RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo...13-roguekiller/Website :
http://tigzy.geeksto...roguekiller.phpBlog :
http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/15/2013 04:04:42
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> FOUND
[STARTUP][SUSP PATH] Canon IJ Status Monitor Canon iP4500 series.lnk @Owner : C:\Windows\system32\rundll32.exe|C:\Users\Owner\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[9]_S_01152013_02d0404.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ; RKreport[5]_S_01142013_02d1613.txt ;
RKreport[6]_D_01142013_02d1615.txt ; RKreport[7]_SC_01142013_02d1616.txt ; RKreport[8]_PR_01142013_02d1617.txt ; RKreport[9]_S_01152013_02d0404.txt
.
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback :
http://www.geekstogo...13-roguekiller/Website :
http://tigzy.geeksto...roguekiller.phpBlog :
http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 01/15/2013 04:05:16
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> DELETED
[STARTUP][SUSP PATH] Canon IJ Status Monitor Canon iP4500 series.lnk @Owner : C:\Windows\system32\rundll32.exe|C:\Users\Owner\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk -> DELETED
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[10]_D_01152013_02d0405.txt >>
RKreport[10]_D_01152013_02d0405.txt ; RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ;
RKreport[5]_S_01142013_02d1613.txt ; RKreport[6]_D_01142013_02d1615.txt ; RKreport[7]_SC_01142013_02d1616.txt ; RKreport[8]_PR_01142013_02d1617.txt ; RKreport[9]_S_01152013_02d0404.txt
..
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Owner\Appliances\YouTubeDownloaderSetup264.exe moved successfully.
C:\Users\Owner\Appliances\YouTubeDownloaderSetup33.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Owner
->Temp folder emptied: 1740088 bytes
->Temporary Internet Files folder emptied: 23238961 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6745282 bytes
->Flash cache emptied: 506 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121676 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 30.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01152013_041032
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\EasyRedirect.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
.
OTL logfile created on: 15/01/2013 4:22:52 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.97% Memory free
4.00 Gb Paging File | 2.65 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 652.19 Gb Free Space | 70.01% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========PRC - [2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/01/09 03:22:17 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/21 19:43:20 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe
PRC - [2008/02/13 13:52:10 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
========== Modules (No Company Name) ==========MOD - [2010/02/12 10:37:50 | 000,633,696 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll
========== Services (SafeList) ==========SRV - [2013/01/09 03:22:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/16 02:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
========== Driver Services (SafeList) ==========DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/11/05 20:40:33 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/03 17:34:04 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/01 12:11:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/08/19 09:58:10 | 000,347,904 | ---- | M] (Compro Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U2800vid.sys -- (U2800Vid)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 06:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/25 04:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" =
http://us.yhs.search...&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.com.au/igIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6DEA3357-2B99-4EED-936A-ADD045390116}: "URL" =
http://www.google.co...Page={startPage}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" =
http://au.search.yah...&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/11/01 16:34:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\
[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin
[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml
========== Chrome ==========CHR - homepage:
http://www.google.com.au/CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
http://www.google.com.au/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Secure Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD}
http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246842DE-797F-4BF9-9856-10622A84D292}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========[2013/01/14 16:54:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/14 16:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/14 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/14 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/01/14 16:37:38 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/14 08:42:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Real
[2013/01/14 02:40:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FC32DA9F-4AF8-4792-B85C-8A817A796B38}
[2013/01/13 19:55:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/11 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{593CA4D9-2A4A-4B38-B32D-099256A334FA}
[2013/01/11 08:24:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2013/01/11 08:14:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/01/11 07:53:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/04 06:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\FLV_Runner
[2013/01/04 06:00:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6CF46172-03DE-4731-B3B0-1E305915A139}
[2013/01/04 04:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE
[2013/01/02 03:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/01/02 03:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2012/12/29 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91E58550-D6B0-4013-AA25-133CB20469BF}
[2012/12/26 08:45:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{10566215-1643-4E75-98BA-D6C83B34A25B}
[2012/12/25 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{31D8AB4E-135C-4CB2-B717-E911815F448C}
[2012/12/24 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{687F8AE3-2648-475B-BC8E-01F699AAE412}
[2012/12/21 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/19 09:54:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D96D4F52-C55A-4A6D-86D1-0E6CD956A7DC}
[2011/11/22 22:57:22 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Users\Owner\cnmss Canon iP4500 series (Local).dll
========== Files - Modified Within 30 Days ==========[2013/01/15 04:24:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/15 04:20:54 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 04:20:54 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 04:13:42 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/15 04:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/15 04:13:05 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/15 01:48:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 00:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000UA.job
[2013/01/14 16:54:12 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/14 16:39:43 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/14 16:10:56 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller - Shortcut.lnk
[2013/01/14 04:17:10 | 000,554,087 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/01/14 03:51:52 | 000,764,416 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2013/01/12 18:15:45 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000Core.job
[2013/01/11 22:53:31 | 000,002,368 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 22:53:31 | 000,002,366 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2013/01/11 16:07:20 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/11 09:04:38 | 000,000,718 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130111_090432.reg
[2013/01/11 08:17:40 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/01/11 08:14:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/11 07:42:26 | 000,007,235 | ---- | M] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/09 07:41:39 | 000,270,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 07:23:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 07:23:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/07 11:37:16 | 000,003,520 | ---- | M] () -- C:\Windows\System32\EasyRedirect.ini
[2013/01/07 11:37:16 | 000,002,040 | ---- | M] () -- C:\Windows\System32\EasyRedirectOff.ini
[2013/01/06 00:31:46 | 000,010,312 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/05 21:07:47 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/04 18:28:22 | 000,002,544 | ---- | M] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:42 | 000,002,608 | ---- | M] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:45 | 000,002,488 | ---- | M] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2013/01/02 03:54:39 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/12/24 08:45:53 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/12/24 08:43:53 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/21 19:49:05 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
========== Files Created - No Company Name ==========[2013/01/14 16:54:12 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/14 16:10:56 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller - Shortcut.lnk
[2013/01/14 04:17:10 | 000,554,087 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/01/14 03:51:52 | 000,764,416 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2013/01/11 09:04:33 | 000,000,718 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130111_090432.reg
[2013/01/11 08:17:40 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/01/11 07:42:26 | 000,007,235 | ---- | C] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/06 00:31:43 | 000,010,312 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/04 18:28:20 | 000,002,544 | ---- | C] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:41 | 000,002,608 | ---- | C] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:42 | 000,002,488 | ---- | C] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2012/12/09 17:29:33 | 000,753,152 | ---- | C] () -- C:\Windows\is-VFVUN.exe
[2011/08/13 16:12:41 | 000,003,520 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011/07/16 01:08:27 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/16 00:45:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/14 09:42:22 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Internet - Shortcut.lnk
[2011/05/26 17:06:50 | 000,002,040 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011/05/13 22:47:52 | 000,002,496 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/05/13 22:47:52 | 000,001,248 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/03 12:32:28 | 000,139,772 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2011/04/03 12:32:27 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp
========== ZeroAccess Check ==========[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========[2011/07/16 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2013/01/14 09:26:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Applian FLV and Media Player
[2012/10/26 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2011/11/12 15:07:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2012/10/12 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/10/10 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVSoftware
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD-LabelPrint
[2012/07/09 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CometPlayer
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy Thumbnails
[2012/07/09 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go PDF Reader
[2010/11/24 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gygan
[2012/06/09 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Icir
[2011/07/16 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/12/01 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Octoshape
[2012/10/28 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2011/11/12 15:51:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RegGenie
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2012/11/29 03:40:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RoboForm
[2012/07/06 01:06:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2012/10/10 13:42:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/06/08 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Umost
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2012/06/08 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yskyof
========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >
.
Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled!
AVG Internet Security 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java 6 Update 26
Java version out of Date! Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Edited by Ricky_22, 14 January 2013 - 02:33 PM.