Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Have I installed a malicious program from mp4toflvconverter.com?


  • Please log in to reply

#1
GenBullmoose

GenBullmoose

    Member

  • Member
  • PipPip
  • 19 posts
I have an mp4 video file I wanted to convert to FLV format, so I downloaded a converter from http://mp4toflvconverter.com/. I failed to notice the Web Of Trust icon that showed there was no "reputation" for this site yet. I downloaded the file named only "setup.exe" - I guess that should have told me something. I renamed the file to "Mp4_To_Flv_setup.exe" and then downloaded the file, then ran it.

My question is, "Have I installed a malicious program, and if so, how do I detect and remove it?"

I didn't get any feed back on the install and said to myself, "oh-oh". That's when I checked the Web of Trust and noticed it had no "reputation" yet. I went to the Windows "Start" orb and typed in "mp4" and no executable program showed in the list. I haven't found anyway I can start this suspect Converter. I looked in "Programs and Features" and filtered to show what had been installed today and the program does not show there (no program shows being installed today). I checked online to look for problems with http://mp4toflvconverter.com/ and could not find anything except one site that had a weak review on the site. A user rated it poorly because it installed extra software programs even though he choose not to install them. Again, there were no programs listed as being installed today in my Programs and Features. Since it appears a reviewer got rogue software installed and appeared to use the Converter, I have to wonder if I actually installed anything (could renaming the installation file have caused it not to run?). According to "Programs and Features" nothing installed. I haven't noticed any problems on my laptop, or noticed any slow-downs.

I looked in Event Viewer and didn't see much that was odd except the two most recent entries were 2 messages that said "The Software Protection service has started", and the last one was "The Software Protection service has stopped" for some "Source" called "Security-SPP". I googled "Security-SPP" and it said it was "The Microsoft-Windows-Security-SPP component resets licensing values that were set during system installation and image testing. It restores the computer to a clean-install licensing state.", so it doesn't sound terrible at all to me.


I ran a program I have installed called "What's My Computer Doing?". I noticed one program called "Rubyw.exe". I don't do any programming with Ruby, although I may have looked into Ruby years ago and just forgot. However, "What's My Computer Doing?" listed it as being installed today about the time I installed the FLV converter.
I looked at "What's My Computer Doing?" every few minutes and "Rubyw.exe" shows running some of the time, not every time.

I ran Malwarebytes which detected nothing.

I then ran SuperAntiSpyware and it reported 3 false positives, about 180 tracking cookies, and one issue with a long registry name that included "\Internet Explorer\SearchScopes\bProtectorDefaultScope" in it. I googled that and one site said it had something to do with "Claro Search". A few months ago I had a problem with Claro Search and it took a lot of effort to get rid of it. Apparently this was a left-over of Claro and Malwarebytes never caught it. I'm going to run both Malwarebytes and SuperAntiSpyware in the future.

Anyway, you guys know a lot more about these issues than I do. By installing from http://mp4toflvconverter.com/, have I installed a malicious program, and if so, how do I detect and remove it? I appreciate your help. My system info is below, followed by an OTL scan:

===============================
OS Name Microsoft Windows 7 Ultimate
Version 6.1.7601 Service Pack 1 Build 7601
System Manufacturer ASUSTeK Computer Inc.
System Model U50A
System Type X86-based PC
Processor Intel® Core™2 Duo CPU T6600 @ 2.20GHz, 2200 Mhz, 2 Core(s), 2 Logical Processor(s)
BIOS Version/Date American Megatrends Inc. 208, 8/26/2009
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.1.7601.17514"
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 2.97 GB
Available Physical Memory 1.20 GB
Total Virtual Memory 5.93 GB
Available Virtual Memory 3.92 GB
Page File Space 2.97 GB
Page File C:\pagefile.sys
================================

OTL logfile created on: 1/27/2013 3:27:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phil\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 27.52% Memory free
5.93 Gb Paging File | 3.06 Gb Available in Paging File | 51.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 119.50 Gb Free Space | 40.09% Space Free | Partition Type: NTFS
Drive G: | 3.81 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PHIL-PC | User Name: Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/27 15:22:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phil\Downloads\OTL.exe
PRC - [2013/01/27 09:04:16 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\bin\rubyw.exe
PRC - [2013/01/27 09:04:06 | 000,070,239 | ---- | M] (http://www.ruby-lang.org/) -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\bin\rubyw.exe
PRC - [2013/01/22 15:46:42 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
PRC - [2013/01/22 15:46:41 | 009,183,856 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
PRC - [2013/01/22 15:46:39 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
PRC - [2013/01/18 20:38:01 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/10 15:58:22 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/10 15:48:32 | 000,395,616 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
PRC - [2013/01/10 15:48:30 | 011,771,744 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\Evernote.exe
PRC - [2013/01/08 15:48:07 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2013/01/08 14:48:08 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/12/12 18:12:58 | 000,108,544 | ---- | M] (VideoLAN) -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/15 19:00:03 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Phil\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012/11/05 17:18:40 | 000,212,503 | ---- | M] (One Hour Programming) -- C:\Program Files\Spanish Accents CapsLock\Spanish Accents CapsLock.exe
PRC - [2012/11/01 13:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/12 16:33:50 | 001,668,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012/10/12 16:33:50 | 001,093,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/10/11 10:47:42 | 013,501,056 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/12 01:32:32 | 004,679,672 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2012/09/05 18:46:12 | 000,912,896 | ---- | M] (KARPOLAN) -- C:\Program Files\Keyboard LEDs\KeyboardLeds.exe
PRC - [2012/07/11 12:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/07/03 17:13:58 | 000,274,168 | ---- | M] () -- C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/11 16:34:08 | 000,619,864 | ---- | M] (SourceTec) -- C:\Program Files\Common Files\SourceTec\Sothink FLV Player\FLVPlayer.exe
PRC - [2009/08/21 02:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/07/30 18:45:20 | 000,497,024 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2009/07/29 16:07:54 | 001,033,448 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
PRC - [2009/07/13 19:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2009/05/05 10:01:46 | 001,466,368 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2009/02/23 18:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/02/28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/27 10:23:07 | 000,192,512 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\sfamcc00001.dll
MOD - [2013/01/27 10:23:07 | 000,158,720 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\sfareca00001.dll
MOD - [2013/01/27 09:04:28 | 000,027,648 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/01/27 09:04:25 | 000,087,552 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/01/27 09:04:25 | 000,029,184 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/01/27 09:04:24 | 000,126,976 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/01/27 09:04:24 | 000,036,352 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
MOD - [2013/01/27 09:04:24 | 000,023,552 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
MOD - [2013/01/27 09:04:24 | 000,009,216 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/01/27 09:04:24 | 000,008,704 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
MOD - [2013/01/27 09:04:24 | 000,008,704 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
MOD - [2013/01/27 09:04:24 | 000,008,704 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
MOD - [2013/01/27 09:04:23 | 000,008,192 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
MOD - [2013/01/27 09:04:22 | 000,274,944 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
MOD - [2013/01/27 09:04:22 | 000,015,360 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
MOD - [2013/01/27 09:04:21 | 000,120,832 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
MOD - [2013/01/27 09:04:21 | 000,026,624 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
MOD - [2013/01/27 09:04:19 | 000,118,784 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
MOD - [2013/01/27 09:04:18 | 000,094,208 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/01/27 09:04:18 | 000,008,704 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
MOD - [2013/01/27 09:04:16 | 002,163,940 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\bin\libeay32-1.0.0-msvcrt.dll
MOD - [2013/01/27 09:04:16 | 000,459,458 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\bin\ssleay32-1.0.0-msvcrt.dll
MOD - [2013/01/27 09:04:16 | 000,104,448 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\bin\ZLIB1.dll
MOD - [2013/01/27 09:04:16 | 000,094,208 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/01/27 09:04:16 | 000,014,848 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/01/27 09:04:16 | 000,012,800 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/01/27 09:04:16 | 000,009,728 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrD95D.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2013/01/27 09:04:12 | 000,027,648 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
MOD - [2013/01/27 09:04:10 | 000,126,976 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
MOD - [2013/01/27 09:04:10 | 000,087,552 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
MOD - [2013/01/27 09:04:10 | 000,029,184 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
MOD - [2013/01/27 09:04:09 | 000,009,216 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
MOD - [2013/01/27 09:04:08 | 000,094,208 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
MOD - [2013/01/27 09:04:07 | 000,014,848 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
MOD - [2013/01/27 09:04:07 | 000,012,800 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
MOD - [2013/01/27 09:04:07 | 000,009,728 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
MOD - [2013/01/27 09:04:06 | 000,094,208 | ---- | M] () -- C:\Users\Phil\AppData\Local\Temp\ocrB04B.tmp\src\rgloader\rgloader193.mswin.so
MOD - [2013/01/22 15:46:47 | 000,059,904 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
MOD - [2013/01/22 15:46:44 | 000,511,488 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
MOD - [2013/01/22 15:46:43 | 001,234,944 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
MOD - [2013/01/22 15:46:43 | 001,198,592 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
MOD - [2013/01/22 15:46:43 | 000,815,104 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
MOD - [2013/01/22 15:46:43 | 000,642,048 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
MOD - [2013/01/22 15:46:43 | 000,290,816 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
MOD - [2013/01/22 15:46:42 | 000,745,472 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
MOD - [2013/01/22 15:46:42 | 000,344,064 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
MOD - [2013/01/22 15:46:42 | 000,217,088 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
MOD - [2013/01/22 15:46:42 | 000,176,128 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\pia_tray.exe
MOD - [2013/01/22 15:46:41 | 009,183,856 | ---- | M] () -- C:\Program Files\pia_manager\pia_manager.exe
MOD - [2013/01/22 15:46:41 | 000,376,832 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
MOD - [2013/01/22 15:46:41 | 000,200,704 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
MOD - [2013/01/22 15:46:41 | 000,184,320 | ---- | M] () -- C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
MOD - [2013/01/22 15:46:39 | 000,510,464 | ---- | M] () -- C:\Program Files\pia_manager\openvpn.exe
MOD - [2013/01/22 15:46:39 | 000,090,112 | ---- | M] () -- C:\Program Files\pia_manager\lzo2.dll
MOD - [2013/01/18 20:37:33 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/08 15:48:05 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/12/12 18:13:36 | 011,998,720 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2012/12/12 18:13:36 | 002,286,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlccore.dll
MOD - [2012/12/12 18:13:36 | 000,087,040 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
MOD - [2012/12/12 18:13:36 | 000,057,344 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
MOD - [2012/12/12 18:13:36 | 000,051,712 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
MOD - [2012/12/12 18:13:36 | 000,046,592 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
MOD - [2012/12/12 18:13:36 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
MOD - [2012/12/12 18:13:36 | 000,044,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
MOD - [2012/12/12 18:13:36 | 000,043,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
MOD - [2012/12/12 18:13:36 | 000,042,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
MOD - [2012/12/12 18:13:32 | 000,386,560 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2012/12/12 18:13:32 | 000,185,856 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2012/12/12 18:13:32 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2012/12/12 18:13:32 | 000,049,664 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012/12/12 18:13:32 | 000,043,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2012/12/12 18:13:32 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2012/12/12 18:13:30 | 001,888,256 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2012/12/12 18:13:30 | 001,719,296 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2012/12/12 18:13:30 | 001,318,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2012/12/12 18:13:30 | 000,310,784 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2012/12/12 18:13:30 | 000,043,008 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2012/12/12 18:13:30 | 000,042,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2012/12/12 18:13:30 | 000,041,472 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2012/12/12 18:13:30 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
MOD - [2012/12/12 18:13:30 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2012/12/12 18:13:28 | 000,372,224 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2012/12/12 18:13:28 | 000,265,216 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2012/12/12 18:13:28 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
MOD - [2012/12/12 18:13:24 | 000,154,624 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2012/12/12 18:13:24 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2012/12/12 18:13:24 | 000,051,200 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2012/12/12 18:13:24 | 000,037,888 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2012/12/12 18:13:24 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
MOD - [2012/12/12 18:13:24 | 000,033,792 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2012/12/12 18:13:20 | 000,310,784 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2012/12/12 18:13:20 | 000,182,272 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2012/12/12 18:13:20 | 000,068,608 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2012/12/12 18:13:20 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2012/12/12 18:13:20 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2012/12/12 18:13:20 | 000,036,864 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2012/12/12 18:13:18 | 001,544,192 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2012/12/12 18:13:18 | 001,518,080 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2012/12/12 18:13:18 | 000,135,168 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2012/12/12 18:13:18 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2012/12/12 18:13:18 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2012/12/12 18:13:18 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2012/12/12 18:13:18 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2012/12/12 18:13:18 | 000,035,328 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2012/12/12 18:13:18 | 000,034,816 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2012/12/12 18:13:14 | 001,238,016 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2012/12/12 18:13:14 | 000,288,768 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
MOD - [2012/12/12 18:13:14 | 000,085,504 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
MOD - [2012/12/12 18:13:14 | 000,041,984 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
MOD - [2012/12/12 18:13:14 | 000,038,400 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
MOD - [2012/12/12 18:13:14 | 000,037,376 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2012/12/12 18:13:14 | 000,036,352 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
MOD - [2012/12/12 18:13:10 | 000,070,144 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2012/12/12 18:13:06 | 000,258,560 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2012/12/12 18:13:06 | 000,219,648 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2012/12/12 18:13:06 | 000,157,696 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2012/12/12 18:13:06 | 000,083,968 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2012/12/12 18:13:06 | 000,047,616 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2012/12/12 18:13:06 | 000,043,520 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2012/12/12 18:13:04 | 000,093,696 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2012/12/12 18:13:04 | 000,045,568 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
MOD - [2012/12/12 18:13:04 | 000,038,912 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2012/12/12 18:13:02 | 000,106,496 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2012/12/12 18:13:02 | 000,092,160 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2012/12/12 18:13:02 | 000,044,544 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
MOD - [2012/12/12 18:13:00 | 000,198,656 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2012/12/12 18:13:00 | 000,073,728 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
MOD - [2012/12/12 18:12:58 | 000,724,992 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2012/12/12 18:12:58 | 000,440,320 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2012/12/12 18:12:58 | 000,111,104 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\libvlc.dll
MOD - [2012/12/12 18:12:58 | 000,035,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
MOD - [2012/08/29 06:50:28 | 000,133,134 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avutil-51.dll
MOD - [2012/08/29 06:50:26 | 000,189,454 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avformat-54.dll
MOD - [2012/08/29 06:50:24 | 000,983,054 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avcodec-54.dll
MOD - [2012/07/17 14:02:20 | 000,970,240 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2012/07/03 17:13:58 | 000,274,168 | ---- | M] () -- C:\Program Files\What's my computer doing\WhatsMyComputerDoing.exe
MOD - [2011/06/14 15:40:28 | 000,073,728 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}\components\PlainOldFavorites.dll
MOD - [2008/03/30 15:22:42 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [1999/01/31 11:52:02 | 000,192,512 | ---- | M] () -- C:\Program Files\What's my computer doing\QHTM.dll


========== Services (SafeList) ==========

SRV - [2013/01/18 20:38:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 15:48:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 03:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/11/04 13:40:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/11 12:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 19:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP3\WNt500x86\Sandra.sys -- (SANDRA)
DRV - [2013/01/27 09:20:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/01/22 15:46:49 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/12/06 12:08:52 | 010,372,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Netwsn00.sys -- (NETwNs32)
DRV - [2012/11/04 21:32:50 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012/09/28 21:52:10 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/08/23 08:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 08:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/18 10:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/29 14:48:42 | 000,103,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/10/29 14:48:42 | 000,095,376 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/10/29 14:48:42 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/10/29 14:48:40 | 000,116,368 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/10/27 22:02:50 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/09/22 19:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 19:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/09/15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/07/13 16:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 16:02:47 | 000,050,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/06/17 06:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/05/05 11:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/12/04 01:42:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/05 01:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/07/31 02:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007/07/11 01:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006/11/14 16:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 16:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 19:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 F9 DA 6B CF BA CD 01 [binary data]
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4126229821-387955567-489164656-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: coralietab%40mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6
FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.8.0
FF - prefs.js..extensions.enabledAddons: %7B5C46D283-ABDE-4dce-B83C-08881401921C%7D:2.1.8.2
FF - prefs.js..extensions.enabledAddons: %7Bdaf44bf7-a45e-4450-979c-91cf07434c3d%7D:1.5.8
FF - prefs.js..extensions.enabledAddons: %7B7E7165E2-0767-448c-852F-5FA8714F2C37%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7BFCAB6FDD-5585-425b-95C1-5ED856F3FD08%7D:6.9
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: collector%40broceliand.fr:6.0.11
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.1
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.3
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130116
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phil\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/12 19:06:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Babylon\Babylon-Pro\Utils\[email protected] [2013/01/25 10:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 20:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 20:37:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/11/12 19:06:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 20:38:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 20:37:25 | 000,000,000 | ---D | M]

[2012/11/20 23:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Extensions
[2012/11/20 23:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\abg07hit.default\extensions
[2012/11/20 23:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\abg07hit.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/11/20 23:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\abg07hit.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/11/20 23:25:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\abg07hit.default\extensions\[email protected]
[2013/01/25 09:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions
[2013/01/08 14:39:23 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/11/25 17:23:51 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37}
[2013/01/23 16:29:56 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/01/25 09:23:17 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/12/20 12:05:53 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2012/11/21 09:01:17 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2012/12/07 09:28:18 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2012/11/21 09:01:15 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2012/12/20 12:05:51 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2012/11/21 08:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\kodjw15h.default\Extensions
[2012/11/21 08:36:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\kodjw15h.default\Extensions\[email protected]
[2012/12/23 06:01:33 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2013/01/08 14:39:23 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2012/11/21 09:01:15 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2012/12/18 20:33:38 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]
[2013/01/19 07:18:43 | 000,048,844 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi
[2012/11/21 09:01:13 | 000,234,233 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2013/01/20 07:00:25 | 000,533,221 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/01/03 22:41:51 | 000,042,737 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2012/11/23 08:43:47 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/21 09:01:13 | 000,115,263 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}.xpi
[2012/11/27 10:25:57 | 000,271,097 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2012/11/15 11:54:58 | 000,007,027 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]\chrome\skin\images\info\premiumExpired.png
[2012/11/21 19:23:16 | 000,000,269 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]\chrome\skin\images\new\padlockExpired.png
[2012/12/05 09:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/01/25 08:50:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 20:38:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/11 10:48:18 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012/11/13 09:13:25 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/11/20 00:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/20 00:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://asus.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://asus.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Users\Phil\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Translate = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Google Drive = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Language Immersion for Chrome = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bedbecnakfcpmkpddjfnfihogkaggkhl\1.0.3_0\
CHR - Extension: YouTube = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: HelloFax - Free Online Faxing & Signing = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.1_0\
CHR - Extension: Learn Spanish Free - SpanishPod101.com = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjgpjcjjkghibmfdnbienmmdjbnamfde\1.0.0_0\
CHR - Extension: Google Search = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Facebook Disconnect = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Full Screen Weather = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Torrent Turbo Search = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcdgomceilgkonhjheaijcmgfhabmpio\3.5.5.9_0\
CHR - Extension: Free Online PDF Tools = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn\1.0.1.2_0\
CHR - Extension: Lose It! = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn\3.5.0.3_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: Learn Spanish with LoM\u00E0sTv = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejdepbibpmpfkeokhhnlidhfgmpapnm\1_0\
CHR - Extension: SPANISH MEMORY = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdkahfkkpdhcemdglnnfkfngcckfiok\0.0.0.1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: SkyDrive = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk\1.0.3_0\
CHR - Extension: Highlight Keywords for Google Search = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf\5.0.2_0\
CHR - Extension: Personal Blocklist (by Google) = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef\2.4.1_0\
CHR - Extension: Hover Zoom = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.8.3_0\
CHR - Extension: Lyrics for Google Chrome\u2122 = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek\2.0.0_0\
CHR - Extension: Gmail = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Sexy Girl Chrome Theme - Arthur = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkibpgkliocdchedibhioiibdiddomac\1.0_0\
CHR - Extension: Learn Spanish - Qu\u00E9 Onda Spanish = C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj\1_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [Akamai NetSession Interface] C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [Amazon Cloud Drive] C:\Users\Phil\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe ()
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [KeyboardLeds.exe] C:\Program Files\Keyboard LEDs\KeyboardLeds.exe (KARPOLAN)
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [MP3 Skype Recorder] C:\Program Files\MP3 Skype Recorder\MP3 Skype Recorder.exe (Alexander Nikiforov)
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [SkyDrive] C:\Users\Phil\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4126229821-387955567-489164656-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Phil\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Find Favorites.lnk = C:\Program Files\Find Favorites\ff.exe (Carthago Software)
O4 - Startup: C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Do Not Track Plus © Abine - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll (Abine)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...S/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsof...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A60DBBD-38C9-4668-A21A-3AFBB403D485}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{663549EA-C75A-484C-A6B3-9829C5E3FEFB}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB208B82-208A-476C-A678-23360F3DDB53}: DhcpNameServer = 64.71.97.15 64.71.106.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/11/07 23:44:04 | 000,054,272 | R--- | M] (Microsoft Corporation) - G:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2003/07/23 19:26:21 | 000,000,048 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{34863f3b-b1bd-11de-bf73-001e68408eb0}\Shell - "" = AutoRun
O33 - MountPoints2\{34863f3b-b1bd-11de-bf73-001e68408eb0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{34863f9d-b1bd-11de-bf73-001e68408eb0}\Shell - "" = AutoRun
O33 - MountPoints2\{34863f9d-b1bd-11de-bf73-001e68408eb0}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2007/11/07 23:44:04 | 000,054,272 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/27 11:52:45 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/27 11:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/01/27 11:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/01/27 11:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/27 09:37:08 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{14992DC5-1B59-4B6F-B5F6-9C6A8EAD9B7C}
[2013/01/27 09:19:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/26 09:36:20 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{52C90CDB-D187-4923-BDCC-C6816EC37ADA}
[2013/01/25 10:01:43 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\Babylon
[2013/01/25 10:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[2013/01/25 10:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2013/01/25 09:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/25 08:51:06 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/25 08:50:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/25 08:50:54 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/25 08:50:54 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/23 09:34:28 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{1D0F7B54-356D-46F5-830B-78731399D27F}
[2013/01/22 22:40:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2013/01/22 15:49:39 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\Apple Computer
[2013/01/22 15:49:38 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Titanium
[2013/01/22 15:47:17 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
[2013/01/22 15:46:49 | 000,026,624 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2013/01/22 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\pia_manager
[2013/01/22 08:58:04 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\vlc
[2013/01/22 08:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/01/22 08:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/01/21 09:33:15 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{91112048-6A79-4850-AD80-835F9BD2CE50}
[2013/01/20 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{45B6624E-D281-43F1-B65C-AA9064721CD5}
[2013/01/19 09:31:47 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{78956ED7-216A-4C1F-9C84-CC5D17ABAD96}
[2013/01/18 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/17 08:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/01/17 08:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/01/16 10:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spanish Accents CapsLock
[2013/01/16 10:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spanish Accents CapsLock
[2013/01/16 09:30:21 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{48488681-5A18-469E-9EAC-9D7BFCB6A1F1}
[2013/01/14 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{83A7E4BE-B8F9-4863-8E74-EE1289B3CEF2}
[2013/01/14 07:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/10 09:27:23 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{D3538ED7-896C-43FE-8B42-9D72967B8A6F}
[2013/01/09 23:22:37 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 23:22:37 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 23:22:37 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 23:22:37 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 23:22:37 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 23:22:37 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 23:22:37 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 23:22:37 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 23:22:37 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 23:22:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 23:22:37 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 23:22:37 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 23:22:34 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 23:22:34 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 23:22:34 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 23:22:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 23:22:22 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 23:22:22 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 23:22:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 23:22:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 23:22:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 23:22:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 23:22:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 23:22:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 23:22:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 23:22:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 23:22:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 23:22:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 23:22:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 23:22:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 23:22:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 13:52:49 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 13:52:08 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 13:52:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/08 21:26:34 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{8C873910-8A30-4B43-9F14-E52C023CFA03}
[2013/01/06 21:25:39 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{3A85EC47-7370-4FDE-A2D1-EC505C1BBE6F}
[2013/01/04 12:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2013/01/03 13:31:46 | 000,000,000 | ---D | C] -- C:\Users\Phil\Documents\Nero
[2013/01/03 13:15:31 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\FastStone
[2013/01/03 13:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
[2013/01/03 13:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Photo Resizer
[2013/01/03 09:23:54 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{B8499497-94AA-4EBC-AEDF-B90273E45249}
[2013/01/02 22:33:56 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\Eraser 6
[2012/12/31 21:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2012/12/31 10:31:37 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\NeroDigital™
[2012/12/31 08:10:16 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{9BC543BF-93D3-48B4-A69D-0D804A73CF9D}
[2012/12/30 22:44:52 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2012/12/30 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Roaming\BitTorrent
[2012/12/30 08:09:37 | 000,000,000 | ---D | C] -- C:\Users\Phil\AppData\Local\{4CE52483-838E-4ABD-9F8D-713DDB3BC3C3}
[2012/12/29 21:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/29 21:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/12/29 21:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/12/29 21:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/12/29 15:18:44 | 000,000,000 | R--D | C] -- C:\Users\Phil\Spanish
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/27 15:25:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4126229821-387955567-489164656-1000UA.job
[2013/01/27 15:01:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 15:01:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/27 14:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/27 11:52:01 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/27 09:20:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/01/27 09:13:25 | 000,017,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 09:13:25 | 000,017,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/27 09:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/27 09:03:28 | 2388,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/27 08:59:17 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 06:16:30 | 000,001,405 | ---- | M] () -- C:\Users\Phil\Desktop\SpanishMusic - Shortcut.lnk
[2013/01/26 19:25:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4126229821-387955567-489164656-1000Core.job
[2013/01/25 10:01:04 | 000,001,127 | ---- | M] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/01/25 10:01:04 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2013/01/25 09:00:04 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\SyncBack Cessna Final Documents.job
[2013/01/25 08:50:47 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/25 08:50:44 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/25 08:50:43 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/25 08:50:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/25 08:50:41 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/01/25 08:50:41 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/01/23 21:58:10 | 000,000,909 | ---- | M] () -- C:\Users\Phil\Desktop\Anki.lnk
[2013/01/22 15:46:49 | 000,026,624 | ---- | M] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2013/01/19 22:09:19 | 000,001,241 | ---- | M] () -- C:\Users\Phil\Desktop\Spanish Like Crazy Levels 1 2 - Shortcut.lnk
[2013/01/14 14:18:32 | 000,002,201 | ---- | M] () -- C:\Users\Phil\Desktop\Google Chrome.lnk
[2013/01/11 06:51:49 | 000,792,792 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013/01/11 06:51:49 | 000,792,664 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/01/11 06:51:49 | 000,747,390 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/11 06:51:49 | 000,702,034 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/11 06:51:49 | 000,426,832 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2013/01/11 06:51:49 | 000,420,380 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013/01/11 06:51:49 | 000,176,366 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013/01/11 06:51:49 | 000,165,806 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/01/11 06:51:49 | 000,163,768 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/11 06:51:49 | 000,134,402 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/11 06:51:49 | 000,132,262 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013/01/11 06:51:49 | 000,097,108 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2013/01/10 07:16:56 | 000,416,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/08 15:48:06 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/08 15:48:06 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/04 12:18:17 | 000,001,983 | ---- | M] () -- C:\Users\Phil\Desktop\JDownloader.lnk
[2013/01/03 13:29:31 | 000,001,010 | ---- | M] () -- C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/03 13:15:09 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012/12/31 21:36:25 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/27 11:52:01 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/27 08:59:17 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/27 06:16:30 | 000,001,405 | ---- | C] () -- C:\Users\Phil\Desktop\SpanishMusic - Shortcut.lnk
[2013/01/25 10:01:04 | 000,001,127 | ---- | C] () -- C:\Users\Phil\Application Data\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk
[2013/01/25 10:01:04 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2013/01/19 22:09:19 | 000,001,241 | ---- | C] () -- C:\Users\Phil\Desktop\Spanish Like Crazy Levels 1 2 - Shortcut.lnk
[2013/01/14 19:20:05 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4126229821-387955567-489164656-1000UA.job
[2013/01/14 19:20:04 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4126229821-387955567-489164656-1000Core.job
[2013/01/04 12:18:17 | 000,001,983 | ---- | C] () -- C:\Users\Phil\Desktop\JDownloader.lnk
[2013/01/04 12:18:11 | 000,001,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013/01/04 12:18:11 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2013/01/04 12:18:11 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013/01/03 13:15:09 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
[2012/12/31 21:36:25 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2012/12/31 21:36:25 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2012/12/05 18:56:01 | 000,001,024 | ---- | C] () -- C:\Users\Phil\.rnd
[2012/11/12 18:55:18 | 000,166,650 | ---- | C] () -- C:\Windows\hpoins31.dat.temp
[2012/11/12 18:55:18 | 000,001,691 | ---- | C] () -- C:\Windows\hpomdl31.dat.temp
[2012/11/07 09:04:11 | 000,000,092 | ---- | C] () -- C:\Users\Phil\AppData\Local\fusioncache.dat
[2012/11/05 07:51:07 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2012/11/04 18:45:28 | 000,133,929 | ---- | C] () -- C:\Windows\Magnifier Uninstaller.exe
[2012/11/04 17:22:03 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/11/04 17:21:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/11/04 15:32:36 | 000,792,792 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2012/11/04 15:32:36 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2012/11/04 15:32:36 | 000,176,366 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2012/11/04 15:32:36 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2012/11/04 13:32:27 | 000,792,664 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2012/11/04 13:32:27 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2012/11/04 13:32:27 | 000,165,806 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2012/11/04 13:32:27 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2012/11/04 13:32:26 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2012/11/04 13:32:25 | 000,420,380 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2012/11/04 13:32:25 | 000,229,316 | ---- | C] () -- C:\Windows\System32\perfi00D.dat
[2012/11/04 13:32:25 | 000,132,262 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2012/11/04 13:32:25 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2012/11/04 13:32:24 | 000,426,832 | ---- | C] () -- C:\Windows\System32\perfh00D.dat
[2012/11/04 13:32:24 | 000,097,108 | ---- | C] () -- C:\Windows\System32\perfc00D.dat
[2012/11/04 13:32:24 | 000,032,166 | ---- | C] () -- C:\Windows\System32\perfd00D.dat
[2012/11/04 13:32:23 | 000,747,390 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012/11/04 13:32:23 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012/11/04 13:32:23 | 000,163,768 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012/11/04 13:32:23 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009/12/10 11:10:26 | 000,004,744 | ---- | C] () -- C:\Users\Phil\CONFIG.INI_ShaiyaEvolution.ini
[2009/11/23 22:42:52 | 000,000,038 | ---- | C] () -- C:\Users\Phil\_lesshst
[2009/10/28 12:10:17 | 000,007,648 | ---- | C] () -- C:\Users\Phil\AppData\Local\resmon.resmoncfg
[2009/10/28 09:01:01 | 000,067,424 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/28 09:00:33 | 000,067,424 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to Geeks2Go GenBullmoose,

I took the time to check an install of that program. It's actually from an adware vendor Conversionads.

http://www.sophos.co...d-analysis.aspx

https://www.virustot...sis/1359843820/

And does carry with it a good few unwanted installs.

Posted Image

Posted Image

Posted Image

----------

Lets do two checks, then start repairs.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.



Download RogueKiller (http://www.sur-la-to...om/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement: ).

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
  • 0

#3
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you for your kindness in responding to my issue!

I ran RK and it found and stopped the "rubyw.exe" process. As soon as I ran RK is realized I didn't run it as Admin, so I closed and restarted RK. Below is from the report. I am going to reboot and rerun RK to see if I get anything else. Then I'll work on HiJack. Thank you again for your help, I'll update as I go.

RogueKiller V8.4.4 [Feb 1 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Phil [Admin rights]
Mode : Scan -- Date : 02/05/2013 14:11:29
| ARK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] rubyw.exe -- C:\Users\Phil\AppData\Local\Temp\ocrA0A1.tmp\bin\rubyw.exe -> KILLED [TermProc]
[SUSP PATH] rubyw.exe -- C:\Users\Phil\AppData\Local\Temp\ocrD7E7.tmp\bin\rubyw.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320421AS ATA Device +++++
--- User ---
[MBR] cd482d9600b6a1884362bb1fab1769de
[BSP] f284d00e71ded9af54c947d3c67d6977 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_02052013_02d1411.txt >>
RKreport[1]_S_02052013_02d1331.txt ; RKreport[2]_S_02052013_02d1411.txt

Edited by GenBullmoose, 05 February 2013 - 02:20 PM.

  • 0

#4
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Well, I restarted my computer and ran RK as Admin. "Rubyw.exe" process was killed again by RK, so RK didn't remove it. I saw in the RK Tutorial that this is normal behavior. I also haven't removed the 3 Registry things that RK found.

I noticed it is in an AppData directory and noticed the AppData contains over 8GB of files! I read on a web site that you can do this to get rid of temp files: Start,Run and type %tmp%,enter,Ctrl+A,delet and enter. Sounds good, I haven't done it yet because I recalled I'm not supposed to do anything before you give me instructions.

Edited by GenBullmoose, 05 February 2013 - 02:20 PM.

  • 0

#5
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Ruby is a programming language, that likely supports one of your installs there. RogueKiller just doesn't have it listed as OK. On that note, I still need to see the HijackThis install list please.
  • 0

#6
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Here is my Hijack file. I sure have a lot of stuff running. Again, I greatly appreciate your help!

Update: Deleted incorrect log file.

Edited by GenBullmoose, 07 February 2013 - 04:47 PM.

  • 0

#7
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I need you to reread my steps on HijackThis again please. That isn't the log I am looking for.
  • 0

#8
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Well, I thought it was a bit strange that log popped up without having to go completely through your directions. I will get the right log.
  • 0

#9
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay, this should be the correct file:

32 Bit HP CIO Components Installer
32 Bit HP CIO Components Installer
3RVX
7-Zip 9.20
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Amazon Cloud Drive
Anki
Apple Application Support
Apple Software Update
Babylon
BitTorrent
Blues for Piano and Keyboards Ch. 1 through 9 - Full Version
CamStudio
Chap 1 - How to Match Chords up with any Melody
Cool Timer 4.9.1
Coupon Printer for Windows
CutePDF Writer 2.8
D3DX10
Do Not Track Plus Add-on 2.2.2.1022
Eraser 6.0.9.2343
ETDWare PS/2-x86 7.0.5.7_WHQL
Evernote v. 4.6.1
FastStone Photo Resizer 3.1
Find Favorites (remove only)
Google Chrome
Google Talk Plugin
Google Update Helper
HijackThis 2.0.2
Hoyle Card Games 2005
Hoyle Friday Night Poker
HP Imaging Device Functions 13.0
HP Photosmart C6300 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HP Wireless Assistant
Java 7 Update 13
JDownloader 0.9
JGsoft PowerGREP 3 v.3.5.5
Junk Mail filter update
Keyboard LEDs
KeyNote 1.6.5
MagicDisc 2.7.106
Magnifier
Malwarebytes Anti-Malware version 1.70.0.1100
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008
Microsoft Mouse and Keyboard Center
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Virtual PC 2007 SP1
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WorldWide Telescope
Motorola SM56 Speakerphone Modem
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MP3 Skype Recorder
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8
neroxml
NVIDIA Drivers
OCR Software by I.R.I.S. 13.0
OGA Notifier 2.0.0048.0
Paint.NET v3.5
Pando Media Booster
Pattern Piano and Keyboard 4.0 - Full Version
PDF-Viewer
PDF-Viewer
PowerFingers Ch. 1
PowerFingers Ch. 2
PowerShell Community Extensions 1.2
PowerShellPack
Private Internet Access Support Files
PSPad editor
Quest PowerGUI 1.9.5
QuickTime
Realtek High Definition Audio Driver
Recuva
SDExplorer 3.1
Secunia PSI
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shop for HP Supplies
SketchUp 8
Skype™ 6.0
Smart PC Recorder - by freebird
Sothink FLV Player
Spanish Accents CapsLock version 2.0
SpeedFan (remove only)
Spybot - Search & Destroy
SRS Premium Sound Control Panel
Startup Delayer v3.0 (build 326)
Sun VirtualBox
SUPERAntiSpyware
SyncBack
TeamViewer 8
The Lord of the Rings Online™ v03.08.00.8025
TriKaraoke Free Player 1.03 and Manager 1.1
Ubuntu
UnzipThemAll 1.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 2.0.5
What's my computer doing 1.xx
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
WMI Tools
  • 0

#10
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Didn't answer your earlier question. The files in the AppData folders are important support files that run programs, and should be left alone. Many user settings are stored there as well.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

Babylon - Adware, spyware, search hijacker.
Coupon Printer for Windows - Spyware (why they give it away so freely).
Find Favorites - Not familiar with this, but I see in web searches it listed as an unwanted application.
Pando Media Booster - Every time you download a file using it, it then uses your bandwidth to share that file through it's P2P network.
BitTorrent - Highest risk software to use. We require you uninstall it as part of these repairs.

No idea about some others, such as Startup Delayer v3.0 and Private Internet Access Support Files, but I question their value.

----------

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

  • 0

Advertisements


#11
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I am still addressing this issue, but due to a family emergency I am away.

Please know that I appreciate your help! I will get back to this as soon as I can.
  • 0

#12
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I hope all goes well. Post when ready.
  • 0

#13
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I apologize for not getting back to you sooner. Things have settled down a bit.

* Babylon is a tool to translate various foriegn languages to English. Is this the same thing you're talking about?
* I didn't know I had the "Coupon Printer for Windows". SuperSpyware appears to have eliminated that one.
* "Find Favorites" is a program I use to search the "Favorites" folder on my hard drive. It is quite handy.
*I wasn't aware I had "Pando Media Booster", but I could swear I got that from CNet.com. CNet used to be a great place to download software, but now they install all sort of crapware, much of it without your knowledge or permission. I've quit using them totally.
* I've used Bittorrent in the past to exchange large files with some of my techie friends. Is it that dangerous to use? I completely stay away form P2P sites and ones like it.
* Startup Delayer is a program that keeps some programs from starting that I don't need immediately, so that my computer is ready to use more quickly. It then starts those programs when my computer isn't so busy like it is at startup.
* Private Internet Access is a program I use when I want to mask my location and ip address, which is most of the time. I don't think sites can track who you are so well this way so that I don't get a bunch of ads and such. And I think it protects in other ways.

Here is the file generated from AdwCleaner. Babylon is listed so heavily, I wonder if I should get rid of it:

# AdwCleaner v2.112 - Logfile created 02/17/2013 at 10:32:27
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Phil - PHIL-PC
# Boot Mode : Normal
# Running from : C:\Users\Phil\Downloads\adwcleaner0.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\abg07hit.default\bprotector_extensions.sqlite
File Found : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\bprotector_prefs.js
Folder Found : C:\Program Files\Babylon
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
Folder Found : C:\Users\Phil Howard\AppData\Local\Babylon
Folder Found : C:\Users\Phil Howard\AppData\Local\Temp\Babylon
Folder Found : C:\Users\Phil Howard\AppData\Roaming\Babylon
Folder Found : C:\Users\Phil Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zn258nu5.default\extensions\staged
Folder Found : C:\Users\Phil\AppData\Local\Babylon
Folder Found : C:\Users\Phil\AppData\Local\Coupon Companion Plugin
Folder Found : C:\Users\Phil\AppData\Local\Temp\Babylon
Folder Found : C:\Users\Phil\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\52e8c8fe534b849
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Babylon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\52e8c8fe534b849
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Key Found : HKLM\SOFTWARE\Classes\BabyDict
Key Found : HKLM\SOFTWARE\Classes\BabyGloss
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Key Found : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Key Found : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Key Found : HKLM\SOFTWARE\Classes\BabyOptFile
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\prefs.js

Found : user_pref("de.soerenrinne.googlebuttons.userlist", "Calendar,YouTube,Web Search,Mail,Maps,Plus,Voice[...]
Found : user_pref("[email protected]", true);

File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\kodjw15h.default\prefs.js

[OK] File is clean.

File : C:\Users\SQL2008SBS\AppData\Roaming\Mozilla\Firefox\Profiles\9z1uphsg.default\prefs.js

[OK] File is clean.

File : C:\Users\Phil Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zn258nu5.default\prefs.js

Found : user_pref("de.soerenrinne.googlebuttons.userlist", "Calendar,Mail,Web Search,Maps,Plus,Translate,You[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9893 octets] - [17/02/2013 10:32:27]

########## EOF - C:\AdwCleaner[R1].txt - [9953 octets] ##########
  • 0

#14
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Babylon is actually a major adware, and loads it's settings into all facets of your browser. Even though it will effect the outcome of the AdwCleaner, please uninstall Babylon (and any others I posted on earlier).


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
  • 0

#15
GenBullmoose

GenBullmoose

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I ran AdwCleaner and was amazed at the Babylon junk that was still present. I ran Malewarebytes and it said no malicious items were detected. There was no "Show Results" choice. I opened the log and pasted the results below.
The ESET Scanner said "no threats found" and did not have an option to save results to a text file. That scanner's progress bar showed 99% done at less than 40 minutes but took over 4 hours to complete. I was wondering if it would ever quit. :)


# AdwCleaner v2.112 - Logfile created 02/22/2013 at 13:53:42
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Phil - PHIL-PC
# Boot Mode : Normal
# Running from : C:\Users\Phil\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\abg07hit.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\bprotector_prefs.js
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Phil Howard\AppData\Local\Babylon
Folder Deleted : C:\Users\Phil Howard\AppData\Local\Temp\Babylon
Folder Deleted : C:\Users\Phil Howard\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Phil Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zn258nu5.default\extensions\staged
Folder Deleted : C:\Users\Phil\AppData\Local\Coupon Companion Plugin

***** [Registry] *****

Key Deleted : HKCU\Software\52e8c8fe534b849
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\52e8c8fe534b849
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\ebspg1v3.default-1353508612482\prefs.js

Deleted : user_pref("de.soerenrinne.googlebuttons.userlist", "Calendar,YouTube,Web Search,Mail,Maps,Plus,Voice[...]
Deleted : user_pref("[email protected]", true);

File : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\kodjw15h.default\prefs.js

[OK] File is clean.

File : C:\Users\SQL2008SBS\AppData\Roaming\Mozilla\Firefox\Profiles\9z1uphsg.default\prefs.js

[OK] File is clean.

File : C:\Users\Phil Howard\AppData\Roaming\Mozilla\Firefox\Profiles\zn258nu5.default\prefs.js

Deleted : user_pref("de.soerenrinne.googlebuttons.userlist", "Calendar,Mail,Web Search,Maps,Plus,Translate,You[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10022 octets] - [17/02/2013 10:32:27]
AdwCleaner[R2].txt - [8044 octets] - [22/02/2013 13:52:38]
AdwCleaner[S1].txt - [8147 octets] - [22/02/2013 13:53:42]

########## EOF - C:\AdwCleaner[S1].txt - [8207 octets] ##########


====================================================== MALWAREBYTES ==============================================
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.22.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Phil :: PHIL-PC [administrator]

2/22/2013 2:06:02 PM
mbam-log-2013-02-22 (14-06-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 311517
Time elapsed: 16 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP