Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

searchonme, can't download, browsers sometimes won't open.

Started by FWvidChick , Oct 03 2012 05:00 PM

  • Please log in to reply

#1
FWvidChick
Posted 03 October 2012 - 05:00 PM

FWvidChick

    New Member

  • Member
  • Pip
  • 1 posts
A few days ago I found I couldn't download from download sites such as rapidshare..even sites like CNET weren't working, sometimes. Watching streaming video also became difficult. Yesterday the problem became worse where some websites weren't loading correctly, appeared to be random. Today I found I couldn't get chrome,firefox or IE (i hate even opening it) to open. All three would simply claim a failure to load, send an error report but no actual errors or reasons given for not opening. Everything else on my computer seems fine, windows explore behaves, other programs open, can play media, work on documents, ect.

I immediately ran MBAM (safemode) which found 3 trojans, I unfortunately don't remember the names- tho one was attached to a free cd burning software i grabbed on the 29th/ Burn4free) It didn't solve the issue, actually it was after that that chrome and the other browsers refused to open, before that they were just slow and sluggish, half loading pages or not loading them at all. Also swagbucks kept giving me some sort of iframe error (both on firefox and chrome.

I ran CCleaner and disabled browser extensions, it improved the not opening behavior for a bit . Or it appeared too. But i began to have problems with sites behaving oddly again so I went into look at what was installed. Found in my program box that around the 29th and the 1st (roughly when it became noticeable) I had a windows update download and also something called SENDORIUP.EXE. I removed the program, haven't touched the windows update yet. I also removed another program i tried 'unhackme'.

I now have chrome and firefox both working but the inital problems with download sites still are there. and sometimes chrome and firefox still claim they can't open. But it appears to be random on how well they work or if they will.

I noticed the searchonme when i went back to firefox and it's now my homepage..I have no idea when that happened as chrome is my default and firefox is my backup. Searchonme doesn't show for chrome.

I found some sites that said that search o me is a rootkit issue. But I am at a loss on what to do.
I downloaded the help programs through my moms laptop (OLT,combofix, ect), but i am new to them.

I ran OLT but it didn't create a log :S not sure why.

Edit: Found the log.. didn't see it.

OTL logfile created on: 10/3/2012 5:20:54 PM - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\jp\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.64% Memory free
6.00 Gb Paging File | 4.45 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.79 Gb Total Space | 75.38 Gb Free Space | 32.38% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 7.16 Gb Free Space | 98.66% Space Free | Partition Type: FAT32
Drive F: | 465.73 Gb Total Space | 71.28 Gb Free Space | 15.30% Space Free | Partition Type: NTFS

Computer Name: JP-PC | User Name: jp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/03 17:16:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\jp\Desktop\OTL.exe
PRC - [2012/09/26 12:00:00 | 000,118,632 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
PRC - [2012/09/18 13:06:09 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012/09/10 12:59:18 | 000,595,216 | ---- | M] (Greatis Software) -- C:\Program Files (x86)\UnHackMe\hackmon.exe
PRC - [2012/09/07 15:37:04 | 000,100,864 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/09/07 14:40:18 | 000,008,704 | ---- | M] (Freemake) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/09/05 20:26:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/25 06:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files (x86)\WordWeb\wweb32.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/18 13:06:08 | 009,813,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012/09/05 20:26:41 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/08/07 10:02:46 | 000,323,584 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2012/05/25 06:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2012/05/25 06:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files (x86)\WordWeb\wweb32.exe
MOD - [2012/04/21 11:30:06 | 002,213,120 | ---- | M] () -- C:\Windows\wweb32.dll
MOD - [2012/04/21 11:28:20 | 000,022,800 | ---- | M] () -- C:\Program Files (x86)\WordWeb\WUCNT.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/30 06:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/26 12:00:00 | 000,118,632 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Sendoriv1)
SRV - [2012/09/20 15:37:13 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/07 15:37:04 | 000,100,864 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/09/07 14:40:18 | 000,008,704 | ---- | M] (Freemake) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/10 17:05:38 | 000,030,592 | ---- | M] (REALiX™) [Kernel | System | Running] -- C:\Program Files\HWiNFO64\HWiNFO64A.SYS -- (HWiNFO32)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 16:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/13 14:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/10/03 13:41:41 | 000,035,816 | ---- | M] (Greatis Software) [Kernel | Boot | Unknown] -- C:\Windows\SysWOW64\drivers\Partizan.sys -- (Partizan)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.search...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 A0 05 CB 2A 56 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.search...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SearchOnMe"
FF - prefs.js..browser.search.defaultenginename,S: S", "SearchOnMe"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.search...me.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "SearchOnMe"
FF - prefs.js..browser.search.order.1,S: S", "SearchOnMe"
FF - prefs.js..browser.search.selectedEngine: "SearchOnMe"
FF - prefs.js..browser.search.selectedEngine,S: S", "SearchOnMe"
FF - prefs.js..browser.startup.homepage: "http://search.searchonme.com/"
FF - prefs.js..keyword.URL: "http://search.search...me.com/?l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jp\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jp\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ [2012/09/29 13:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/14 14:12:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]\ [2012/09/29 13:06:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/17 16:11:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2012/07/03 11:59:42 | 000,000,000 | ---D | M]

[2012/09/17 16:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jp\AppData\Roaming\Mozilla\Extensions
[2012/10/03 17:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles\kzv001v6.default\extensions
[2012/10/03 17:00:20 | 000,000,000 | ---D | M] (Download and Sa) -- C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles\kzv001v6.default\extensions\[email protected]
[2012/10/03 17:00:22 | 000,007,756 | ---- | M] () -- C:\Users\jp\AppData\Roaming\Mozilla\Firefox\Profiles\kzv001v6.default\searchplugins\SearchOnMe.xml
[2012/09/17 16:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.4_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjofnlchppcahphepehaioeiceapcdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\afdkbjaecenbhbgjjocbjdjecfnignmj\0.1.5_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif\3.7.3_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.13.5_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\caggnmlckgjpgpgpgjeobdcfgbkefioo\1.2_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\clkfdgnfefjmciocbhnffnbpkjpdleca\1.0.2_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjichgkpljjabbpmcpmhjjlkjhdblpd\1.0_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.9.20.1_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhailaoejldfjbphmmmoldaegbobhjgp\1_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij\0.4.3_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokofmgcicpnjchllaccgedmmmbbnbmf\0.7.9_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn\1.0.1_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkbgncajjgjdceoajcpkndleapafeco\1.4.0_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd\1.1_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpdjmbiefanbdgnkcikhllpmjnnllbbc\1.6_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbbbhbjeecagnlfgggogfclkdjamoapf\0.0.0.2_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcjblffbaiikcaiacgpmaehmenipcfdf\0.7.0.3_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg\2012.135.7.2_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.3.7_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk\1.0.3_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\njacljdblagcjdmljcgpjkcinfflmgdk\2.3.6_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip\0.4.3_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbckjfkhmpfjnhghgmmkbhdpinbmjpeg\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\jp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [WordWeb] C:\Program Files (x86)\WordWeb\wweb32.exe ()
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9342F7D-49F8-430B-A6C4-EC4E00A3CA08}: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA889EDF-CE88-465E-833E-015B5C5A23B5}: NameServer = 216.146.35.240,216.146.36.240,24.159.193.40
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - c:\Program Files (x86)\SProtector\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (Vers)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/03 17:16:32 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\jp\Desktop\OTL.exe
[2012/10/03 17:02:16 | 000,707,664 | ---- | C] (iS3, Inc.) -- C:\Users\jp\Desktop\SZSetup_AID10121_AV.exe
[2012/10/03 16:36:37 | 000,475,752 | ---- | C] (McAfee, Inc.) -- C:\Users\jp\Desktop\rootkitremover.exe
[2012/10/03 13:49:13 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012/10/03 13:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/10/03 13:41:44 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/10/03 13:41:41 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2012/10/03 13:41:41 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2012/10/03 13:41:31 | 000,000,000 | ---D | C] -- C:\Users\jp\Documents\RegRun2
[2012/10/03 13:41:29 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2012/10/03 13:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2012/10/03 13:41:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012/10/03 13:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2012/10/03 13:40:54 | 012,353,592 | ---- | C] (Greatis Software, LLC. ) -- C:\Users\jp\Desktop\unhackme_setup.exe
[2012/10/03 13:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/03 13:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/03 12:44:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SProtector
[2012/10/03 12:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/10/03 11:27:52 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{8EA95B4C-766A-4C79-B8F8-88E3006A0B6A}
[2012/10/02 23:27:27 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{7760EA08-9A2E-4016-B7CC-68DD589DA00C}
[2012/10/02 21:46:51 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/10/02 11:27:14 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{4406AE34-CF37-4560-B6B2-24CB623799CD}
[2012/10/01 22:24:58 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{21EBD2C7-C0C4-4E34-882E-BD94BD7EE08A}
[2012/10/01 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{CCA760BD-F757-4CEC-9811-04C6A9962195}
[2012/09/30 16:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2012/09/30 14:05:50 | 000,000,000 | ---D | C] -- C:\Users\jp\Documents\Mikes stories
[2012/09/30 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\jp\Documents\My Publications
[2012/09/30 13:40:53 | 000,101,680 | ---- | C] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2012/09/30 13:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/09/30 11:08:25 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{216DC380-A40A-466D-B9E1-BA1DA2A15AD2}
[2012/09/29 23:07:52 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{F53AEDD9-ED83-430D-A92A-33ED84A6E0FE}
[2012/09/29 13:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sendori
[2012/09/29 13:05:47 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Roaming\OpenCandy
[2012/09/29 11:07:40 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{4A8F1847-43D6-43F6-BC6E-07B401465850}
[2012/09/28 23:07:15 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{8A035AA8-7A31-4C7E-8E7A-1F8EAD1DBE25}
[2012/09/28 11:07:03 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{21B195D8-13C5-4D06-A3A1-AEAA1CC10754}
[2012/09/27 23:06:39 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{5993650D-C201-40E1-A572-23A4A21FB875}
[2012/09/27 11:06:27 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{05573001-6181-4187-8019-4482B764C230}
[2012/09/27 10:30:59 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\TempDIR
[2012/09/27 10:24:45 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\Nero_AG
[2012/09/27 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Roaming\Nero
[2012/09/27 10:24:15 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\Nero
[2012/09/27 10:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/09/27 09:54:12 | 000,000,000 | ---D | C] -- C:\Users\jp\Documents\Solveig Multimedia
[2012/09/27 09:48:07 | 000,000,000 | ---D | C] -- C:\Users\jp\Desktop\Grimm
[2012/09/27 09:47:51 | 000,000,000 | ---D | C] -- C:\Users\jp\Desktop\LnC
[2012/09/26 23:06:02 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{12EFD981-75AA-4F73-963E-424B921E07F4}
[2012/09/26 13:55:04 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Roaming\WordWeb
[2012/09/26 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{BBF45DE6-901D-4F87-A823-7B2E197589FC}
[2012/09/25 23:05:13 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{EAE0FACA-5CA3-49A5-85FB-6A1149CC1EBB}
[2012/09/25 20:58:07 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\DDMSettings
[2012/09/25 11:05:01 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{7F5504BE-AB5F-4D8F-8029-A2DD49088835}
[2012/09/24 23:04:36 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{03F46943-696A-48D2-A1F4-C1FEBB4B68A7}
[2012/09/24 11:04:25 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{9AA32D1A-E79C-4741-95C9-165F71D788F2}
[2012/09/23 23:04:00 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{6A926C06-931E-4B84-B408-A039AB5E6A0B}
[2012/09/23 17:38:53 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Roaming\LibreOffice
[2012/09/23 17:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012/09/23 17:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.6
[2012/09/23 16:50:06 | 000,000,000 | ---D | C] -- C:\Users\jp\Desktop\titan1
[2012/09/23 11:03:35 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{D5288B41-216B-4025-850A-3C7559CB52DA}
[2012/09/22 23:03:11 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{A798AF5C-7D9D-4E41-8061-4C0F3C9D6AF4}
[2012/09/22 11:02:57 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{FBAAF584-9729-4BAF-80E6-B294961041CC}
[2012/09/21 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{52D1F0B4-5AE6-4D3F-AEE5-46B65D3E5319}
[2012/09/21 12:04:08 | 000,000,000 | ---D | C] -- C:\Users\jp\Documents\coparenting
[2012/09/21 07:37:38 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{A93AD458-A161-4E0F-898F-C693CC08114D}
[2012/09/20 12:13:00 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{1AFEB92F-4417-4511-AFF0-6368BD79EA9A}
[2012/09/19 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{FF4318D5-4B96-4296-ACB2-9D4CA725BA2B}
[2012/09/19 10:12:10 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{EDC535E9-870C-427E-B1BA-25C7C4836AFB}
[2012/09/18 22:11:45 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{65EDCFB6-2463-4AE8-819E-D3FB15BC2F25}
[2012/09/18 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\Macromedia
[2012/09/18 13:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/09/18 10:11:34 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{59223D3A-C198-4751-AE8A-B5F447A2C1CE}
[2012/09/17 22:11:09 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{8B3CB739-5AD1-4202-8872-08133B65465B}
[2012/09/17 16:12:13 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Roaming\Mozilla
[2012/09/17 16:12:13 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\Mozilla
[2012/09/17 16:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/17 16:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/17 16:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/17 10:10:57 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{BD2A402D-36B3-4624-8981-64AD50DAA497}
[2012/09/16 10:10:21 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{09215C77-D13A-4670-AAFB-D518B7A51853}
[2012/09/15 22:09:56 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{9796F860-7F30-40B9-9993-E7EB48A5B009}
[2012/09/15 10:09:43 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{5AE838DD-DE17-46D5-9663-1FE5E88BF622}
[2012/09/14 11:54:00 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{A866C6ED-A2FE-4128-BD15-960A9901DCB7}
[2012/09/13 20:09:47 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{A52B6D34-1B80-49D2-B489-D6372C3DC1C3}
[2012/09/13 08:09:21 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{ABA3EC8C-E6C0-42EC-AE5A-523C418A1000}
[2012/09/12 11:57:46 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{FA8169A0-A605-463A-9DA6-37CB0201CCCA}
[2012/09/11 19:45:00 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{6250AFD0-A107-4FDF-BC86-E0222A81BD93}
[2012/09/11 07:44:34 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{F102A954-E45A-47A7-BB92-F19AE999187E}
[2012/09/10 12:08:18 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{88E81C6E-50FB-4904-BAC7-E64DD81391C8}
[2012/09/10 09:23:00 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Roaming\Malwarebytes
[2012/09/10 09:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/10 09:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/10 09:22:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/10 09:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/09 21:24:03 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{2A817B56-BCBB-4F8D-9AEA-ED151D539FA6}
[2012/09/09 09:23:30 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{0AB73B6E-9C6B-4826-9BD5-ABA2E35F08BF}
[2012/09/08 11:46:13 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{D0F04BA1-E9ED-4350-A8E4-6A98DB7CC8FE}
[2012/09/08 10:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2012/09/08 10:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2012/09/08 10:10:16 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Roaming\NCH Software
[2012/09/08 09:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/09/08 09:46:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/09/07 23:45:47 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{78D94682-F794-4D82-BBE0-58AFED37EB0E}
[2012/09/07 11:45:36 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{0EFB657F-180C-4D67-8762-17515E83A04B}
[2012/09/06 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{3D3F4CE8-C575-4C19-BE0C-9DA2FC602BDE}
[2012/09/06 11:30:02 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{8AB155B4-4235-4A35-AB48-8C2AA3371DE8}
[2012/09/05 22:58:47 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{D8B57C09-06E4-4F6F-810F-01169F5A5866}
[2012/09/05 10:58:35 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{E0E7EEB6-1C60-4012-B41A-3E006D94F9D8}
[2012/09/04 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{5D0F365E-865B-4D60-B7BD-1EA155F0D9AB}
[2012/09/04 10:57:59 | 000,000,000 | ---D | C] -- C:\Users\jp\AppData\Local\{A4A1B345-868E-4916-A919-A8564841B686}
[2012/09/03 17:37:49 | 000,000,000 | ---D | C] -- C:\LnC

========== Files - Modified Within 30 Days ==========

[2012/10/03 17:20:29 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 17:20:29 | 000,010,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 17:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-881869751-3782847470-1881247914-1000UA.job
[2012/10/03 17:16:34 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\jp\Desktop\OTL.exe
[2012/10/03 17:08:25 | 000,167,953 | ---- | M] () -- C:\Users\jp\Desktop\flashfake_removal_tool.zip
[2012/10/03 17:02:18 | 000,707,664 | ---- | M] (iS3, Inc.) -- C:\Users\jp\Desktop\SZSetup_AID10121_AV.exe
[2012/10/03 16:54:41 | 000,413,631 | ---- | M] () -- C:\Users\jp\Documents\bookmarks_10_3_12.html
[2012/10/03 16:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/03 16:31:52 | 000,475,752 | ---- | M] (McAfee, Inc.) -- C:\Users\jp\Desktop\rootkitremover.exe
[2012/10/03 16:27:48 | 000,231,390 | ---- | M] () -- C:\Users\jp\Desktop\RootkitRevealer.zip
[2012/10/03 16:20:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 16:20:07 | 2415,501,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 15:07:43 | 000,030,038 | ---- | M] () -- C:\Users\jp\Documents\cc_20121003_150738.reg
[2012/10/03 14:05:47 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\Partizan.RRI
[2012/10/03 13:49:13 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012/10/03 13:41:41 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2012/10/03 13:41:41 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2012/10/03 13:41:36 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/10/03 13:41:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/10/03 13:41:36 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/10/03 13:41:29 | 000,000,943 | ---- | M] () -- C:\Users\jp\Desktop\UnHackMe.lnk
[2012/10/03 13:15:04 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/03 10:50:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/03 10:50:06 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/03 10:50:06 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/03 10:46:17 | 000,031,711 | ---- | M] () -- C:\Users\jp\Documents\chapter3cmbt.odt
[2012/10/03 08:19:05 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-881869751-3782847470-1881247914-1000Core.job
[2012/10/03 00:04:59 | 000,032,291 | ---- | M] () -- C:\Users\jp\Documents\CBTM outline.odt
[2012/10/01 21:29:46 | 000,039,215 | ---- | M] () -- C:\Users\jp\AppData\Local\recently-used.xbel
[2012/09/30 16:43:27 | 000,001,150 | ---- | M] () -- C:\Users\jp\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/09/30 16:43:27 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/09/30 14:18:21 | 000,368,955 | ---- | M] () -- C:\Users\jp\Documents\HISMSV.pdf
[2012/09/30 13:40:53 | 000,101,680 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2012/09/30 12:18:35 | 000,343,206 | ---- | M] () -- C:\Users\jp\Documents\The Best Ones Always Start That Way.pdf
[2012/09/30 12:05:20 | 000,103,413 | ---- | M] () -- C:\Users\jp\Documents\The Best Ones Always Start That Way.odt
[2012/09/29 22:41:29 | 000,013,726 | ---- | M] () -- C:\Users\jp\Documents\CBTM outline.ott
[2012/09/29 22:39:33 | 000,011,592 | ---- | M] () -- C:\Users\jp\Documents\story outline.stw
[2012/09/29 22:36:34 | 000,027,206 | ---- | M] () -- C:\Users\jp\Documents\Untitled 3.stw
[2012/09/29 22:32:47 | 000,027,811 | ---- | M] () -- C:\Users\jp\Documents\Story outline.odm
[2012/09/29 13:06:11 | 000,001,332 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Downloader.lnk
[2012/09/29 00:23:11 | 000,049,573 | ---- | M] () -- C:\Users\jp\Documents\chapter2cmbtff.odt
[2012/09/28 21:55:16 | 000,049,836 | ---- | M] () -- C:\Users\jp\Documents\chapter2cmbt.odt
[2012/09/28 21:04:56 | 000,025,719 | ---- | M] () -- C:\Users\jp\Documents\Martha scene.odt
[2012/09/28 19:33:57 | 000,031,552 | ---- | M] () -- C:\Users\jp\Documents\last clois scene full.odt
[2012/09/27 23:02:31 | 000,028,859 | ---- | M] () -- C:\Users\jp\Documents\begining of 1st scene_chapt2.odt
[2012/09/26 21:15:38 | 000,028,696 | ---- | M] () -- C:\Users\jp\Documents\chapter2 clois end memory.odt
[2012/09/26 18:22:29 | 000,002,430 | ---- | M] () -- C:\Users\jp\Desktop\Google Chrome.lnk
[2012/09/26 14:41:54 | 000,007,602 | ---- | M] () -- C:\Users\jp\AppData\Local\Resmon.ResmonCfg
[2012/09/25 18:58:29 | 000,029,203 | ---- | M] () -- C:\Users\jp\Documents\end scene_lex.odt
[2012/09/25 16:22:48 | 000,022,858 | ---- | M] () -- C:\Users\jp\Documents\PTC.odt
[2012/09/24 19:24:38 | 002,875,469 | ---- | M] () -- C:\Users\jp\Documents\jackstuck.png
[2012/09/24 19:24:06 | 010,817,060 | ---- | M] () -- C:\Users\jp\Documents\jackstuck.xcf
[2012/09/24 07:28:52 | 000,388,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/23 17:35:40 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2012/09/23 15:27:52 | 000,027,709 | ---- | M] () -- C:\Users\jp\Documents\flashback.odt
[2012/09/22 22:04:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/22 21:42:31 | 000,022,030 | ---- | M] () -- C:\Users\jp\Documents\funny songs and plots.odt
[2012/09/21 22:08:48 | 000,024,097 | ---- | M] () -- C:\Users\jp\Documents\flashback scene so far.odt
[2012/09/19 21:42:46 | 000,035,191 | ---- | M] () -- C:\Users\jp\Documents\cbtmchapter1ff.odt
[2012/09/19 20:38:43 | 000,036,737 | ---- | M] () -- C:\Users\jp\Documents\cbtmcps1 beta.odt
[2012/09/19 17:47:35 | 000,029,617 | ---- | M] () -- C:\Users\jp\Documents\clark n doc scene.odt
[2012/09/18 21:29:00 | 000,024,758 | ---- | M] () -- C:\Users\jp\Documents\last scene.odt
[2012/09/18 19:40:32 | 000,030,341 | ---- | M] () -- C:\Users\jp\Documents\first two scenes beta.odt
[2012/09/18 18:13:55 | 000,030,292 | ---- | M] () -- C:\Users\jp\Documents\first two scenes.odt
[2012/09/17 16:11:59 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 19:47:49 | 000,026,924 | ---- | M] () -- C:\Users\jp\Documents\Loisscene.odt
[2012/09/14 13:22:32 | 003,167,236 | ---- | M] () -- C:\Users\jp\Documents\clarkinglasses.xcf
[2012/09/14 13:22:03 | 001,858,139 | ---- | M] () -- C:\Users\jp\Documents\comebacktome.xcf
[2012/09/13 20:25:04 | 000,029,344 | ---- | M] () -- C:\Users\jp\Documents\come back to me Prologue.odt
[2012/09/13 16:09:07 | 003,974,576 | ---- | M] () -- C:\Users\jp\Documents\lois.xcf
[2012/09/12 18:54:13 | 000,424,302 | ---- | M] () -- C:\Users\jp\Documents\transitions1.xcf
[2012/09/12 18:52:37 | 000,351,568 | ---- | M] () -- C:\Users\jp\Documents\transitions2.xcf
[2012/09/12 17:59:03 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 13:00:24 | 012,353,592 | ---- | M] (Greatis Software, LLC. ) -- C:\Users\jp\Desktop\unhackme_setup.exe
[2012/09/10 12:59:28 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2012/09/08 20:59:28 | 000,142,502 | ---- | M] () -- C:\Users\jp\Desktop\coupon.pdf
[2012/09/08 20:43:40 | 000,192,907 | ---- | M] () -- C:\Users\jp\Desktop\notebook-paper.pdf
[2012/09/08 20:38:04 | 000,667,348 | ---- | M] () -- C:\Users\jp\Desktop\note-from-lisa.pdf
[2012/09/08 17:31:02 | 000,854,401 | ---- | M] () -- C:\Users\jp\Desktop\quotes.pdf
[2012/09/08 17:28:14 | 000,817,263 | ---- | M] () -- C:\Users\jp\Desktop\schedule.pdf
[2012/09/08 14:12:02 | 000,405,104 | ---- | M] () -- C:\Users\jp\Desktop\desk-stand.pdf
[2012/09/08 10:11:12 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/07 13:56:16 | 000,004,391 | ---- | M] () -- C:\Users\jp\Desktop\SubtitleSlider.xml

========== Files Created - No Company Name ==========

[2012/10/03 17:08:37 | 000,167,953 | ---- | C] () -- C:\Users\jp\Desktop\flashfake_removal_tool.zip
[2012/10/03 16:54:41 | 000,413,631 | ---- | C] () -- C:\Users\jp\Documents\bookmarks_10_3_12.html
[2012/10/03 16:36:36 | 000,231,390 | ---- | C] () -- C:\Users\jp\Desktop\RootkitRevealer.zip
[2012/10/03 15:07:40 | 000,030,038 | ---- | C] () -- C:\Users\jp\Documents\cc_20121003_150738.reg
[2012/10/03 14:05:47 | 000,000,054 | ---- | C] () -- C:\Windows\SysNative\Partizan.RRI
[2012/10/03 13:41:36 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/10/03 13:41:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/10/03 13:41:36 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/10/03 13:41:29 | 000,000,943 | ---- | C] () -- C:\Users\jp\Desktop\UnHackMe.lnk
[2012/10/03 13:15:04 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/01 21:29:46 | 000,039,215 | ---- | C] () -- C:\Users\jp\AppData\Local\recently-used.xbel
[2012/09/30 14:18:17 | 000,368,955 | ---- | C] () -- C:\Users\jp\Documents\HISMSV.pdf
[2012/09/30 12:18:31 | 000,343,206 | ---- | C] () -- C:\Users\jp\Documents\The Best Ones Always Start That Way.pdf
[2012/09/30 12:05:17 | 000,103,413 | ---- | C] () -- C:\Users\jp\Documents\The Best Ones Always Start That Way.odt
[2012/09/30 11:36:27 | 000,031,711 | ---- | C] () -- C:\Users\jp\Documents\chapter3cmbt.odt
[2012/09/29 22:41:36 | 000,032,291 | ---- | C] () -- C:\Users\jp\Documents\CBTM outline.odt
[2012/09/29 22:41:27 | 000,013,726 | ---- | C] () -- C:\Users\jp\Documents\CBTM outline.ott
[2012/09/29 22:36:49 | 000,011,592 | ---- | C] () -- C:\Users\jp\Documents\story outline.stw
[2012/09/29 22:36:20 | 000,027,206 | ---- | C] () -- C:\Users\jp\Documents\Untitled 3.stw
[2012/09/29 22:32:45 | 000,027,811 | ---- | C] () -- C:\Users\jp\Documents\Story outline.odm
[2012/09/29 00:23:09 | 000,049,573 | ---- | C] () -- C:\Users\jp\Documents\chapter2cmbtff.odt
[2012/09/28 21:00:23 | 000,025,719 | ---- | C] () -- C:\Users\jp\Documents\Martha scene.odt
[2012/09/28 19:33:55 | 000,031,552 | ---- | C] () -- C:\Users\jp\Documents\last clois scene full.odt
[2012/09/27 15:33:28 | 000,028,859 | ---- | C] () -- C:\Users\jp\Documents\begining of 1st scene_chapt2.odt
[2012/09/26 21:15:37 | 000,028,696 | ---- | C] () -- C:\Users\jp\Documents\chapter2 clois end memory.odt
[2012/09/26 14:41:54 | 000,007,602 | ---- | C] () -- C:\Users\jp\AppData\Local\Resmon.ResmonCfg
[2012/09/25 18:43:02 | 000,029,203 | ---- | C] () -- C:\Users\jp\Documents\end scene_lex.odt
[2012/09/24 19:15:44 | 002,875,469 | ---- | C] () -- C:\Users\jp\Documents\jackstuck.png
[2012/09/24 19:15:36 | 010,817,060 | ---- | C] () -- C:\Users\jp\Documents\jackstuck.xcf
[2012/09/24 17:23:30 | 000,022,858 | ---- | C] () -- C:\Users\jp\Documents\PTC.odt
[2012/09/23 17:35:40 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.6.lnk
[2012/09/23 15:21:40 | 000,027,709 | ---- | C] () -- C:\Users\jp\Documents\flashback.odt
[2012/09/22 21:12:20 | 000,022,030 | ---- | C] () -- C:\Users\jp\Documents\funny songs and plots.odt
[2012/09/21 22:08:46 | 000,024,097 | ---- | C] () -- C:\Users\jp\Documents\flashback scene so far.odt
[2012/09/20 13:49:13 | 000,049,836 | ---- | C] () -- C:\Users\jp\Documents\chapter2cmbt.odt
[2012/09/19 21:42:44 | 000,035,191 | ---- | C] () -- C:\Users\jp\Documents\cbtmchapter1ff.odt
[2012/09/19 17:47:33 | 000,029,617 | ---- | C] () -- C:\Users\jp\Documents\clark n doc scene.odt
[2012/09/18 21:28:58 | 000,024,758 | ---- | C] () -- C:\Users\jp\Documents\last scene.odt
[2012/09/18 19:40:30 | 000,030,341 | ---- | C] () -- C:\Users\jp\Documents\first two scenes beta.odt
[2012/09/18 18:13:53 | 000,030,292 | ---- | C] () -- C:\Users\jp\Documents\first two scenes.odt
[2012/09/17 20:21:44 | 000,036,737 | ---- | C] () -- C:\Users\jp\Documents\cbtmcps1 beta.odt
[2012/09/17 16:11:59 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/17 16:11:59 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/16 19:46:52 | 000,026,924 | ---- | C] () -- C:\Users\jp\Documents\Loisscene.odt
[2012/09/14 09:09:41 | 000,854,401 | ---- | C] () -- C:\Users\jp\Desktop\quotes.pdf
[2012/09/14 09:09:41 | 000,817,263 | ---- | C] () -- C:\Users\jp\Desktop\schedule.pdf
[2012/09/14 09:09:41 | 000,667,348 | ---- | C] () -- C:\Users\jp\Desktop\note-from-lisa.pdf
[2012/09/14 09:09:41 | 000,405,104 | ---- | C] () -- C:\Users\jp\Desktop\desk-stand.pdf
[2012/09/14 09:09:41 | 000,192,907 | ---- | C] () -- C:\Users\jp\Desktop\notebook-paper.pdf
[2012/09/14 09:09:41 | 000,142,502 | ---- | C] () -- C:\Users\jp\Desktop\coupon.pdf
[2012/09/13 20:25:02 | 000,029,344 | ---- | C] () -- C:\Users\jp\Documents\come back to me Prologue.odt
[2012/09/13 16:09:07 | 003,974,576 | ---- | C] () -- C:\Users\jp\Documents\lois.xcf
[2012/09/13 16:07:28 | 001,858,139 | ---- | C] () -- C:\Users\jp\Documents\comebacktome.xcf
[2012/09/13 15:48:07 | 003,167,236 | ---- | C] () -- C:\Users\jp\Documents\clarkinglasses.xcf
[2012/09/12 18:54:13 | 000,424,302 | ---- | C] () -- C:\Users\jp\Documents\transitions1.xcf
[2012/09/12 18:52:37 | 000,351,568 | ---- | C] () -- C:\Users\jp\Documents\transitions2.xcf
[2012/09/10 09:22:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/08 10:11:12 | 000,001,122 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2012/09/08 10:11:12 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2012/09/07 13:56:16 | 000,004,391 | ---- | C] () -- C:\Users\jp\Desktop\SubtitleSlider.xml
[2012/09/03 12:21:58 | 000,003,584 | ---- | C] () -- C:\Users\jp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/31 23:16:55 | 000,262,171 | ---- | C] () -- C:\Users\jp\sexualtensionseries strip.xcf
[2012/07/04 00:37:50 | 000,000,022 | -H-- | C] () -- C:\Users\jp\AppData\Local\xftredahs.dat
[2012/07/03 11:59:42 | 002,213,120 | ---- | C] () -- C:\Windows\wweb32.dll
[2012/07/01 00:07:28 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/11 16:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/20 11:14:26 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\Amazon
[2012/08/26 20:32:46 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\Audacity
[2012/10/03 13:20:39 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\FileZilla
[2012/09/30 16:42:46 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\Foxit Software
[2012/09/23 17:38:53 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\LibreOffice
[2012/09/29 13:05:47 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\OpenCandy
[2012/06/30 23:59:47 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\OpenOffice.org
[2012/09/26 13:55:04 | 000,000,000 | ---D | M] -- C:\Users\jp\AppData\Roaming\WordWeb

========== Purity Check ==========



< End of report >

Edited by FWvidChick, 03 October 2012 - 05:06 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP