Hello Gringo,
Here's the OTL log. Thanks, I appreciate your work.
OTL logfile created on: 7/2/2013 4:52:59 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.31% Memory free
7.49 Gb Paging File | 5.06 Gb Available in Paging File | 67.47% Paging File free
Paging file location(s): C:\pagefile.sys 4605 4605E:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 69.95 Gb Free Space | 30.05% Space Free | Partition Type: NTFS
Computer Name: JOHN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\bin\rubyw.exe (
http://www.ruby-lang.org/)
PRC - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\bin\rubyw.exe (
http://www.ruby-lang.org/)
PRC - C:\Program Files (x86)\Aurora\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Aurora\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\OAsrv.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oahlp.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
PRC - C:\Program Files\pia_manager\pia_manager.exe ()
PRC - C:\Program Files\pia_manager\openvpn.exe ()
PRC - C:\Program Files\pia_manager\pia_tray\pia_tray.exe ()
PRC - c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe (McAfee, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
========== Modules (No Company Name) ========== MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\bin\libeay32-1.0.0-msvcrt.dll ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\bin\ssleay32-1.0.0-msvcrt.dll ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\bin\ZLIB1.dll ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\src\rgloader\rgloader193.mswin.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrB8D3.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\src\rgloader\rgloader193.mswin.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so ()
MOD - C:\Users\Administrator\AppData\Local\Temp\ocrA65C.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so ()
MOD - C:\Program Files (x86)\Aurora\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll ()
MOD - C:\Program Files\pia_manager\pia_manager.exe ()
MOD - C:\Program Files\pia_manager\openvpn.exe ()
MOD - C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll ()
MOD - C:\Program Files\pia_manager\pia_tray\pia_tray.exe ()
MOD - C:\Program Files\pia_manager\lzo2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
========== Services (SafeList) ========== SRV:
64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:
64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:
64bit: - (Intel® -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV:
64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:
64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:
64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:
64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SvcOnlineArmor) -- C:\Program Files (x86)\Online Armor\OAsrv.exe (Emsisoft GmbH)
SRV - (OAcat) -- C:\Program Files (x86)\Online Armor\oacat.exe (Emsisoft GmbH)
SRV - (BRSptSvc) -- C:\ProgramData\BitRaider\BRSptSvc.exe (BitRaider, LLC)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV:
64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:
64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:
64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:
64bit: - (OAnet) -- C:\Windows\SysNative\drivers\OAnet.sys (Emsisoft)
DRV:
64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:
64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:
64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:
64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:
64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:
64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)
DRV:
64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:
64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:
64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:
64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:
64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:
64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:
64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:
64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:
64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:
64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:
64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6232e.sys (Intel Corporation)
DRV:
64bit: - (whfltr2k) -- C:\Windows\SysNative\drivers\whfltr2k.sys ()
DRV:
64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:
64bit: - (pmkbdfltr) -- C:\Windows\SysNative\drivers\pmkbdfltr.sys (PenMount)
DRV:
64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:
64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:
64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:
64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:
64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:
64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:
64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:
64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:
64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:
64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:
64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:
64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:
64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:
64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:
64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:
64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:
64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:
64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:
64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:
64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:
64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:
64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:
64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:
64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:
64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:
64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:
64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:
64bit: - (1394hub) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
DRV:
64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:
64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:
64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:
64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (OAmon) -- C:\Windows\SysWOW64\drivers\OAmon.sys (Emsisoft)
DRV - (OADevice) -- C:\Windows\SysWOW64\drivers\OADriver.sys ()
DRV - (oahlpXX) -- C:\Windows\SysWOW64\drivers\oahlp64.sys ()
DRV - (BRDriver64) -- C:\ProgramData\BitRaider\BRDriver64.sys (BitRaider)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory =
IE - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
https://duckduckgo.com"FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: anticontainer%40downthemall.net:1.2.3
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B455D905A-D37C-4643-A9E2-F6FEFAA0424A%7D:0.8.16
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: requestpolicy%40requestpolicy.com:0.5.27
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.6
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.2.3
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0a2
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9049
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20121003-1150: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20121013-0402: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120606-0237: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@gentek.com/thinclient: C:\IGG\twclient_us\npthinclient.dll (Generic Network)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 24.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013/07/01 16:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 24.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2013/07/01 16:12:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/10 22:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/17 16:39:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/27 20:15:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/17 16:06:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/17 22:36:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 24.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013/07/01 16:12:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Aurora 24.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2013/07/01 16:12:50 | 000,000,000 | ---D | M]
[2012/10/13 11:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2013/06/29 03:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions
[2013/05/28 15:59:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/06/11 22:57:37 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2013/05/28 15:59:07 | 000,000,000 | ---D | M] (Vauudix) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2013/06/29 03:12:26 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2013/06/29 03:12:19 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2013/03/03 14:37:52 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2013/03/04 23:09:59 | 000,094,120 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2012/10/13 22:20:25 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2013/06/26 05:25:31 | 000,172,839 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2012/10/13 11:27:00 | 000,620,484 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\
[email protected][2012/11/21 18:55:11 | 000,026,551 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{02c6f6b9-d610-4e7e-9441-243c96c8dfab}.xpi
[2012/10/13 11:33:21 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2013/06/22 15:37:25 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/05/09 01:01:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 23:52:22 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/02 04:46:49 | 000,001,911 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\animelyricscom.xml
[2013/01/28 07:58:12 | 000,002,289 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\dailymotion.xml
[2012/10/13 11:31:56 | 000,010,345 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\duckduckgo.xml
[2013/03/15 08:39:21 | 000,001,635 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\firefox-add-ons.xml
[2013/06/09 13:46:33 | 000,012,707 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\imdb.xml
[2012/11/09 20:12:24 | 000,001,886 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\lyricwiki-en.xml
[2013/01/24 05:49:09 | 000,002,580 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\wikihack-en.xml
[2013/06/28 21:27:36 | 000,002,057 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wa6y94a1.default\searchplugins\youtube-video-search.xml
[2013/06/11 23:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/11 18:27:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/11 23:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/11 23:44:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/10 22:50:01 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/06/17 16:39:34 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2013/06/27 20:15:29 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ========== CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url =
https://duckduckgo.c...q={searchTerms}CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Thinclient (Enabled) = C:\IGG\twclient_us\npthinclient.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: IGG Web3D Updater NP Plugin for Mozilla (Enabled) = C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll
CHR - plugin: JoyConnectShell NP Plugin for Mozilla (Enabled) = C:\Users\Administrator\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.8_0\
CHR - Extension: Vauudix = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\celebkbghbfpocebejpafoolfpfhmndj\1\
CHR - Extension: Adblock Plus = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: High Contrast = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph\0.5_0\
CHR - Extension: SiteAdvisor = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: avast! Online Security = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/06/25 22:38:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:
64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:
64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:
64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:
64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:
64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:
64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:
64bit: - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files (x86)\Online Armor\oaui.exe (Emsisoft GmbH)
O4:
64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:
64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3335941772-1571032007-1963969458-500\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A57CBF1-97F4-48DD-AE59-35C9D78F1DFD}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:
64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:
64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:
64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2013/07/01 23:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2013/07/01 18:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Faerie Solitaire
[2013/07/01 16:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora
[2013/06/30 20:36:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvel Heroes
[2013/06/27 22:26:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RK_Quarantine
[2013/06/27 21:52:22 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/06/27 20:16:07 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/06/27 20:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/06/27 20:16:06 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 20:16:03 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/06/27 20:16:03 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/06/27 20:15:59 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 20:15:55 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/06/27 20:15:14 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/06/26 18:40:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/26 18:22:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/26 00:32:50 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/06/26 00:22:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/25 22:09:06 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/06/25 15:14:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/25 15:13:12 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/23 00:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/06/23 00:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/06/23 00:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gazillion Entertainment
[2013/06/23 00:11:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BitRaider
[2013/06/23 00:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\BitRaider
[2013/06/22 22:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/06/22 22:20:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013/06/22 22:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013/06/22 00:18:15 | 000,000,000 | ---D | C] -- C:\bintheredunthat
[2013/06/20 21:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/20 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/20 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/20 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/20 21:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/20 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\GooredFix Backups
[2013/06/20 19:31:58 | 000,000,000 | ---D | C] -- C:\Device
[2013/06/20 19:22:50 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/06/20 16:59:14 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/06/20 16:58:51 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/06/20 16:58:51 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/06/20 16:58:51 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/06/18 23:42:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/18 23:42:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/18 23:42:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/18 23:03:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2013/06/18 02:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/06/17 22:38:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2013/06/17 22:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/06/17 22:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/06/17 22:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/17 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/06/17 22:32:24 | 001,070,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2013/06/17 22:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/06/17 22:32:23 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2013/06/17 22:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013/06/17 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2013/06/17 16:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/06/17 16:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2013/06/17 16:19:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OnlineArmor
[2013/06/17 16:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\OnlineArmor
[2013/06/17 16:16:47 | 000,052,368 | ---- | C] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2013/06/17 16:16:47 | 000,035,376 | ---- | C] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2013/06/17 16:16:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Armor
[2013/06/17 16:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Online Armor
[2013/06/17 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/17 16:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/06/17 16:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/06/17 16:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/06/17 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Secunia PSI
[2013/06/17 15:55:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013/06/17 15:43:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/17 15:43:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/17 15:05:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Awesomium
[2013/06/11 23:14:15 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/06/11 23:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/11 22:58:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\QuickScan
[2013/06/11 20:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/11 17:55:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/06/11 17:55:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/06/11 17:55:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/11 17:55:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/06/11 17:55:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/11 17:55:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/06/11 17:55:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/06/11 17:55:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/06/11 17:55:05 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/11 17:55:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/06/11 17:55:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/06/11 17:55:05 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/11 17:55:04 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/11 17:55:04 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/11 17:55:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/06/11 17:45:48 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/11 17:45:48 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/11 17:45:46 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/11 17:45:46 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/11 17:45:46 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/11 17:45:46 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/11 17:45:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/11 17:45:45 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/11 17:45:31 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/11 17:45:26 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/11 17:45:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/11 17:45:16 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/11 17:45:16 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/06/07 13:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/07/02 04:52:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/02 04:51:51 | 000,012,777 | ---- | M] () -- C:\Users\Administrator\Desktop\malware removal.rtf
[2013/07/02 04:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/02 00:52:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/01 23:35:21 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/07/01 23:35:20 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/07/01 23:35:20 | 000,122,904 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2013/07/01 23:35:20 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2013/07/01 20:50:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/01 20:50:15 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/01 15:49:19 | 000,005,428 | ---- | M] () -- C:\Users\Administrator\Desktop\possible money.rtf
[2013/06/29 00:52:51 | 000,002,513 | ---- | M] () -- C:\Users\Administrator\passgen3.ini
[2013/06/27 21:39:39 | 000,052,368 | ---- | M] (Emsisoft) -- C:\Windows\SysWow64\drivers\OAmon.sys
[2013/06/27 21:39:38 | 000,061,632 | ---- | M] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2013/06/27 21:36:59 | 000,062,016 | ---- | M] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2013/06/27 20:16:14 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/27 20:16:14 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/27 20:16:14 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 20:16:14 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 20:16:14 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 20:16:14 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 20:15:55 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/06/25 22:38:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/25 22:16:29 | 000,000,180 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20130625_221627.reg
[2013/06/25 22:16:19 | 000,014,984 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20130625_221615.reg
[2013/06/25 22:16:02 | 000,823,994 | ---- | M] () -- C:\Users\Administrator\Documents\cc_20130625_221557.reg
[2013/06/22 06:05:20 | 008,963,995 | ---- | M] () -- C:\Users\Administrator\AppData\Local\census.cache
[2013/06/22 05:13:59 | 000,111,746 | ---- | M] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2013/06/22 01:54:18 | 000,000,036 | ---- | M] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2013/06/21 23:50:29 | 000,007,608 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2013/06/21 23:45:18 | 000,000,035 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\SetValue.bat
[2013/06/20 19:32:06 | 007,340,032 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2013/06/20 16:58:43 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/06/20 16:58:41 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/06/20 16:58:41 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/06/20 16:58:40 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/06/20 16:58:39 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/06/20 16:58:39 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/06/19 23:01:29 | 000,035,376 | ---- | M] (Emsisoft) -- C:\Windows\SysNative\drivers\OAnet.sys
[2013/06/19 03:12:29 | 000,050,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/19 03:12:29 | 000,050,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/17 15:06:22 | 000,006,598 | ---- | M] () -- C:\Users\Administrator\Desktop\trimet.rtf
[2013/06/14 09:39:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/14 09:39:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/12 00:00:07 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/06/12 00:00:07 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/06/11 23:49:51 | 000,000,838 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/11 20:49:28 | 000,447,265 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.MVP
[2013/06/11 17:52:12 | 001,831,696 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/11 17:52:12 | 000,652,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/11 17:52:12 | 000,419,808 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013/06/11 17:52:12 | 000,417,398 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/06/11 17:52:12 | 000,121,882 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/06/11 17:52:12 | 000,121,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/11 17:52:12 | 000,120,000 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013/06/11 17:52:01 | 001,831,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/08 21:17:25 | 000,000,693 | ---- | M] () -- C:\Users\Administrator\Libraries - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/06/27 20:16:14 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/27 20:16:14 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/27 20:16:14 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/27 20:15:58 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/27 20:15:57 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/06/25 22:16:28 | 000,000,180 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20130625_221627.reg
[2013/06/25 22:16:16 | 000,014,984 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20130625_221615.reg
[2013/06/25 22:15:59 | 000,823,994 | ---- | C] () -- C:\Users\Administrator\Documents\cc_20130625_221557.reg
[2013/06/25 14:27:14 | 000,012,777 | ---- | C] () -- C:\Users\Administrator\Desktop\malware removal.rtf
[2013/06/22 06:05:20 | 008,963,995 | ---- | C] () -- C:\Users\Administrator\AppData\Local\census.cache
[2013/06/22 05:13:59 | 000,111,746 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2013/06/22 01:54:18 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2013/06/21 23:45:18 | 000,000,035 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\SetValue.bat
[2013/06/18 23:42:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/18 23:42:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/18 23:42:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/18 23:42:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/18 23:42:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/17 22:36:51 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/17 16:16:47 | 000,062,016 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys
[2013/06/17 16:16:47 | 000,061,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys
[2013/06/17 15:55:26 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013/06/11 23:49:51 | 000,000,838 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/06/11 23:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/06/08 21:17:25 | 000,000,693 | ---- | C] () -- C:\Users\Administrator\Libraries - Shortcut.lnk
[2013/04/11 19:00:46 | 000,000,052 | ---- | C] () -- C:\Users\Administrator\jagex_cl_runescape_LIVE.dat
[2013/04/11 19:00:46 | 000,000,024 | ---- | C] () -- C:\Users\Administrator\random.dat
[2013/02/25 16:38:50 | 000,000,056 | ---- | C] () -- C:\Windows\kgt2k.INI
[2013/01/13 03:37:22 | 000,000,032 | ---- | C] () -- C:\Windows\scummvm.ini
[2012/12/14 05:48:04 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/12/04 03:09:51 | 001,831,696 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/15 12:30:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/15 16:21:19 | 000,004,140 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2012/10/14 20:34:49 | 000,002,513 | ---- | C] () -- C:\Users\Administrator\passgen3.ini
[2012/10/13 12:05:11 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/10/13 11:13:16 | 007,340,032 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2012/10/13 02:01:20 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/03 22:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/03 22:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 06:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 06:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 06:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >