Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hyper Links Virus [Solved]


  • This topic is locked This topic is locked

#1
sleepyjim

sleepyjim

    Member

  • Member
  • PipPip
  • 92 posts
All web pages I goto will ahve random words turned into a hypelink that if clicked directs you to some site to sell you just and maybe it is doing more than that (I only did it once).

I have rand avast and superanti spyware, found a couple things but still got the issue....

Am runing win7 (64).

I am in the middle east and am +8 hours ahead of EST so we might have lil delays in replies, but I will check the thread daily if not more....

Thanks in advance for the help!

Jim

Here is OTL log:
OTL logfile created on: 1/15/2013 4:38:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sleepyjim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 33.03% Memory free
8.00 Gb Paging File | 5.07 Gb Available in Paging File | 63.39% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.26 Gb Total Space | 329.86 Gb Free Space | 72.77% Space Free | Partition Type: NTFS
Drive D: | 12.40 Gb Total Space | 1.44 Gb Free Space | 11.64% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 335.95 Gb Free Space | 72.13% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 546.66 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
Drive I: | 2794.52 Gb Total Space | 1506.53 Gb Free Space | 53.91% Space Free | Partition Type: NTFS
Drive L: | 2794.52 Gb Total Space | 2325.68 Gb Free Space | 83.22% Space Free | Partition Type: NTFS

Computer Name: NOMADHOME | User Name: sleepyjim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/15 16:34:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sleepyjim\Desktop\OTL.exe
PRC - [2013/01/11 08:43:31 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/09 20:21:23 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 18:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 17:35:08 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/12/17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/31 02:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/29 20:33:46 | 000,698,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/09/24 21:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/06/29 18:18:45 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/04/27 19:03:28 | 005,955,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/10/15 12:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/18 21:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 21:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/05/10 17:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe
PRC - [2007/05/10 16:58:42 | 000,344,064 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/11 08:43:30 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/09 20:21:22 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013/01/09 03:48:02 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 03:45:23 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c2e63623f7a64a35e3dd746b90edbc\PresentationFramework.Classic.ni.dll
MOD - [2013/01/09 03:45:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 03:45:07 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 03:44:59 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/09 03:44:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 03:44:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 03:44:40 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/09 03:44:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 03:44:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 03:44:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 03:44:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 03:44:16 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/30 15:37:26 | 000,348,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2012/10/30 15:37:24 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2012/10/30 15:37:22 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2012/04/27 19:09:24 | 000,018,784 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/24 00:16:31 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/05/26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2010/11/05 05:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 21:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\WinRAR\RarExt.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/05/10 17:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/09 23:19:06 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/11/09 20:49:38 | 000,061,040 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\WiTopia\WiTopiaService.exe -- (WiTopiaService)
SRV:64bit: - [2012/11/08 03:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/11 08:43:31 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 20:21:23 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 18:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/29 18:18:45 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/04/27 19:06:30 | 001,132,824 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/10/15 12:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/20 22:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/09 20:49:48 | 000,038,368 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\visctap0901.sys -- (visctap0901)
DRV:64bit: - [2012/11/03 23:01:25 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/03 23:01:25 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/31 02:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/31 02:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/31 02:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/31 02:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/31 02:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 19:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/29 18:18:50 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/06/29 18:18:36 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012/06/29 18:18:34 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/06/29 18:18:26 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/06/29 18:18:24 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67)
DRV:64bit: - [2012/06/29 18:18:23 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/06/29 18:18:21 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/03/01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/09/12 18:43:12 | 000,062,552 | ---- | M] (Toolkit Development, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\toolkitdisk.sys -- (ToolkitDisk)
DRV:64bit: - [2011/07/22 20:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 01:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/08 03:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 17:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/02 11:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 11:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/04/27 20:43:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2010/03/04 18:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/20 22:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/09/22 15:41:02 | 012,532,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/09/22 15:37:04 | 012,216,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {72E5781F-A652-4B50-9BAD-257C99BA01C7}
IE:64bit: - HKLM\..\SearchScopes\{12271C69-4D5A-4B05-8BE5-95CAC44D164E}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{62FED85B-E479-41AD-A046-8F81C143BC8F}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{72E5781F-A652-4B50-9BAD-257C99BA01C7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {72E5781F-A652-4B50-9BAD-257C99BA01C7}
IE - HKLM\..\SearchScopes\{12271C69-4D5A-4B05-8BE5-95CAC44D164E}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{62FED85B-E479-41AD-A046-8F81C143BC8F}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{72E5781F-A652-4B50-9BAD-257C99BA01C7}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {72E5781F-A652-4B50-9BAD-257C99BA01C7}
IE - HKCU\..\SearchScopes\{12271C69-4D5A-4B05-8BE5-95CAC44D164E}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}: "URL" = http://search.etoolk...34d338de675&s=p
IE - HKCU\..\SearchScopes\{4A380F98-435D-47D6-93E1-DB5ADD01EB01}: "URL" = http://www.alnaddy.c...rchTerms}&r=406
IE - HKCU\..\SearchScopes\{62FED85B-E479-41AD-A046-8F81C143BC8F}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{72E5781F-A652-4B50-9BAD-257C99BA01C7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.emirates.net.ae:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=iglk"
FF - prefs.js..extensions.enabledAddons: newtaburl%40sogame.cat:2.2.3
FF - prefs.js..extensions.enabledAddons: %7B132E58DE-22BF-44CA-A061-7FCE1E8BA1EC%7D:2.1.9
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.http: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\sleepyjim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sleepyjim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sleepyjim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/12 20:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 08:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 08:43:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 08:43:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 08:43:25 | 000,000,000 | ---D | M]

[2011/03/09 21:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Extensions
[2013/01/08 19:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions
[2012/08/04 11:10:19 | 000,000,000 | ---D | M] (Freecorder 6) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}
[2011/03/10 05:45:53 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012/12/28 12:33:34 | 000,000,000 | ---D | M] (wxDownload) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\[email protected]
[2013/01/08 19:53:42 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\[email protected]
[2011/08/18 05:30:10 | 000,051,994 | ---- | M] () (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\[email protected]
[2011/05/03 18:07:08 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2012/12/28 13:40:01 | 000,001,389 | ---- | M] () -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\searchplugins\alnaddyToolbar.xml
[2013/01/11 08:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/12 20:25:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/01/11 08:43:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2012/08/31 04:48:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/03 09:22:19 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml
[2012/10/12 14:16:35 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\sleepyjim\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sleepyjim\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sleepyjim\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Moab - The Mountain Bike Paradise = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aacknmjcgjhjgajciecklbdjfikhidlm\1.6_0\
CHR - Extension: Easy Clock = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.6_0\
CHR - Extension: Dictionary.com = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh\1.5.2_0\
CHR - Extension: avast! WebRep = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: wxDownload = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmlikgmaefpeafndhblfgmafpcnbjnep\4_0\
CHR - Extension: Sticky Notes = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfklpmdfldnnjbkdmamhokiphfkfieg\1.9.2_0\

O1 HOSTS File: ([2009/06/11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TBSB00808 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Freecorder 6\tbcore3.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files (x86)\Freecorder 6\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files (x86)\Freecorder 6\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe ()
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] c:\program files (x86)\pdf complete\pdfsty.exe File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp2std] c:\Windows\tsnp2std.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WiTopia] C:\Program Files\WiTopia\WiTopia.exe (SparkLabs)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B0AB7A1-CB14-407F-A483-87199B5BB6E5}: NameServer = 129.250.35.250,129.250.35.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76936854-C2D4-47B5-ABAF-8B9C59CAF6CD}: DhcpNameServer = 195.229.241.222 213.42.20.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989B8AFE-A81F-4E16-A36E-7A269C150F95}: DhcpNameServer = 10.118.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD43A214-916A-4888-8AD3-47894A759A78}: DhcpNameServer = 192.168.1.100 192.168.1.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\guard32.dll) - c:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/10 20:05:34 | 000,000,000 | ---D | M] - H:\Automatically Add to iTunes -- [ NTFS ]
O32 - AutoRun File - [2010/03/06 15:48:30 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 16:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{afaaa5e0-4c36-11e0-999f-d485640dc23b}\Shell - "" = AutoRun
O33 - MountPoints2\{afaaa5e0-4c36-11e0-999f-d485640dc23b}\Shell\AutoRun\command - "" = K:\EasyCN.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/15 16:34:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sleepyjim\Desktop\OTL.exe
[2013/01/14 18:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect
[2013/01/14 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VersePerfect
[2013/01/11 17:51:21 | 000,918,528 | ---- | C] (MG Shareware) -- C:\Users\sleepyjim\Desktop\CN_Historical_SS.htm
[2013/01/11 09:38:45 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Roaming\ExpressFiles
[2013/01/11 08:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/03 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\Programs
[2013/01/01 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Roaming\FamilyTreeMaker
[2013/01/01 16:33:27 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\IsolatedStorage
[2013/01/01 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Documents\Family Tree Maker
[2013/01/01 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\Ancestry.com
[2013/01/01 16:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
[2013/01/01 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Family Tree Maker 2012
[2013/01/01 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BCL Technologies
[2013/01/01 16:25:04 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2013/01/01 16:19:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
[2013/01/01 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\PackageAware
[2012/12/30 21:18:58 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\Mikey
[2012/12/30 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Roaming\Free-PDF-to-Word.com
[2012/12/30 16:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2012/12/28 13:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WoW Worldwide Software LTD
[2012/12/28 13:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/12/28 12:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\wxDownload
[2012/12/28 12:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/12/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\Cherokee
[2012/12/25 22:46:07 | 000,918,528 | ---- | C] (MG Shareware) -- C:\Windows\SysWow64\Cherokee Historical Images.scr
[2012/12/22 12:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/22 09:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/12/22 09:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/19 16:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneTouch Software
[2012/12/19 16:38:40 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys
[2012/12/19 16:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silabs
[2012/12/19 16:37:18 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\{95DD20F6-507D-4254-B0C6-D187C2769568}
[2012/12/19 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LifeScan
[2012/12/19 16:36:46 | 000,221,184 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Tiff32.dll
[2012/12/19 16:36:46 | 000,114,688 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Tiff.ocx
[2012/12/19 16:36:45 | 000,954,368 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Faxcpp32.dll
[2012/12/19 16:36:45 | 000,147,456 | ---- | C] (Black Ice Software) -- C:\Windows\SysWow64\Fax.ocx
[2012/12/19 16:36:45 | 000,118,784 | ---- | C] (Black Ice Software, Inc) -- C:\Windows\SysWow64\Faxmng32.dll
[2012/12/19 16:36:45 | 000,073,728 | ---- | C] (BlackIce) -- C:\Windows\SysWow64\CpOcx.ocx
[2012/12/19 16:36:44 | 000,237,568 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Bitmani.dll
[2012/12/19 16:36:44 | 000,167,936 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Cp.dll
[2012/12/19 16:33:39 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\BLOOD
[2012/12/17 05:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/15 16:44:03 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 16:42:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001UA.job
[2013/01/15 16:34:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sleepyjim\Desktop\OTL.exe
[2013/01/15 16:33:54 | 341,355,370 | ---- | M] () -- C:\Users\sleepyjim\Desktop\Bones.S08E10.HDTV.x264-LOL.mp4
[2013/01/15 16:32:58 | 334,151,792 | ---- | M] () -- C:\Users\sleepyjim\Desktop\Bones.S08E11.HDTV.x264-LOL.mp4
[2013/01/15 16:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/15 14:44:08 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001UA.job
[2013/01/15 13:42:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001Core.job
[2013/01/15 08:44:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001Core.job
[2013/01/15 05:56:24 | 000,778,694 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/15 05:56:24 | 000,659,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/15 05:56:24 | 000,121,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/15 05:44:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/14 17:44:03 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2013/01/14 16:10:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/13 19:23:43 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 19:23:43 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 19:15:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2013/01/13 19:13:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 17:08:30 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/11 09:47:07 | 000,193,576 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/11 09:15:23 | 000,002,046 | ---- | M] () -- C:\Users\sleepyjim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/09 03:40:06 | 000,424,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 03:19:09 | 000,772,418 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/08 07:19:32 | 000,687,331 | ---- | M] () -- C:\Users\sleepyjim\Desktop\2158topo-001.jpg
[2013/01/06 09:54:10 | 000,056,915 | ---- | M] () -- C:\Users\sleepyjim\Desktop\Teeth.JPG
[2013/01/03 03:34:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsleepyjim.job
[2012/12/28 15:31:47 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/25 22:46:07 | 000,029,184 | ---- | M] () -- C:\Windows\SysWow64\ssunstl.exe
[2012/12/21 09:18:53 | 026,075,240 | ---- | M] () -- C:\Users\sleepyjim\Desktop\The Family Handyman2.pdf
[2012/12/17 05:28:24 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/15 16:26:08 | 334,151,792 | ---- | C] () -- C:\Users\sleepyjim\Desktop\Bones.S08E11.HDTV.x264-LOL.mp4
[2013/01/15 16:26:05 | 341,355,370 | ---- | C] () -- C:\Users\sleepyjim\Desktop\Bones.S08E10.HDTV.x264-LOL.mp4
[2013/01/08 16:19:56 | 000,687,331 | ---- | C] () -- C:\Users\sleepyjim\Desktop\2158topo-001.jpg
[2013/01/07 16:09:24 | 000,056,915 | ---- | C] () -- C:\Users\sleepyjim\Desktop\Teeth.JPG
[2012/12/25 22:46:07 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\ssunstl.exe
[2012/12/21 09:16:09 | 026,075,240 | ---- | C] () -- C:\Users\sleepyjim\Desktop\The Family Handyman2.pdf
[2012/12/19 16:38:40 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/12/19 16:37:05 | 000,052,736 | ---- | C] () -- C:\Windows\SysWow64\tiff.oca
[2012/12/19 16:37:05 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2012/12/19 16:37:05 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2012/12/19 16:36:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2012/12/19 16:36:45 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2012/12/19 16:36:45 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2012/12/19 16:36:45 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2012/12/19 16:36:45 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2012/12/19 16:36:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2012/09/28 21:59:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\Audio
[2012/09/28 21:55:52 | 000,000,000 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\Flange Saw
[2012/09/28 21:45:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012/08/04 11:38:40 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/08/04 11:38:40 | 000,103,908 | ---- | C] () -- C:\Windows\unins000.dat
[2012/02/17 18:47:15 | 000,193,576 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/03 16:02:12 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/06 21:35:55 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011/10/06 21:35:53 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe
[2011/10/06 21:35:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/10/06 21:35:52 | 012,216,064 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2011/10/06 21:35:52 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2011/10/06 21:35:52 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2011/08/05 08:31:32 | 000,772,418 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/07 21:09:43 | 000,000,600 | ---- | C] () -- C:\Users\sleepyjim\AppData\Local\PUTTY.RND
[2011/07/07 20:31:54 | 000,000,600 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\winscp.rnd
[2011/06/24 13:35:49 | 000,001,057 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\vso_ts_preview.xml
[2011/05/22 15:46:11 | 000,001,854 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\GhostObjGAFix.xml
[2011/03/11 10:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll

========== ZeroAccess Check ==========

[2009/07/14 08:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 09:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 08:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 05:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 05:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/29 19:15:11 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Acronis
[2011/08/06 07:17:17 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Asterisk Password Decryptor
[2012/10/10 18:37:52 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Audacity
[2011/07/06 16:51:50 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Cocoon Software
[2011/03/13 16:43:21 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\CocoonSoftware
[2011/09/01 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Digiarty
[2011/06/07 16:47:22 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Engelmann Media
[2013/01/11 09:38:45 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\ExpressFiles
[2013/01/06 17:52:27 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\FamilyTreeMaker
[2011/12/26 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\FileZilla
[2012/12/30 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Free-PDF-to-Word.com
[2012/08/04 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Freecorder 6 Audio
[2012/08/17 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Freecorder 6 Screen
[2012/08/17 01:08:22 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Freecorder 6 Video
[2011/04/07 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\GARMIN
[2011/07/13 21:28:08 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\GrabPro
[2011/07/09 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\ImgBurn
[2012/11/03 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\IObit
[2012/04/28 17:59:05 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\IrfanView
[2011/03/22 16:25:38 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Juniper Networks
[2011/03/22 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\LegalSounds
[2012/07/05 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\LegalsoundsDownloadManager
[2011/03/18 20:12:56 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\libimobiledevice
[2011/03/25 14:56:06 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\mediAvatar
[2011/07/11 16:13:01 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\NeoDownloader
[2012/09/28 21:46:35 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Nikon
[2012/08/10 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Orbit
[2011/07/11 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\ProgSense
[2012/07/14 19:14:00 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\redsn0w
[2012/08/17 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\RootsMagic
[2012/08/08 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Softland
[2012/02/12 15:50:18 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Softplicity
[2013/01/15 16:51:34 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\uTorrent
[2012/12/03 11:48:37 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Vso
[2011/03/10 20:35:18 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\WinBatch
[2012/11/20 16:24:37 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\WiTopia
[2012/07/27 11:43:45 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Thank you for the reply and help.

Here is the first log from Security Check:
Will post the others as they are finished, it is late here and I am due up in 6 hours so they might be a few hours from now...

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 24
Java 7 Update 10
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0)
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#4
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Ok here is adwcleaner log:
# AdwCleaner v2.105 - Logfile created 01/15/2013 at 22:08:59
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : sleepyjim - NOMADHOME
# Boot Mode : Normal
# Running from : C:\Users\sleepyjim\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\Plasmoo
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\sleepyjim\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\sleepyjim\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00808.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00808.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00808.TBSB00808
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00808.TBSB00808.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB00808
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB00808.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\prefs.js

C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.50dd59bcb1c13.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9714 octets] - [15/01/2013 22:08:59]

########## EOF - C:\AdwCleaner[S1].txt - [9774 octets] ##########
  • 0

#5
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Ok I tried to run RougeKiller (as admin) and I get a box saying windows cannot access specific path.....Also Comodo thinks it's suspicious (No big deal I told it to ignore)....

So no log.

I will check back in the morning (mine). Thanks so much!

Jim
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Ok ran Combofix twice from 2 diff down load locations, both times, it shows install box, gets software looks to finish correctly, then, nothing, everything gos away and nothing ever runs.....Check using cntrl alt delete, nothing.....

I am lost on this one...LOL


Still got the virus

Jim
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#9
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Ok Um there was 2 tdsskiller logs, the one that has the latest time stamp is like 83 pages log, you want me to past that here?

Jim
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
just send me the last 25 LINES of it
  • 0

Advertisements


#11
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
Ok last 25 and aswMBR logs:
19:49:45.0525 5872 C:\Windows\System32\drivers\asyncmac.sys - ok
19:49:45.0540 5872 [ 2BE99FCAEA96813829DAD330027D25D8 ] C:\Program Files (x86)\Microsoft Office\Office14\GKWord.dll
19:49:45.0540 5872 C:\Program Files (x86)\Microsoft Office\Office14\GKWord.dll - ok
19:49:45.0540 5872 [ DA79517783552B80229705D9720B8E8D ] C:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll
19:49:45.0540 5872 C:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll - ok
19:49:45.0540 5872 [ 3A9FBA6005BC10EF8D1E61B9FE589505 ] C:\Program Files (x86)\Microsoft Office\Office12\NLSDATA0009.DLL
19:49:45.0540 5872 C:\Program Files (x86)\Microsoft Office\Office12\NLSDATA0009.DLL - ok
19:49:45.0556 5872 [ 1A514CA70E5FAF1CEC2F51CDAB1367A7 ] C:\Program Files (x86)\Microsoft Office\Office12\NLSLEXICONS0009_SP.dll
19:49:45.0556 5872 C:\Program Files (x86)\Microsoft Office\Office12\NLSLEXICONS0009_SP.dll - ok
19:49:45.0556 5872 [ 707F023159B541EAD5DD6ADB2E605443 ] C:\Program Files (x86)\Microsoft Office\Office12\NLSMODELS0009.dll
19:49:45.0556 5872 C:\Program Files (x86)\Microsoft Office\Office12\NLSMODELS0009.dll - ok
19:49:45.0556 5872 [ 2D58F9C1E10C142C083ECFFE860E1C36 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\Reminder.exe
19:49:45.0556 5872 C:\Program Files (x86)\IObit\Advanced SystemCare 6\Reminder.exe - ok
19:49:45.0571 5872 [ D3E6045D588B7B19A0F82B28BDDC22E3 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\OFCommon.dll
19:49:45.0571 5872 C:\Program Files (x86)\IObit\Advanced SystemCare 6\OFCommon.dll - ok
19:49:45.0571 5872 [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\SysWOW64\wbem\wbemdisp.dll
19:49:45.0571 5872 C:\Windows\SysWOW64\wbem\wbemdisp.dll - ok
19:49:45.0571 5872 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\SysWOW64\wbem\wmiutils.dll
19:49:45.0571 5872 C:\Windows\SysWOW64\wbem\wmiutils.dll - ok
19:49:45.0571 5872 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll
19:49:45.0571 5872 C:\Windows\System32\wbem\wmipcima.dll - ok
19:49:45.0587 5872 [ 7F19838AC317C34FCED020BE529AF71E ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
19:49:45.0587 5872 C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
19:49:45.0587 5872 [ EB2EF0D54A358E3240356D896F2F0E02 ] C:\Windows\System32\spool\drivers\x64\3\HPZ3RLHN.DLL
19:49:45.0587 5872 C:\Windows\System32\spool\drivers\x64\3\HPZ3RLHN.DLL - ok
19:49:45.0587 5872 [ 1658E808E4D4889C66DE47EC87F1DED1 ] C:\Windows\System32\msvcp60.dll
19:49:45.0587 5872 C:\Windows\System32\msvcp60.dll - ok
19:49:45.0587 5872 [ 36DB6F56B0065109C107D180068CA5C0 ] C:\Windows\System32\spool\drivers\x64\3\HPZLELHN.DLL
19:49:45.0587 5872 C:\Windows\System32\spool\drivers\x64\3\HPZLELHN.DLL - ok
19:49:45.0603 5872 [ E0ADA805023343312BCD0AB49C368B98 ] C:\Windows\System32\spool\drivers\x64\3\HPFIME50.DLL
19:49:45.0603 5872 C:\Windows\System32\spool\drivers\x64\3\HPFIME50.DLL - ok
19:49:45.0603 5872 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll
19:49:45.0603 5872 C:\Windows\System32\security.dll - ok
19:49:45.0603 5872 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll
19:49:45.0603 5872 C:\Windows\System32\schedcli.dll - ok
19:49:45.0618 5872 [ 2898035F522BA2989BBA8B9CFB020FD2 ] C:\Program Files\AVAST Software\Avast\defs\13011600\aspColl.dll
19:49:45.0618 5872 C:\Program Files\AVAST Software\Avast\defs\13011600\aspColl.dll - ok
19:49:45.0618 5872 [ 005247E3057BC5D5C3F8C6F886FFC10C ] C:\Windows\System32\wbem\WMIADAP.exe
19:49:45.0618 5872 C:\Windows\System32\wbem\WMIADAP.exe - ok
19:49:45.0618 5872 [ 9FE3ED67345F0FF829A4A53B90E09672 ] C:\Windows\System32\loadperf.dll
19:49:45.0618 5872 C:\Windows\System32\loadperf.dll - ok
19:49:45.0618 5872 [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll
19:49:45.0618 5872 C:\Windows\System32\wscinterop.dll - ok
19:49:45.0634 5872 [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl
19:49:45.0634 5872 C:\Windows\System32\wscui.cpl - ok
19:49:45.0634 5872 [ F9959237F106F2B2609E61A290C0652E ] C:\Windows\System32\werconcpl.dll
19:49:45.0634 5872 C:\Windows\System32\werconcpl.dll - ok
19:49:45.0634 5872 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll
19:49:45.0634 5872 C:\Windows\System32\wercplsupport.dll - ok
19:49:45.0634 5872 [ B79515AFF098E5A56DFBD316152534DE ] C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
19:49:45.0634 5872 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL - ok
19:49:45.0649 5872 [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll
19:49:45.0649 5872 C:\Windows\System32\hcproviders.dll - ok
19:49:45.0649 5872 [ 17D385E89BC494BAE88C1E92C1B56E98 ] C:\Program Files (x86)\IObit\Advanced SystemCare 6\DelayLoad.exe
19:49:45.0649 5872 C:\Program Files (x86)\IObit\Advanced SystemCare 6\DelayLoad.exe - ok
19:49:45.0649 5872 ============================================================
19:49:45.0649 5872 Scan finished
19:49:45.0649 5872 ============================================================
19:49:45.0665 5832 Detected object count: 4
19:49:45.0665 5832 Actual detected object count: 4
19:50:20.0375 5832 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:20.0375 5832 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:20.0375 5832 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:20.0375 5832 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:20.0391 5832 vflt ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:20.0391 5832 vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:50:20.0391 5832 vnet ( UnsignedFile.Multi.Generic ) - skipped by user
19:50:20.0391 5832 vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:51:41.0873 4668 Deinitialize success



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-16 19:52:31
-----------------------------
19:52:31.864 OS Version: Windows x64 6.1.7601 Service Pack 1
19:52:31.864 Number of processors: 2 586 0x170A
19:52:31.864 ComputerName: NOMADHOME UserName: sleepyjim
19:52:33.268 Initialize success
19:52:33.424 AVAST engine defs: 13011600
19:53:15.107 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
19:53:15.107 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3GC Size: 476940MB BusType: 3
19:53:15.107 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-6
19:53:15.107 Disk 1 Vendor: Hitachi_HDT725050VLA380 V56OA73A Size: 476940MB BusType: 3
19:53:15.154 Disk 0 MBR read successfully
19:53:15.154 Disk 0 MBR scan
19:53:15.154 Disk 0 unknown MBR code
19:53:15.154 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:53:15.169 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464141 MB offset 206848
19:53:15.216 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12697 MB offset 950767616
19:53:15.278 Disk 0 scanning C:\Windows\system32\drivers
19:53:23.359 Service scanning
19:53:45.308 Modules scanning
19:53:45.308 Disk 0 trace - called modules:
19:53:45.355 ntoskrnl.exe fltsrv.sys tdrpman.sys CLASSPNP.SYS disk.sys vsflt67.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
19:53:45.355 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c23060]
19:53:45.355 3 CLASSPNP.SYS[fffff88001d2643f] -> nt!IofCallDriver -> [0xfffffa8004c216a0]
19:53:45.371 5 vsflt67.sys[fffff88000c457cd] -> nt!IofCallDriver -> [0xfffffa8004ac0520]
19:53:45.371 7 ACPI.sys[fffff88000d867a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004727060]
19:53:47.680 AVAST engine scan C:\Windows
19:53:51.096 AVAST engine scan C:\Windows\system32
19:55:56.272 AVAST engine scan C:\Windows\system32\drivers
19:56:06.443 AVAST engine scan C:\Users\sleepyjim
19:59:34.269 Disk 0 MBR has been saved successfully to "C:\Users\sleepyjim\Desktop\MBR.dat"
19:59:34.269 The log file has been saved successfully to "C:\Users\sleepyjim\Desktop\aswMBR.txt"


Thanks again for patience and help you have shown.....

Jim
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


I would like to have a fresh OTL scan please and how is the computer doing now


gringo
  • 0

#13
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
New OTL log: (Still got the issue)....

OTL logfile created on: 1/17/2013 5:32:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sleepyjim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 49.01% Memory free
8.00 Gb Paging File | 5.65 Gb Available in Paging File | 70.64% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.26 Gb Total Space | 335.65 Gb Free Space | 74.05% Space Free | Partition Type: NTFS
Drive D: | 12.40 Gb Total Space | 1.44 Gb Free Space | 11.64% Space Free | Partition Type: NTFS
Drive E: | 465.75 Gb Total Space | 335.95 Gb Free Space | 72.13% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 546.40 Gb Free Space | 58.66% Space Free | Partition Type: NTFS
Drive I: | 2794.52 Gb Total Space | 1506.53 Gb Free Space | 53.91% Space Free | Partition Type: NTFS
Drive L: | 2794.52 Gb Total Space | 2325.74 Gb Free Space | 83.23% Space Free | Partition Type: NTFS
Drive O: | 34607.46 Gb Total Space | 65.11 Gb Free Space | 0.19% Space Free | Partition Type: NTFS

Computer Name: NOMADHOME | User Name: sleepyjim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/17 16:15:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sleepyjim\Desktop\OTL.exe
PRC - [2013/01/11 08:43:31 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/09 20:21:23 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 18:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 17:35:08 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/10/31 02:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/29 20:33:46 | 000,698,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2012/09/24 21:59:16 | 000,490,880 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2012/06/29 18:18:45 | 003,459,024 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2012/04/27 19:03:28 | 005,955,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/10/15 12:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/01/18 21:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/20 21:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/05/10 17:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe
PRC - [2007/05/10 16:58:42 | 000,344,064 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/11 08:43:30 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/09 20:21:22 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2013/01/09 03:48:02 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/09 03:45:23 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c2e63623f7a64a35e3dd746b90edbc\PresentationFramework.Classic.ni.dll
MOD - [2013/01/09 03:45:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 03:45:07 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/09 03:44:59 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/09 03:44:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 03:44:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 03:44:40 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/09 03:44:32 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 03:44:28 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 03:44:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 03:44:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 03:44:16 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/30 15:37:26 | 000,348,032 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2012/10/30 15:37:24 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2012/10/30 15:37:22 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2011/10/15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/08/24 00:16:31 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011/05/26 20:18:44 | 000,136,536 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
MOD - [2010/11/05 05:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2010/01/18 21:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2007/05/10 17:05:22 | 000,270,336 | ---- | M] () -- C:\Windows\tsnp2std.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/09 23:19:06 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/11/09 20:49:38 | 000,061,040 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\WiTopia\WiTopiaService.exe -- (WiTopiaService)
SRV:64bit: - [2012/11/08 03:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/10/31 02:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/11 08:43:31 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 20:21:23 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 18:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/31 15:52:30 | 000,464,256 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/29 18:18:45 | 003,459,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012/04/27 19:07:12 | 005,914,912 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2012/04/27 19:06:30 | 001,132,824 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/10/15 12:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/20 22:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/09 20:49:48 | 000,038,368 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\visctap0901.sys -- (visctap0901)
DRV:64bit: - [2012/11/03 23:01:25 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/11/03 23:01:25 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/31 02:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/31 02:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/31 02:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/31 02:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/31 02:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 19:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/29 18:18:50 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012/06/29 18:18:36 | 001,294,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2012/06/29 18:18:34 | 000,994,912 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012/06/29 18:18:26 | 000,211,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2012/06/29 18:18:24 | 000,146,528 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt67.sys -- (vidsflt67)
DRV:64bit: - [2012/06/29 18:18:23 | 000,320,096 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012/06/29 18:18:21 | 000,137,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/03/01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/09/12 18:43:12 | 000,062,552 | ---- | M] (Toolkit Development, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\toolkitdisk.sys -- (ToolkitDisk)
DRV:64bit: - [2011/07/22 20:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 01:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/08 03:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 10:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 10:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 17:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/02 11:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 11:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/04/27 20:43:50 | 000,024,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpqdfw.sys -- (CpqDfw)
DRV:64bit: - [2010/03/04 18:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/20 22:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/09/22 15:41:02 | 012,532,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/09/22 15:37:04 | 012,216,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{12271C69-4D5A-4B05-8BE5-95CAC44D164E}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{62FED85B-E479-41AD-A046-8F81C143BC8F}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{72E5781F-A652-4B50-9BAD-257C99BA01C7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{12271C69-4D5A-4B05-8BE5-95CAC44D164E}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{62FED85B-E479-41AD-A046-8F81C143BC8F}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{72E5781F-A652-4B50-9BAD-257C99BA01C7}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{12271C69-4D5A-4B05-8BE5-95CAC44D164E}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}: "URL" = http://search.etoolk...34d338de675&s=p
IE - HKCU\..\SearchScopes\{4A380F98-435D-47D6-93E1-DB5ADD01EB01}: "URL" = http://www.alnaddy.c...rchTerms}&r=406
IE - HKCU\..\SearchScopes\{62FED85B-E479-41AD-A046-8F81C143BC8F}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{72E5781F-A652-4B50-9BAD-257C99BA01C7}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.emirates.net.ae:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=iglk"
FF - prefs.js..extensions.enabledAddons: newtaburl%40sogame.cat:2.2.3
FF - prefs.js..extensions.enabledAddons: %7B132E58DE-22BF-44CA-A061-7FCE1E8BA1EC%7D:2.1.9
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - prefs.js..network.proxy.http: "proxy1.emirates.net.ae"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\sleepyjim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sleepyjim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sleepyjim\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/12 20:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 08:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 08:43:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 08:43:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 08:43:25 | 000,000,000 | ---D | M]

[2011/03/09 21:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Extensions
[2013/01/08 19:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions
[2012/08/04 11:10:19 | 000,000,000 | ---D | M] (Freecorder 6) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}
[2011/03/10 05:45:53 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2012/12/28 12:33:34 | 000,000,000 | ---D | M] (wxDownload) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\[email protected]
[2013/01/08 19:53:42 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\[email protected]
[2011/08/18 05:30:10 | 000,051,994 | ---- | M] () (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\[email protected]
[2011/05/03 18:07:08 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2012/12/28 13:40:01 | 000,001,389 | ---- | M] () -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\searchplugins\alnaddyToolbar.xml
[2013/01/11 08:43:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/12 20:25:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/01/11 08:43:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2012/08/31 04:48:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/03 09:22:19 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml
[2012/10/12 14:16:35 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\sleepyjim\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sleepyjim\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sleepyjim\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Moab - The Mountain Bike Paradise = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aacknmjcgjhjgajciecklbdjfikhidlm\1.6_0\
CHR - Extension: Easy Clock = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dplbpgapoedppajbikieafefmcceaagn\9.0.6_0\
CHR - Extension: Dictionary.com = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh\1.5.2_0\
CHR - Extension: avast! WebRep = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: wxDownload = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmlikgmaefpeafndhblfgmafpcnbjnep\4_0\
CHR - Extension: Sticky Notes = C:\Users\sleepyjim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfklpmdfldnnjbkdmamhokiphfkfieg\1.9.2_0\

O1 HOSTS File: ([2009/06/11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files (x86)\Freecorder 6\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files (x86)\Freecorder 6\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] c:\program files\hewlett-packard\hp mediasmart\smartmenu.exe ()
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PDF Complete] c:\program files (x86)\pdf complete\pdfsty.exe File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp2std] c:\Windows\tsnp2std.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [Facebook Update] C:\Users\sleepyjim\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [WiTopia] C:\Program Files\WiTopia\WiTopia.exe (SparkLabs)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B0AB7A1-CB14-407F-A483-87199B5BB6E5}: NameServer = 129.250.35.250,129.250.35.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76936854-C2D4-47B5-ABAF-8B9C59CAF6CD}: DhcpNameServer = 195.229.241.222 213.42.20.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989B8AFE-A81F-4E16-A36E-7A269C150F95}: DhcpNameServer = 10.118.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD43A214-916A-4888-8AD3-47894A759A78}: DhcpNameServer = 192.168.1.100 192.168.1.100
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\windows\syswow64\guard32.dll) - c:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 01:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/12/10 20:05:34 | 000,000,000 | ---D | M] - H:\Automatically Add to iTunes -- [ NTFS ]
O32 - AutoRun File - [2010/03/06 15:48:30 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 16:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{afaaa5e0-4c36-11e0-999f-d485640dc23b}\Shell - "" = AutoRun
O33 - MountPoints2\{afaaa5e0-4c36-11e0-999f-d485640dc23b}\Shell\AutoRun\command - "" = K:\EasyCN.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/17 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\Pratt, Christina, ed. - An Encyclopedia of Shamanism, 2 vols.^reup
[2013/01/17 17:11:18 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\AMNH
[2013/01/17 17:11:17 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\10 Native American - American Indian eBooks
[2013/01/17 16:15:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sleepyjim\Desktop\OTL.exe
[2013/01/17 05:23:58 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\Pics
[2013/01/17 05:23:57 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\American Indian Religious Traditions
[2013/01/16 05:56:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/01/16 05:55:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 05:53:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/16 05:53:35 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/01/15 21:47:58 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\Sacred Spirit Collection
[2013/01/14 18:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VersePerfect
[2013/01/14 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VersePerfect
[2013/01/11 17:51:21 | 000,918,528 | ---- | C] (MG Shareware) -- C:\Users\sleepyjim\Desktop\CN_Historical_SS.htm
[2013/01/11 09:38:45 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Roaming\ExpressFiles
[2013/01/11 08:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/03 13:04:54 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\Programs
[2013/01/01 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Roaming\FamilyTreeMaker
[2013/01/01 16:33:27 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\IsolatedStorage
[2013/01/01 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Documents\Family Tree Maker
[2013/01/01 16:27:53 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\Ancestry.com
[2013/01/01 16:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
[2013/01/01 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Family Tree Maker 2012
[2013/01/01 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BCL Technologies
[2013/01/01 16:25:04 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2013/01/01 16:19:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
[2013/01/01 16:19:21 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\PackageAware
[2012/12/30 21:18:58 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\Mikey
[2012/12/30 16:47:59 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Roaming\Free-PDF-to-Word.com
[2012/12/30 16:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2012/12/28 13:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WoW Worldwide Software LTD
[2012/12/28 13:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/12/28 12:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\wxDownload
[2012/12/26 16:08:59 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\Cherokee
[2012/12/25 22:46:07 | 000,918,528 | ---- | C] (MG Shareware) -- C:\Windows\SysWow64\Cherokee Historical Images.scr
[2012/12/22 12:47:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/22 09:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/12/22 09:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/12/19 16:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneTouch Software
[2012/12/19 16:38:40 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys
[2012/12/19 16:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silabs
[2012/12/19 16:37:18 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\AppData\Local\{95DD20F6-507D-4254-B0C6-D187C2769568}
[2012/12/19 16:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LifeScan
[2012/12/19 16:36:46 | 000,221,184 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Tiff32.dll
[2012/12/19 16:36:46 | 000,114,688 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Tiff.ocx
[2012/12/19 16:36:45 | 000,954,368 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Faxcpp32.dll
[2012/12/19 16:36:45 | 000,147,456 | ---- | C] (Black Ice Software) -- C:\Windows\SysWow64\Fax.ocx
[2012/12/19 16:36:45 | 000,118,784 | ---- | C] (Black Ice Software, Inc) -- C:\Windows\SysWow64\Faxmng32.dll
[2012/12/19 16:36:45 | 000,073,728 | ---- | C] (BlackIce) -- C:\Windows\SysWow64\CpOcx.ocx
[2012/12/19 16:36:44 | 000,237,568 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Bitmani.dll
[2012/12/19 16:36:44 | 000,167,936 | ---- | C] (Black Ice Software, Inc.) -- C:\Windows\SysWow64\Cp.dll
[2012/12/19 16:33:39 | 000,000,000 | ---D | C] -- C:\Users\sleepyjim\Desktop\BLOOD
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sleepyjim\Desktop\*.tmp files -> C:\Users\sleepyjim\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/17 17:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/17 16:44:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/17 16:42:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001UA.job
[2013/01/17 16:15:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sleepyjim\Desktop\OTL.exe
[2013/01/17 14:44:08 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001UA.job
[2013/01/17 13:42:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001Core.job
[2013/01/17 08:57:54 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-350081911-2139172854-2764822397-1001Core.job
[2013/01/17 05:58:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 05:58:13 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/17 05:51:38 | 000,778,694 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/17 05:51:38 | 000,659,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/17 05:51:38 | 000,121,162 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/17 05:44:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/16 19:45:41 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2013/01/16 19:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/16 19:43:31 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/16 17:43:52 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2013/01/16 05:56:00 | 000,000,330 | ---- | M] () -- C:\Start_.cmd
[2013/01/14 16:10:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/11 09:47:07 | 000,193,576 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/11 09:15:23 | 000,002,046 | ---- | M] () -- C:\Users\sleepyjim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/09 03:40:06 | 000,424,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 03:19:09 | 000,772,418 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/08 07:19:32 | 000,687,331 | ---- | M] () -- C:\Users\sleepyjim\Desktop\2158topo-001.jpg
[2013/01/06 09:54:10 | 000,056,915 | ---- | M] () -- C:\Users\sleepyjim\Desktop\Teeth.JPG
[2013/01/03 03:34:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForsleepyjim.job
[2012/12/28 15:31:47 | 000,001,251 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/12/25 22:46:07 | 000,029,184 | ---- | M] () -- C:\Windows\SysWow64\ssunstl.exe
[2012/12/21 09:18:53 | 026,075,240 | ---- | M] () -- C:\Users\sleepyjim\Desktop\The Family Handyman2.pdf
[2012/12/19 07:55:58 | 000,256,398 | ---- | M] () -- C:\Users\sleepyjim\Desktop\Supplement.pdf
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sleepyjim\Desktop\*.tmp files -> C:\Users\sleepyjim\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 05:24:22 | 000,256,398 | ---- | C] () -- C:\Users\sleepyjim\Desktop\Supplement.pdf
[2013/01/16 05:56:00 | 000,000,330 | ---- | C] () -- C:\Start_.cmd
[2013/01/08 16:19:56 | 000,687,331 | ---- | C] () -- C:\Users\sleepyjim\Desktop\2158topo-001.jpg
[2013/01/07 16:09:24 | 000,056,915 | ---- | C] () -- C:\Users\sleepyjim\Desktop\Teeth.JPG
[2012/12/25 22:46:07 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\ssunstl.exe
[2012/12/21 09:16:09 | 026,075,240 | ---- | C] () -- C:\Users\sleepyjim\Desktop\The Family Handyman2.pdf
[2012/12/19 16:38:40 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD
[2012/12/19 16:37:05 | 000,052,736 | ---- | C] () -- C:\Windows\SysWow64\tiff.oca
[2012/12/19 16:37:05 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2012/12/19 16:37:05 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2012/12/19 16:36:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2012/12/19 16:36:45 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2012/12/19 16:36:45 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2012/12/19 16:36:45 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2012/12/19 16:36:45 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2012/12/19 16:36:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2012/09/28 21:59:01 | 000,000,000 | ---- | C] () -- C:\ProgramData\Audio
[2012/09/28 21:55:52 | 000,000,000 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\Flange Saw
[2012/09/28 21:45:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2012/08/04 11:38:40 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2012/08/04 11:38:40 | 000,103,908 | ---- | C] () -- C:\Windows\unins000.dat
[2012/02/17 18:47:15 | 000,193,576 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/03 16:02:12 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/10/06 21:35:55 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011/10/06 21:35:53 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe
[2011/10/06 21:35:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/10/06 21:35:52 | 012,216,064 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2011/10/06 21:35:52 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2011/10/06 21:35:52 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2011/08/05 08:31:32 | 000,772,418 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/07 21:09:43 | 000,000,600 | ---- | C] () -- C:\Users\sleepyjim\AppData\Local\PUTTY.RND
[2011/07/07 20:31:54 | 000,000,600 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\winscp.rnd
[2011/06/24 13:35:49 | 000,001,057 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\vso_ts_preview.xml
[2011/05/22 15:46:11 | 000,001,854 | ---- | C] () -- C:\Users\sleepyjim\AppData\Roaming\GhostObjGAFix.xml
[2011/03/11 10:22:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll

========== ZeroAccess Check ==========

[2009/07/14 08:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 09:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 08:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 05:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 05:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/29 19:15:11 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Acronis
[2011/08/06 07:17:17 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Asterisk Password Decryptor
[2012/10/10 18:37:52 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Audacity
[2011/07/06 16:51:50 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Cocoon Software
[2011/03/13 16:43:21 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\CocoonSoftware
[2011/09/01 18:42:25 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Digiarty
[2011/06/07 16:47:22 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Engelmann Media
[2013/01/11 09:38:45 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\ExpressFiles
[2013/01/06 17:52:27 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\FamilyTreeMaker
[2011/12/26 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\FileZilla
[2012/12/30 16:47:59 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Free-PDF-to-Word.com
[2012/08/04 11:24:07 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Freecorder 6 Audio
[2012/08/17 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Freecorder 6 Screen
[2012/08/17 01:08:22 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Freecorder 6 Video
[2011/04/07 22:14:57 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\GARMIN
[2011/07/13 21:28:08 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\GrabPro
[2011/07/09 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\ImgBurn
[2012/11/03 21:59:06 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\IObit
[2012/04/28 17:59:05 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\IrfanView
[2011/03/22 16:25:38 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Juniper Networks
[2011/03/22 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\LegalSounds
[2012/07/05 19:02:00 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\LegalsoundsDownloadManager
[2011/03/18 20:12:56 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\libimobiledevice
[2011/03/25 14:56:06 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\mediAvatar
[2011/07/11 16:13:01 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\NeoDownloader
[2012/09/28 21:46:35 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Nikon
[2012/08/10 16:59:13 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Orbit
[2011/07/11 16:27:46 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\ProgSense
[2012/07/14 19:14:00 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\redsn0w
[2012/08/17 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\RootsMagic
[2012/08/08 17:02:12 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Softland
[2012/02/12 15:50:18 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Softplicity
[2013/01/17 17:39:20 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\uTorrent
[2012/12/03 11:48:37 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\Vso
[2011/03/10 20:35:18 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\WinBatch
[2012/11/20 16:24:37 | 000,000,000 | ---D | M] -- C:\Users\sleepyjim\AppData\Roaming\WiTopia

========== Purity Check ==========



< End of report >
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - No CLSID value found.
    O4 - HKLM..\Run: [PDF Complete] c:\program files (x86)\pdf complete\pdfsty.exe File not found
    O4 - HKCU..\Run: [AdobeBridge] File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    IE:64bit: - HKLM\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{4A380F98-435D-47D6-93E1-DB5ADD01EB01}: "URL" = http://www.alnaddy.c...rchTerms}&r=406
    FF - prefs.js..browser.search.defaultenginename: ""
    FF - prefs.js..browser.search.defaultenginename,S: S", ""
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.order.1,S: S", ""
    FF - prefs.js..browser.search.selectedEngine: "Alnaddy"
    FF - prefs.js..browser.search.selectedEngine,S: S", ""
    [2012/08/04 11:10:19 | 000,000,000 | ---D | M] (Freecorder 6) -- C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}
    [2012/12/28 13:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#15
sleepyjim

sleepyjim

    Member

  • Topic Starter
  • Member
  • PipPip
  • 92 posts
New log: (Still got infection, does seem less, only 1 spot versus 7):
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70EA269E-56DF-49C2-86B2-1A1924ED88B4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D3B22A92-87A2-47b6-B3E6-A64877B5C242} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3B22A92-87A2-47b6-B3E6-A64877B5C242}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PDF Complete deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2697C543-B360-470B-A77C-9C3131F485F4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2697C543-B360-470B-A77C-9C3131F485F4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2697C543-B360-470B-A77C-9C3131F485F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2697C543-B360-470B-A77C-9C3131F485F4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A380F98-435D-47D6-93E1-DB5ADD01EB01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A380F98-435D-47D6-93E1-DB5ADD01EB01}\ not found.
Prefs.js: "" removed from browser.search.defaultenginename
Prefs.js: S", "" removed from browser.search.defaultenginename,S
Prefs.js: "" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "" removed from browser.search.order.1
Prefs.js: S", "" removed from browser.search.order.1,S
Prefs.js: "Alnaddy" removed from browser.search.selectedEngine
Prefs.js: S", "" removed from browser.search.selectedEngine,S
C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}\META-INF folder moved successfully.
C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}\components folder moved successfully.
C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}\chrome\content\id_freecorder24 folder moved successfully.
C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}\chrome\content folder moved successfully.
Folder move failed. C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} scheduled to be moved on reboot.
C:\Program Files (x86)\Optimizer Pro folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\sleepyjim\Desktop\cmd.bat deleted successfully.
C:\Users\sleepyjim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: sleepyjim
->Java cache emptied: 660072 bytes

User: UpdatusUser

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 58264 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: sleepyjim
->Flash cache emptied: 1628 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172013_181025

Files\Folders moved on Reboot...
C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}\chrome folder moved successfully.
C:\Users\sleepyjim\AppData\Roaming\Mozilla\Firefox\Profiles\j01lz9c2.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP