Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winxp runtime error when running malwarebytes

Started by sanger440 , Feb 16 2013 08:43 PM

  • Please log in to reply

#1
sanger440
Posted 16 February 2013 - 08:43 PM

sanger440

    New Member

  • Member
  • Pip
  • 1 posts
I am trying to clean a winxp install that cannot open IE explorer or Chrome. It does have internet access. When I try to run Malwarebytes I get Runtime error 372, failed to load control webrowser from iframe.dll may be outdated.

I believe some kind of malware is responsible as the machine quit working after installing a bunch of games (warcraft, legend of grimrock,etc) and doing a bunch of patch downloads.

OTL output:

OTL logfile created on: 2/16/2013 6:26:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 609.59 Mb Available Physical Memory | 59.62% Memory free
2.40 Gb Paging File | 2.10 Gb Available in Paging File | 87.36% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 132.56 Gb Free Space | 71.16% Space Free | Partition Type: NTFS
Drive D: | 45.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MAXIMUS-DT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/16 18:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/01/15 16:14:42 | 000,209,192 | ---- | M] (Stronghold LLC) -- C:\Program Files\Strongvault Online Backup\ClientMessenger.exe
PRC - [2013/01/03 03:43:58 | 001,259,448 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/12/05 22:24:36 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/04 09:43:30 | 001,851,192 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2012/09/30 23:23:54 | 000,150,328 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2012/05/22 08:21:28 | 000,222,368 | ---- | M] () -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
PRC - [2010/09/25 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/15 16:14:36 | 000,014,336 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\BusinessLogic.StrongholdManagement.dll
MOD - [2013/01/15 16:14:35 | 000,006,656 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Infrastructure.Metrics.dll
MOD - [2013/01/15 16:14:34 | 000,009,216 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Infrastructure.Metadata.dll
MOD - [2013/01/15 16:14:34 | 000,006,144 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Infrastructure.Helpers.dll
MOD - [2013/01/15 16:14:30 | 000,017,920 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Metrics.Dispatching.dll
MOD - [2013/01/15 16:14:30 | 000,009,728 | ---- | M] () -- C:\Program Files\Strongvault Online Backup\Environment.Identification.dll
MOD - [2013/01/03 03:43:58 | 001,564,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2013/01/03 03:43:58 | 000,357,224 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2012/12/07 19:09:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\b75ca75b9c2eb103f98a457ec9256ce7\System.Xml.Linq.ni.dll
MOD - [2012/12/07 19:07:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\99d5831f6840940555a679233e1e3139\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/12/07 19:07:43 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll
MOD - [2012/12/07 19:07:11 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\7efd419147611323505605be3ecee5d5\System.Runtime.Serialization.ni.dll
MOD - [2012/12/07 19:05:47 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll
MOD - [2012/12/07 19:05:42 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll
MOD - [2012/12/07 19:05:31 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll
MOD - [2012/12/07 19:05:19 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\d309c7e5107b3aed78e097659f94543b\System.Data.ni.dll
MOD - [2012/12/07 19:05:14 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\3710da7b61c2c4ed10903487dbde1c35\System.Core.ni.dll
MOD - [2012/12/07 19:03:59 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll
MOD - [2012/12/07 19:03:42 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll
MOD - [2012/12/07 19:02:59 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/04 19:50:36 | 000,088,688 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2012/05/22 08:21:28 | 000,222,368 | ---- | M] () -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe


========== Services (SafeList) ==========

SRV - [2013/02/08 19:03:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/18 15:59:29 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/03 03:43:58 | 001,259,448 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/05 22:24:36 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/30 23:22:06 | 000,295,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/06/03 10:44:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2012/05/22 08:21:28 | 000,222,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe -- (Updater Service for AMZN)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/16 10:58:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/02/16 10:04:05 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/09/18 01:33:00 | 000,043,960 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2012/09/18 01:33:00 | 000,039,608 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2012/09/18 01:33:00 | 000,030,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2012/09/18 01:32:56 | 000,012,216 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2012/07/03 07:25:19 | 000,124,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/06/03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/09/25 04:00:00 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mvxxmm.sys -- (mvxxmm)
DRV - [2010/09/25 04:00:00 | 000,005,632 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mv61xxmm.sys -- (mv61xxmm)
DRV - [2009/11/13 19:05:04 | 000,594,048 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/07/07 06:48:14 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2009/06/12 09:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2009/03/25 10:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/07/01 18:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.co...age={startPage}
IE - HKLM\..\SearchScopes\{6BA4BBC5-3A34-465E-A7AD-CA216AD72022}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\W3i\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\SearchScopes,DefaultScope = {6B528F7B-1290-4F85-BA27-8515B393FF4B}
IE - HKCU\..\SearchScopes\{009E33E3-812C-4E51-8097-60DBCC09956B}: "URL" = http://search.yahoo....205,16665,0,8,0
IE - HKCU\..\SearchScopes\{045F220F-52C4-4540-B470-A33AE3DF2CC6}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6B528F7B-1290-4F85-BA27-8515B393FF4B}: "URL" = http://www.google.co...1I7NDKB_enUS514
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: We-Care.com Reminder = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.30_0\
CHR - Extension: Amazon for Chrome = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.275_0\

O1 HOSTS File: ([2010/09/25 04:00:00 | 000,000,781 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\W3i\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [Messenger] C:\Program Files\Strongvault Online Backup\ClientMessenger.exe (Stronghold LLC)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABF68D52-0F33-4A7F-B45E-50C7F50D6833}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/12/05 17:57:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/15 21:42:56 | 000,196,623 | R--- | M] () - D:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2009/03/07 17:54:44 | 001,297,408 | R--- | M] (Linasoft) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/03/15 21:42:56 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{80621610-504a-11e2-8cdb-0014a53c4e10}\Shell - "" = AutoRun
O33 - MountPoints2\{80621610-504a-11e2-8cdb-0014a53c4e10}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{80621610-504a-11e2-8cdb-0014a53c4e10}\Shell\AutoRun\command - "" = J:\unlock.exe autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- [2009/03/07 17:54:44 | 001,297,408 | R--- | M] (Linasoft)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/16 18:07:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/16 11:00:45 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/02/16 10:44:34 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/02/16 10:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/02/16 10:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\RK_Quarantine
[2013/02/16 10:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\virusscan
[2013/02/16 09:29:42 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/06 21:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth
[2013/02/01 23:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Quick PC Booster
[2013/02/01 23:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Strongvault Online Backup
[2013/02/01 23:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2013/02/01 23:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Strongvault
[2013/02/01 23:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Strongvault Online Backup
[2013/02/01 23:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Strongvault Online Backup
[2013/02/01 23:38:18 | 000,000,000 | --SD | C] -- C:\AI_RecycleBin
[2013/02/01 23:33:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/02/01 23:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\W3i
[2013/02/01 23:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall Helper
[2013/02/01 23:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2013/02/01 23:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\NetAssistant
[2013/02/01 23:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2013/02/01 23:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/02/01 23:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/02/01 23:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/02/01 23:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2013/02/01 23:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/02/01 23:30:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/02/01 15:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Coupons
[2013/01/31 19:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Almost Human
[2013/01/26 10:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013/01/25 23:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\OI App Manager
[2013/01/25 23:17:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Amazon Browser Bar
[2013/01/25 23:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon Browser Bar
[2013/01/25 23:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/01/25 22:51:31 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/01/25 10:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Command & Conquer Technical Help
[2013/01/25 10:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Chivalry Technical Help
[2013/01/25 09:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2013/01/24 23:43:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/01/24 22:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2013/01/24 22:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/01/24 22:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/01/24 22:31:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2013/01/24 13:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/16 18:27:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/16 18:24:14 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/16 18:23:58 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/02/16 18:20:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/16 18:14:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/16 18:13:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/16 18:07:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/02/16 11:04:38 | 000,157,932 | ---- | M] () -- C:\MGlogs.zip
[2013/02/16 11:04:38 | 000,157,932 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MGlogs.zip
[2013/02/16 10:44:34 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/02/16 10:04:05 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/02/16 09:26:02 | 000,002,974 | ---- | M] () -- C:\WINDOWS\opentargetdir.vbs
[2013/02/16 08:59:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/16 08:44:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/01 17:34:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/31 18:59:04 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Legend of Grimrock.url
[2013/01/26 11:38:14 | 000,281,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2013/01/26 11:37:28 | 000,281,768 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2013/01/26 11:16:58 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/01/26 11:16:58 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/01/26 11:16:54 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/01/26 11:14:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/01/25 10:19:04 | 000,000,463 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\My Pictures.lnk
[2013/01/25 10:17:49 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chivalry Medieval Warfare.url
[2013/01/25 09:32:22 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
[2013/01/25 09:31:53 | 000,000,420 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Financials.lnk
[2013/01/24 22:26:47 | 000,407,160 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/24 22:26:47 | 000,061,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/16 11:04:38 | 000,157,932 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MGlogs.zip
[2013/02/16 11:00:46 | 000,157,932 | ---- | C] () -- C:\MGlogs.zip
[2013/02/16 10:04:05 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/31 18:59:04 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Legend of Grimrock.url
[2013/01/26 11:16:11 | 000,015,449 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/01/25 10:19:04 | 000,000,463 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\My Pictures.lnk
[2013/01/25 10:17:49 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chivalry Medieval Warfare.url
[2013/01/25 09:32:22 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
[2013/01/25 09:31:53 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Financials.lnk
[2013/01/12 08:18:49 | 000,060,864 | ---- | C] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2013/01/06 16:24:35 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2013/01/06 16:04:08 | 000,110,410 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2013/01/06 16:04:08 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2012/12/22 15:00:50 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ra3.ini
[2012/12/07 22:12:56 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/12/07 19:31:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/12/07 18:20:11 | 000,139,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/12/07 18:20:11 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2012/12/07 18:19:55 | 000,281,768 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/12/07 18:19:53 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/12/07 18:19:48 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2012/12/05 23:45:48 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012/12/05 23:18:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/12/05 23:07:21 | 000,088,688 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/12/05 23:00:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/12/05 23:00:19 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/12/05 23:00:19 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/12/05 23:00:09 | 002,816,600 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/05 22:27:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/12/05 21:41:48 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/12/05 21:41:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2012/12/05 17:59:29 | 000,155,720 | ---- | C] () -- C:\WINDOWS\System32\CDR.exe
[2012/12/05 17:59:29 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\cdimage.exe
[2012/12/05 17:57:45 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/12/05 17:55:50 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/12/05 17:51:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/12/05 17:49:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/12/05 17:48:40 | 000,111,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2012/12/05 22:03:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/25 04:00:00 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2010/09/25 04:00:00 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2010/09/25 04:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/06 00:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2012/12/11 19:40:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2012/12/11 23:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Alert 3
[2012/12/30 15:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/01 23:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2012/12/09 16:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/12/06 00:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/02/16 10:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/02/01 23:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quick PC Booster
[2013/02/02 10:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
[2013/02/01 23:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/02/01 23:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\W3i
[2013/02/01 23:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder

========== Purity Check ==========



< End of report >


Thanks
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP