2012-06-21 14:02 . 2012-06-21 14:02 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7e50d5441cd4fb603\DXSETUP.exe
2012-06-21 14:02 . 2012-06-21 14:02 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\7e50d5441cd4fb603\dsetup32.dll
2012-06-20 07:07 . 2012-06-20 07:07 -------- d-----w- C:\mircscripts
2012-06-19 05:43 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 05:43 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 05:43 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 05:43 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 05:43 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 05:43 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 05:43 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 05:42 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 05:42 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 01:12 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 12:29 . 2012-06-12 12:29 -------- d-----w- c:\program files\iPod
2012-06-12 12:29 . 2012-06-12 12:29 -------- d-----w- c:\program files\iTunes
2012-06-12 12:29 . 2012-06-12 12:29 -------- d-----w- c:\program files (x86)\iTunes
2012-06-11 03:51 . 2012-06-21 07:26 -------- d-----w- c:\users\yardape\AppData\Local\PokerStars
2012-06-11 03:51 . 2012-06-13 06:50 -------- d-----w- c:\program files (x86)\PokerStars
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 01:49 . 2012-05-11 01:49 53248 ----a-r- c:\users\yardape\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-11 01:49 . 2012-05-11 01:49 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-07-13 5020672]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-04 33096]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\72B0.tmp [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-07-22 1002848]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-26 16776]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2009-07-01 2143600]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-06 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-27 17720]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\yardape\Downloads\Programs\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-07-04 23208]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
S2 M4-Service;M4-Service;c:\users\yardape\AppData\Roaming\Mikogo 4\M4-Service.exe [2012-01-16 1007472]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-26 687400]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-06-10 1192448]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-13 36720]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 20:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-214343487-374336361-2003765759-1000Core.job
- c:\users\yardape\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 15:57]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-214343487-374336361-2003765759-1000UA.job
- c:\users\yardape\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-23 15:57]
.
2012-06-14 c:\windows\Tasks\HPCeeScheduleForYARDAPE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: Interfaces\{11786EB2-45FA-4447-A30C-135446FD5CA8}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{5ACBADAB-053A-4E2F-99FE-7B4AB37270D9}: NameServer = 64.59.144.92,64.59.150.138
FF - ProfilePath - c:\users\yardape\AppData\Roaming\Mozilla\Firefox\Profiles\ux6n7ldt.default\
FF - prefs.js: network.proxy.ftp - 109.123.111.99
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 109.123.111.99
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 109.123.111.99
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 109.123.111.99
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PandoraRecovery - c:\program files (x86)\Pandora Recovery\Uninstall.exe
AddRemove-{49C09E32-B9FD-4EDC-9152-9BC0CC618A13} - c:\program files (x86)\Runtime Software\GetDataBack for FAT and NTFS\Uninstall.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\72B0.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-214343487-374336361-2003765759-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*A*A*G³Ze\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\users\yardape\AppData\Roaming\Mikogo 4\M4-Capture.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Completion time: 2012-07-04 08:41:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 15:41
.
Pre-Run: 304,440,500,224 bytes free
Post-Run: 304,217,272,320 bytes free
.
- - End Of File - - FB500A637D4570CAB67CD2E3947C0894


New OTL log.

OTL logfile created on: 7/4/2012 8:51:53 AM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\yardape\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.47 Gb Available Physical Memory | 80.85% Memory free
16.00 Gb Paging File | 14.47 Gb Available in Paging File | 90.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.98 Gb Total Space | 283.38 Gb Free Space | 30.87% Space Free | Partition Type: NTFS
Drive D: | 13.44 Gb Total Space | 1.65 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 717.46 Gb Free Space | 77.02% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 13.71 Gb Free Space | 0.74% Space Free | Partition Type: NTFS
Drive I: | 7.42 Gb Total Space | 5.54 Gb Free Space | 74.64% Space Free | Partition Type: NTFS
Drive N: | 14.53 Gb Total Space | 14.44 Gb Free Space | 99.38% Space Free | Partition Type: NTFS
Drive R: | 1863.01 Gb Total Space | 492.39 Gb Free Space | 26.43% Space Free | Partition Type: NTFS

Computer Name: YARDAPE-HP | User Name: yardape | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/03 21:49:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\yardape\Downloads\OTL.exe
PRC - [2012/06/24 15:09:00 | 001,622,016 | ---- | M] (Don HO [email protected]) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2012/03/03 22:38:38 | 001,592,160 | ---- | M] () -- C:\Users\yardape\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/19 04:47:19 | 011,171,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/01/19 04:26:19 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/01/16 03:04:46 | 001,007,472 | ---- | M] () -- C:\Users\yardape\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2012/01/04 15:26:46 | 001,606,488 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/15 21:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/08/20 18:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/21 13:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011/08/19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2011/07/18 14:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
MOD - [2011/06/15 21:17:34 | 001,850,328 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 12:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 08:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/16 03:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\yardape\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/08/20 18:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 19:06:17 | 000,033,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 10:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/12/01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/01 23:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/01 23:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 15:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/25 20:39:00 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\prwntdrv.sys -- (prwntdrv)
DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/11 07:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/06/30 22:24:56 | 002,143,600 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX6000Xp.sys -- (VX6000)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/07/04 00:22:50 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\yardape\Downloads\Programs\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2011/05/12 14:05:32 | 000,018,816 | ---- | M] (Sophos Group) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/08/25 20:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\prwntdrv.sys -- (prwntdrv)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "109.123.111.99 "
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "109.123.111.99 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "109.123.111.99 "
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "109.123.111.99 "
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\yardape\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\yardape\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/02/26 19:31:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/26 19:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/03/12 15:47:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{48037356-C557-11E1-8270-B8AC6F996F26}: C:\Users\yardape\AppData\Local\{48037356-C557-11E1-8270-B8AC6F996F26}\ [2012/07/03 14:37:18 | 000,000,000 | ---D | M]

[2012/02/04 16:41:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yardape\AppData\Roaming\Mozilla\Extensions
[2012/07/03 13:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yardape\AppData\Roaming\Mozilla\Firefox\Profiles\ux6n7ldt.default\extensions
[2012/07/03 13:23:49 | 000,000,000 | ---D | M] (Advanced Cookie Manager) -- C:\Users\yardape\AppData\Roaming\Mozilla\Firefox\Profiles\ux6n7ldt.default\extensions\[email protected]
[2012/04/10 18:11:28 | 000,000,000 | ---D | M] (deduplicate-tabs) -- C:\Users\yardape\AppData\Roaming\Mozilla\Firefox\Profiles\ux6n7ldt.default\extensions\jid0-pE828rrRNdlp4WBW4dmjZn7z4lQ@jetpack
[2012/02/20 08:10:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/04 16:50:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/20 08:10:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/04/14 15:45:30 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2012/07/03 14:37:18 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\YARDAPE\APPDATA\LOCAL\{48037356-C557-11E1-8270-B8AC6F996F26}
[2012/06/26 09:15:02 | 000,339,843 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/02/07 18:30:36 | 000,067,810 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2A}.XPI
[2012/02/29 22:11:47 | 000,005,927 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{C82BCF0E-EBFF-486F-BC3E-58AB0BA5286A}.XPI
[2012/02/04 16:59:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/20 19:07:37 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/04/17 02:05:56 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/06/23 20:19:54 | 000,013,459 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
[2012/06/22 00:48:49 | 000,091,556 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\{EDA7B1D7-F793-4E03-B074-E6F303317FB0}.XPI
[2012/02/23 13:28:59 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/05/30 22:48:58 | 000,012,941 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/02/04 17:11:40 | 000,091,769 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/02/07 18:13:43 | 000,226,493 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/03/30 10:02:49 | 000,038,773 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2012/02/26 21:18:23 | 000,073,297 | ---- | M] () (No name found) -- C:\USERS\YARDAPE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UX6N7LDT.DEFAULT\EXTENSIONS\[email protected]
[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\yardape\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\yardape\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\yardape\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\yardape\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: AdBlock+ = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\
CHR - Extension: Google Search = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\yardape\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/04 08:38:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11786EB2-45FA-4447-A30C-135446FD5CA8}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACBADAB-053A-4E2F-99FE-7B4AB37270D9}: NameServer = 64.59.144.92,64.59.150.138
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 08:41:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/04 08:30:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/04 08:30:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/04 08:30:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/04 08:30:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/04 08:29:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/04 08:27:15 | 004,571,084 | R--- | C] (Swearware) -- C:\Users\yardape\Desktop\ComboFix.exe
[2012/07/04 08:20:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/04 07:28:27 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{7CC3A00C-12DF-408B-B3F6-073B6B36802C}
[2012/07/04 07:28:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1B81BF4D-5420-4331-9239-01080EA40BE5}
[2012/07/03 21:08:41 | 000,018,816 | ---- | C] (Sophos Group) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2012/07/03 20:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/03 20:35:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/03 20:00:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/03 19:27:49 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{FF0E9FBE-E454-4392-BDEA-06F097233DC3}
[2012/07/03 19:27:37 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9C746F7C-7E50-4583-B9E5-594F64E27A3A}
[2012/07/03 16:37:58 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/03 16:34:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Backup
[2012/07/03 16:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/03 14:37:18 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4803A98A-C557-11E1-8270-B8AC6F996F26}
[2012/07/03 14:37:18 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{48037356-C557-11E1-8270-B8AC6F996F26}
[2012/07/03 14:36:23 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\HTML
[2012/07/03 14:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B3E00112B60006F53F7A60145BE
[2012/07/03 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Uwypew
[2012/07/03 14:36:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Ahma
[2012/07/03 07:27:11 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{E869759D-53D2-4201-B594-39BED3B8AFBA}
[2012/07/02 19:26:47 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{DFC7702C-6578-40BA-AA6F-E767DDB790DC}
[2012/07/02 07:26:22 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{FAFA71A0-C2C0-45CD-935B-7E4D39DF0746}
[2012/07/01 19:25:58 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9B356425-E87F-400A-BFA5-624B02DE269E}
[2012/07/01 07:25:34 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{050D3B67-1A3D-4D1E-9368-AC280C60CDBD}
[2012/06/30 19:25:08 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4963724F-B89A-4636-9EE3-4EBED391EFCD}
[2012/06/30 14:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com
[2012/06/30 14:57:28 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\APN
[2012/06/30 14:50:21 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2012/06/30 14:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar
[2012/06/30 13:22:10 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/30 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/06/30 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Notepad++
[2012/06/30 13:22:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/06/30 07:24:44 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9C8FB3E5-D0F4-4594-A665-87D65A767774}
[2012/06/29 19:24:19 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{CA8CDA55-FCD3-490C-9050-EF8053F10685}
[2012/06/29 07:23:54 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{57D4B4CB-28C7-4008-920C-7F36CB2EC6C7}
[2012/06/28 19:23:29 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{A33C0B31-E4D2-4E4D-BB95-D293D5C4F83A}
[2012/06/28 07:23:03 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4FA2F935-0C1A-41E4-A973-19F3ABA9F346}
[2012/06/27 19:22:39 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{74FA37CD-52B5-4C93-BED4-094B96D38111}
[2012/06/27 07:22:15 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{EC5EC384-1B1D-4FC9-9A5F-E0DF1FE0375B}
[2012/06/26 19:21:50 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{0B2EE770-C49D-434C-9942-A45AA07DB97E}
[2012/06/26 19:21:38 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{4AF5ECD7-E9D7-492C-A55B-830B86A09193}
[2012/06/26 07:21:11 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1F1EA23C-B94C-4159-A752-5CE5A86A8374}
[2012/06/26 07:21:00 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{170990B0-BC7C-49A2-B2C3-CC74CFD6D09B}
[2012/06/25 19:20:45 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1C23A051-18B2-4306-A236-487E8A622C17}
[2012/06/25 19:20:34 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9E852833-8347-4431-9A47-C9CB8D9FE002}
[2012/06/25 07:20:20 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{2DCF8BBF-C794-40D3-9202-14D04E4B7F14}
[2012/06/25 07:20:08 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1E112034-7998-4C60-BA8D-977645FD848D}
[2012/06/24 19:19:41 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{430D2717-FD39-4305-AC2E-E522D4472BEA}
[2012/06/24 19:19:30 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{469ACF7C-B1DE-4D81-AE5A-C5510B5AF73D}
[2012/06/24 07:19:03 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{A0E1CC70-126B-4845-B79B-D414769F6C64}
[2012/06/24 07:18:51 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{F0D50583-B4A2-42CA-9D5F-B0326BF33DEE}
[2012/06/23 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{F85AB44E-1022-4048-A0F9-EECAD97FBEED}
[2012/06/23 19:18:27 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{57C85A3E-CE90-42D3-817B-E37C4DA36617}
[2012/06/23 07:18:12 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{3A0E226F-6C31-4C20-A7D9-E4D12996E073}
[2012/06/23 07:18:00 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{9825B284-6631-4A21-860C-A6757781D7D0}
[2012/06/22 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{F0ED38DC-B2D5-4CCA-97E8-65A21AA60FDD}
[2012/06/22 19:17:35 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{16969061-AFB2-4ADA-9671-8701CFC29A5D}
[2012/06/22 07:17:20 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{54E39BF4-D6CC-4381-AAE9-4A5A471CAB11}
[2012/06/22 07:17:09 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{FCFCEAA0-2824-4EAB-8530-3A3F935AAB41}
[2012/06/21 19:16:55 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{7C3E0A27-B072-4E6E-82CA-B046E243C6AE}
[2012/06/21 19:16:44 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{529CEF76-9DEC-4ADB-8007-CA9808D8AC1B}
[2012/06/21 10:14:29 | 000,000,000 | ---D | C] -- C:\Users\yardape\Documents\logs
[2012/06/21 07:16:30 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{06EAA0A4-31F2-47BE-B05D-E77CD287BECE}
[2012/06/21 07:16:17 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{1219FD9C-0FB9-4089-AAB2-A1CABE676988}
[2012/06/21 07:12:18 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/21 07:11:08 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/06/21 07:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/21 07:00:34 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{8485DFE9-9DAD-45E6-90F8-29CF45E33194}
[2012/06/21 07:00:17 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{B9710E38-06C6-43CE-AB64-C351C40F79DA}
[2012/06/20 00:07:01 | 000,000,000 | ---D | C] -- C:\mircscripts
[2012/06/19 11:55:31 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{72B6447F-9A43-468C-A22A-A87DEFDFD485}
[2012/06/19 11:55:14 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{D98C248A-4D69-4608-98E6-00D123736DFB}
[2012/06/18 02:06:48 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{AC6C1A72-FBF1-4EF9-B8C4-7098FFBBE097}
[2012/06/14 03:41:50 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{7219E4BC-B7B5-4405-9EC0-0DAF8145454F}
[2012/06/14 03:41:27 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{B9A57AA1-CEF1-4BA3-ACD5-BB7B81A512CA}
[2012/06/12 05:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/12 05:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/12 05:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/12 05:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/10 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
[2012/06/10 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\PokerStars
[2012/06/10 20:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2012/06/10 20:47:53 | 020,294,728 | ---- | C] (PokerStars) -- C:\Users\yardape\Documents\PokerStarsInstall.exe
[2012/06/05 22:29:20 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{30C6B07B-E4DE-4CCB-B0D8-767B10F1F73C}
[2012/06/05 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\yardape\AppData\Local\{8DE0F444-EE46-47D9-ACBC-74A260DDE1D6}

========== Files - Modified Within 30 Days ==========

[2012/07/04 08:44:47 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 08:44:47 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/04 08:41:43 | 000,788,174 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/04 08:41:43 | 000,669,016 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/04 08:41:43 | 000,129,302 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/04 08:38:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/04 08:37:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/04 08:37:23 | 2146,910,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 08:27:20 | 004,571,084 | R--- | M] (Swearware) -- C:\Users\yardape\Desktop\ComboFix.exe
[2012/07/04 08:07:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-214343487-374336361-2003765759-1000UA.job
[2012/07/03 19:06:17 | 000,033,096 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/03 16:37:58 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/07/02 16:07:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-214343487-374336361-2003765759-1000Core.job
[2012/07/02 09:06:56 | 000,007,618 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120702_090652.reg
[2012/06/30 14:50:21 | 000,001,324 | ---- | M] () -- C:\Users\yardape\Desktop\PC Inspector File Recovery.lnk
[2012/06/30 13:49:30 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012/06/30 13:49:30 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk
[2012/06/30 13:48:16 | 000,001,224 | ---- | M] () -- C:\Users\yardape\Desktop\Install GetDataBack Data Recovery.lnk
[2012/06/30 13:34:57 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/06/30 13:22:10 | 000,001,059 | ---- | M] () -- C:\Users\yardape\Desktop\Notepad++.lnk
[2012/06/29 20:08:59 | 000,002,375 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/26 09:26:56 | 000,000,536 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120626_092647.reg
[2012/06/25 00:30:30 | 000,003,870 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120625_003024.reg
[2012/06/21 10:09:39 | 000,000,682 | ---- | M] () -- C:\Users\yardape\Documents\remote.ini
[2012/06/21 07:04:16 | 000,001,135 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/21 06:42:43 | 000,000,930 | ---- | M] () -- C:\Users\yardape\Documents\Popupstemp.ini
[2012/06/21 06:42:09 | 000,001,055 | ---- | M] () -- C:\Users\yardape\Documents\Aliasestemp.ini
[2012/06/20 23:58:45 | 000,002,973 | ---- | M] () -- C:\Users\yardape\Documents\popups.ini
[2012/06/19 15:56:04 | 000,001,220 | ---- | M] () -- C:\Users\yardape\Documents\aliases.ini
[2012/06/18 05:04:21 | 000,003,584 | ---- | M] () -- C:\Users\yardape\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/18 02:05:04 | 000,010,392 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120618_020446.reg
[2012/06/18 01:44:53 | 000,001,033 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\ExtractNow.lnk
[2012/06/14 03:40:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForYARDAPE-HP$.job
[2012/06/14 03:39:55 | 000,285,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/10 20:51:16 | 000,001,087 | ---- | M] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/06/10 20:49:01 | 020,294,728 | ---- | M] (PokerStars) -- C:\Users\yardape\Documents\PokerStarsInstall.exe
[2012/06/10 19:12:22 | 000,076,498 | ---- | M] () -- C:\Users\yardape\Documents\President Porky.png
[2012/06/05 22:27:04 | 000,001,328 | ---- | M] () -- C:\Users\yardape\Documents\cc_20120605_222659.reg
[2012/06/04 23:57:38 | 000,201,646 | ---- | M] () -- C:\Users\yardape\Documents\FF5.PNG
[2012/06/04 23:56:53 | 000,309,107 | ---- | M] () -- C:\Users\yardape\Documents\FF4.PNG
[2012/06/04 23:56:03 | 000,189,670 | ---- | M] () -- C:\Users\yardape\Documents\FF3.PNG
[2012/06/04 23:55:00 | 000,499,785 | ---- | M] () -- C:\Users\yardape\Documents\FF2.PNG
[2012/06/04 23:53:46 | 000,560,831 | ---- | M] () -- C:\Users\yardape\Documents\FF1.PNG

========== Files Created - No Company Name ==========

[2012/07/04 08:30:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/04 08:30:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/04 08:30:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/04 08:30:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/04 08:30:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/03 19:06:17 | 000,033,096 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/02 09:06:54 | 000,007,618 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120702_090652.reg
[2012/06/30 14:50:21 | 000,001,324 | ---- | C] () -- C:\Users\yardape\Desktop\PC Inspector File Recovery.lnk
[2012/06/30 13:49:30 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
[2012/06/30 13:49:30 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\GetDataBack for FAT.lnk
[2012/06/30 13:48:16 | 000,001,224 | ---- | C] () -- C:\Users\yardape\Desktop\Install GetDataBack Data Recovery.lnk
[2012/06/30 13:34:57 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Pandora Recovery.lnk
[2012/06/30 13:22:10 | 000,001,059 | ---- | C] () -- C:\Users\yardape\Desktop\Notepad++.lnk
[2012/06/26 09:26:52 | 000,000,536 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120626_092647.reg
[2012/06/25 00:30:26 | 000,003,870 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120625_003024.reg
[2012/06/21 10:14:00 | 000,002,973 | ---- | C] () -- C:\Users\yardape\Documents\popups.ini
[2012/06/21 10:14:00 | 000,001,220 | ---- | C] () -- C:\Users\yardape\Documents\aliases.ini
[2012/06/21 10:12:55 | 000,000,682 | ---- | C] () -- C:\Users\yardape\Documents\remote.ini
[2012/06/21 07:04:16 | 000,001,135 | ---- | C] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/21 06:42:43 | 000,000,930 | ---- | C] () -- C:\Users\yardape\Documents\Popupstemp.ini
[2012/06/21 06:42:09 | 000,001,055 | ---- | C] () -- C:\Users\yardape\Documents\Aliasestemp.ini
[2012/06/18 05:04:21 | 000,003,584 | ---- | C] () -- C:\Users\yardape\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/18 02:04:50 | 000,010,392 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120618_020446.reg
[2012/06/10 20:51:16 | 000,001,087 | ---- | C] () -- C:\Users\yardape\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/06/10 19:12:21 | 000,076,498 | ---- | C] () -- C:\Users\yardape\Documents\President Porky.png
[2012/06/05 22:27:01 | 000,001,328 | ---- | C] () -- C:\Users\yardape\Documents\cc_20120605_222659.reg
[2012/06/04 23:57:37 | 000,201,646 | ---- | C] () -- C:\Users\yardape\Documents\FF5.PNG
[2012/06/04 23:56:53 | 000,309,107 | ---- | C] () -- C:\Users\yardape\Documents\FF4.PNG
[2012/06/04 23:56:03 | 000,189,670 | ---- | C] () -- C:\Users\yardape\Documents\FF3.PNG
[2012/06/04 23:55:00 | 000,499,785 | ---- | C] () -- C:\Users\yardape\Documents\FF2.PNG
[2012/06/04 23:53:46 | 000,560,831 | ---- | C] () -- C:\Users\yardape\Documents\FF1.PNG
[2012/06/01 17:45:59 | 000,114,008 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/04/11 01:59:22 | 000,007,618 | ---- | C] () -- C:\Users\yardape\AppData\Local\Resmon.ResmonCfg
[2012/02/10 02:21:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/02/07 16:00:55 | 000,765,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/07 01:47:51 | 000,121,701 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2012/02/05 08:50:03 | 000,098,696 | ---- | C] () -- C:\Windows\SysWow64\setupprwdrv03.exe
[2012/02/05 08:50:03 | 000,013,704 | ---- | C] () -- C:\Windows\SysWow64\prwntdrv.sys
[2011/01/05 05:36:44 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/05 04:54:55 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/01/05 04:40:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/07/03 20:02:57 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Ahma
[2012/02/16 13:33:13 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\avidemux
[2012/04/26 08:20:53 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\COWON
[2012/02/09 21:03:11 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Digiarty
[2012/04/06 00:21:10 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\FileZilla
[2012/02/20 07:42:01 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Foxit Software
[2012/04/16 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Free Download Manager
[2012/03/10 22:44:44 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\IObit
[2012/05/10 18:49:22 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Leadertech
[2012/07/03 16:20:51 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Mikogo 4
[2012/05/01 17:03:41 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Mobipocket
[2012/06/30 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Notepad++
[2012/05/28 22:57:13 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Opera
[2012/07/03 13:23:09 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\SoftGrid Client
[2012/02/07 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\TeamViewer
[2012/02/23 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\TeraCopy
[2012/02/04 16:41:02 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Tific
[2012/02/07 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\TP
[2012/05/29 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\uTorrent
[2012/07/03 14:36:16 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\Uwypew
[2012/02/10 02:48:38 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\VSO
[2012/06/04 23:09:55 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\X-Chat 2
[2012/02/23 06:34:49 | 000,000,000 | ---D | M] -- C:\Users\yardape\AppData\Roaming\xWeasel
[2009/07/13 22:08:49 | 000,024,070 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#5
UpTheCreek
Posted 04 July 2012 - 10:00 AM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I can't thank you enough for all the help you're giving me it's greatly appreciated.
  • 0

#6
Essexboy
Posted 04 July 2012 - 10:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK onwards and upwards... First and foremost how is the computer behaving ?

Also has your antivirus started yet ? If not we will need to download and install a fresh copy. Is it Sophos ?

And the firefox proxies, did you set them ?
  • 0

#7
UpTheCreek
Posted 04 July 2012 - 10:13 AM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The computer seems to behaving fine but it was behaving fine or I thought it was behaving fine after all the cleaning I had done prior so that shows what I know. I'm deciding which free anti-virus to go with either Avast or AVG or any suggestions. As for the proxies I really don't remember if I did or not. I very well could have but I can't be certain. I know I'd set a proxy quite awhile back but if I recall correctly I turned it off again.
  • 0

#8
Essexboy
Posted 04 July 2012 - 10:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets clear the proxies, you can reset them if needed

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    FF - prefs.js..network.proxy.ftp: "109.123.111.99 "
    FF - prefs.js..network.proxy.ftp_port: 80
    FF - prefs.js..network.proxy.http: "109.123.111.99 "
    FF - prefs.js..network.proxy.http_port: 80
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "109.123.111.99 "
    FF - prefs.js..network.proxy.socks_port: 80
    FF - prefs.js..network.proxy.ssl: "109.123.111.99 "
    FF - prefs.js..network.proxy.ssl_port: 80

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


ANTIVIRUS

As I know a lot more about Avast then if you wish I will help you set that up

Download Avast Free from here to your desktop

Run the Installation file you will need to reboot on completion. Do not accept the Boot scan at this time
After the reboot you will get the following screeen, unless you want Chrome as a browser then deselect as shown
[attachment=58802:avast_update_install_complete.png]

Registration is needed for this programme so that the number of upate servers required can be calculated

There is a step by step guide here

Then once up and running you can fire all the questions at me :)
  • 0

#9
UpTheCreek
Posted 04 July 2012 - 11:14 AM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Alright I'm good with everything in the settings except for the Troubleshooting settings. Those things in the list will only call to action if a problem arises? It never asked for a reboot.
  • 0

#10
UpTheCreek
Posted 04 July 2012 - 11:19 AM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
You didn't ask for the log but here's the log of the OTL customfix just in case you needed it.

All processes killed
========== OTL ==========
Prefs.js: "109.123.111.99 " removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: "109.123.111.99 " removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "109.123.111.99 " removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "109.123.111.99 " removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\yardape\Downloads\cmd.bat deleted successfully.
C:\Users\yardape\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: yardape
->Temp folder emptied: 1394 bytes
->Temporary Internet Files folder emptied: 1302255 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48403222 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 641 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 47.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07042012_095300

Files\Folders moved on Reboot...
C:\Users\yardape\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\yardape\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
  • 0

Advertisements

#11
Essexboy
Posted 04 July 2012 - 12:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct the trouble shooting elements are purely for that .. I have never needed to use them :)

OK then a final check before I remove my tools... Any outstanding problems or niggles ?
  • 0

#12
UpTheCreek
Posted 04 July 2012 - 12:36 PM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I think I'm good. I really appreciate all your help you've been great, thank you. I think I might apply for the free course as I think it would be great to know how to do all this stuff.
  • 0

#13
Essexboy
Posted 04 July 2012 - 12:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

I think I might apply for the free course as I think it would be great to know how to do all this stuff.

Please do, we need all the help we can get :cool:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#14
UpTheCreek
Posted 04 July 2012 - 02:30 PM

UpTheCreek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
All done. Thank you again.
  • 0

#15
Essexboy
Posted 04 July 2012 - 02:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP