Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PUP.Optional.OpenCandy detected [Solved]


  • This topic is locked This topic is locked

#1
misshot

misshot

    Member

  • Member
  • PipPip
  • 55 posts
Hi,

Realized something is missing when my pc is kinda slower than usual so i scan it with MBAM and PUP.Optional.OpenCandy was detected. So i need help here to remove it and clean the pc again.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:53 PM, on 19/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\EMET\EMET_notifier.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...SARIO&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

--
End of file - 5718 bytes
--

And also,

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Jc :: COMPAQC700 [administrator]

19/08/2013 8:54:48 PM
MBAM-log-2013-08-19 (23-44-08).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 428301
Time elapsed: 2 hour(s), 48 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\MediaInfo\OpenCandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> No action taken.

(end)
  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello misshot :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean.

I strongly recommend you backup your personal files and folders.





O.K let's begin :)

HijackThis is a bit dated so let's use a more in depth scanning tool. Spybot S+D can interfere with our tools so please Disable until we are finished cleaning. Follow in the order given.

1. Disable Spybot S+D
  • Run Spybot-S&D
  • Go to the Mode menu and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
  • Restart your computer.

2. DOWNLOAD OTL
  • Using this link Download OTL and save it to your Desktop
  • If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

3. Run ADWcleaner
  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator then select Search
  • The search will complete and a log produced I need to see this log.


Things I want to see in your next post.
  • OTL.txt
  • Extras.TXT
  • ADWcleaner log.

  • 0

#3
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi,

Not able to find the option to turn off the S&D Resident Teatimer so i proceed without turning it off.
Here's the result.

OTL.txt

OTL logfile created on: 20/08/2013 2:36:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jc\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.50% Memory free
3.98 Gb Paging File | 2.67 Gb Available in Paging File | 67.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.51 Gb Total Space | 6.24 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive D: | 7.54 Gb Total Space | 2.38 Gb Free Space | 31.56% Space Free | Partition Type: NTFS

Computer Name: COMPAQC700 | User Name: Jc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/20 13:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
PRC - [2013/08/19 19:22:49 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/26 17:18:00 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/26 17:16:25 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/06/26 17:16:13 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/26 17:16:13 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 19:22:48 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/19 18:27:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\869523b43080bd707966444972bc8eef\System.Windows.Forms.ni.dll
MOD - [2013/08/19 18:27:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ef9c62e7806b5f461a762709e3f531e\System.Drawing.ni.dll
MOD - [2013/08/19 18:26:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98707c4b7b8ecf87ae85618de04564c9\System.ni.dll
MOD - [2013/07/10 13:41:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bb95b73d99bc2f61c750b3fa46f4f5a1\mscorlib.ni.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/08/19 19:22:48 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/10 13:52:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/26 17:18:00 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/26 17:16:13 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/10/28 18:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/25 00:12:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/09 19:29:25 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jc\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunBoundIS\apf001.sys -- (apf001)
DRV - [2013/03/28 11:11:34 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/03/28 11:11:34 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/03/28 11:11:34 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/26 19:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 20:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/08/25 01:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/25 01:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/09/16 03:34:14 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009/06/18 00:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/08 19:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 06:07:54 | 000,163,328 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{F3DA77C8-81F7-466E-8C43-C780B1993929}: "URL" = http://sg.search.yah...ing}&fr=hp-pvnb


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{FF501EC5-1B40-4547-B4BB-DF53730D0DA2}: "URL" = http://www.google.co...startPage}&rlz=
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://goodman78.com...out/?locale=en"
FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1.3
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Be1c8879e-9db4-4adf-92d2-d4856bd434ef%7D:1.1.9.2
FF - prefs.js..extensions.enabledAddons: %7Be36db930-f18d-4449-b45f-e286cfb9e03a%7D:4.0.11120600
FF - prefs.js..extensions.enabledAddons: %7Bf01f4cbe-b8a8-4c37-94b3-119d8779e7e0%7D:2.0
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2013.02.16.23
FF - prefs.js..extensions.enabledAddons: %7BAA052FD6-366A-4771-A591-0D8DC551585D%7D:1.1.28
FF - prefs.js..extensions.enabledAddons: fabtab%40captaincaveman.nl:1.5.2
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.11
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.20
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:4.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:4.0.11022100
FF - prefs.js..extensions.enabledItems: {e1c8879e-9db4-4adf-92d2-d4856bd434ef}:1.1.9.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 13:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 11:06:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/01/09 11:06:08 | 000,000,000 | ---D | M]

[2009/12/27 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions
[2009/12/27 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/16 14:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions
[2013/06/18 17:33:26 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/08/11 21:24:28 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/07/03 20:50:29 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/01/25 17:21:49 | 000,000,000 | ---D | M] (text/plain) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e1c8879e-9db4-4adf-92d2-d4856bd434ef}
[2011/12/15 10:11:42 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2013/03/27 09:54:24 | 000,085,870 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/04/29 12:11:36 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/02/18 09:55:39 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/06/13 09:58:52 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/01/06 16:39:09 | 000,244,900 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/08/16 14:11:35 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/18 09:55:39 | 000,201,966 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}.xpi
[2013/08/02 10:39:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/31 14:16:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/03/23 15:12:11 | 000,008,977 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}.xpi
[2009/09/10 17:55:27 | 000,467,548 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\WiredMarker\cache\2009\09\10\17\d144047a3e1c4a47ab29763ea38d90bb\20090910175343\update_files\3.xpi
[2013/05/17 12:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/19 19:22:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2003/03/18 21:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2009/09/21 09:05:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/03/21 17:41:26 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll

========== Chrome ==========


O1 HOSTS File: ([2013/08/19 20:54:59 | 000,975,933 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 30793 more lines...
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Jc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..Trusted Domains: starhub.com ([secure] https in Trusted sites)
O15 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..Trusted Domains: starhubgee.com.sg ([login] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{252E5999-367D-40D8-B22F-EA0BF0A48123}: DhcpNameServer = 203.116.254.150 203.116.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D24E04-403E-4FE4-8445-ADCFFF1AE03F}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CACC38-458B-485F-996A-DFB707D43D62}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3ED816-9351-49FB-BE63-FA53244115EF}: DhcpNameServer = 203.116.254.150 203.116.1.94
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/20 14:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/08/20 14:24:26 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/08/20 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/08/20 13:02:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
[2013/08/20 12:50:25 | 037,672,592 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Jc\Desktop\spybotsd-2.1.21-SR2.exe
[2013/08/20 12:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jc\Documents\ProcAlyzer Dumps
[2013/08/19 19:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/19 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/19 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/11 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic
[2013/08/11 21:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/20 14:36:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/20 14:30:29 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/20 14:30:29 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/20 14:24:31 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/08/20 14:23:34 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/20 14:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/20 14:19:12 | 000,498,773 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.dwg
[2013/08/20 13:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/20 13:36:11 | 000,128,805 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 3rd sty.pdf
[2013/08/20 13:35:33 | 000,179,267 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 2nd sty.pdf
[2013/08/20 13:34:46 | 000,168,185 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 1st sty.pdf
[2013/08/20 13:03:30 | 000,666,633 | ---- | M] () -- C:\Users\Jc\Desktop\AdwCleaner.exe
[2013/08/20 13:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
[2013/08/20 12:53:55 | 037,672,592 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Jc\Desktop\spybotsd-2.1.21-SR2.exe
[2013/08/19 20:54:59 | 000,975,933 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2013/08/19 19:22:58 | 000,001,999 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/19 11:32:21 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/19 11:32:21 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/15 11:02:28 | 000,022,463 | ---- | M] () -- C:\Users\Jc\Desktop\Completed VO List - Daud.pdf
[2013/08/15 09:51:31 | 000,097,210 | ---- | M] () -- C:\Users\Jc\Desktop\Statement of VO Claim.pdf
[2013/08/11 22:52:39 | 000,004,964 | ---- | M] () -- C:\Users\Jc\Desktop\Win7LogonBackgroundChanger_Click.wma
[2013/08/11 22:00:28 | 000,057,016 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Please patch up false ceiling within this 2 days (Preparation for chinese new year).pdf
[2013/08/11 21:59:36 | 000,079,354 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ 39_41 Jalan Daud - Defect item (06_12_12).pdf
[2013/08/11 21:58:06 | 000,074,563 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Defect lists.pdf
[2013/08/11 21:55:46 | 000,070,118 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Leakages from ceiling.pdf
[2013/08/11 21:44:00 | 000,002,013 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/06 11:30:46 | 000,287,011 | ---- | M] () -- C:\Users\Jc\Desktop\Defence and Counterclaim.pdf
[2013/08/05 10:18:00 | 050,715,213 | ---- | M] () -- C:\Users\Jc\Desktop\6 & 8 Jalan Redop.dwg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/20 14:24:31 | 000,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/08/20 14:24:31 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/08/20 13:36:25 | 000,128,805 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 3rd sty.pdf
[2013/08/20 13:35:47 | 000,179,267 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 2nd sty.pdf
[2013/08/20 13:35:10 | 000,168,185 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 1st sty.pdf
[2013/08/20 13:03:22 | 000,666,633 | ---- | C] () -- C:\Users\Jc\Desktop\AdwCleaner.exe
[2013/08/19 20:19:21 | 000,498,773 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.dwg
[2013/08/15 11:02:34 | 000,022,463 | ---- | C] () -- C:\Users\Jc\Desktop\Completed VO List - Daud.pdf
[2013/08/15 09:51:43 | 000,097,210 | ---- | C] () -- C:\Users\Jc\Desktop\Statement of VO Claim.pdf
[2013/08/11 22:52:39 | 000,004,964 | ---- | C] () -- C:\Users\Jc\Desktop\Win7LogonBackgroundChanger_Click.wma
[2013/08/11 21:59:57 | 000,057,016 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Please patch up false ceiling within this 2 days (Preparation for chinese new year).pdf
[2013/08/11 21:58:29 | 000,079,354 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ 39_41 Jalan Daud - Defect item (06_12_12).pdf
[2013/08/11 21:56:27 | 000,074,563 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Defect lists.pdf
[2013/08/11 21:54:57 | 000,070,118 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Leakages from ceiling.pdf
[2013/08/06 14:23:44 | 050,715,213 | ---- | C] () -- C:\Users\Jc\Desktop\6 & 8 Jalan Redop.dwg
[2013/08/06 11:07:18 | 000,287,011 | ---- | C] () -- C:\Users\Jc\Desktop\Defence and Counterclaim.pdf
[2010/10/20 22:18:01 | 000,005,632 | ---- | C] () -- C:\Users\Jc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 16:30:02 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/07 00:37:47 | 000,007,600 | ---- | C] () -- C:\Users\Jc\AppData\Local\resmon.resmoncfg
[2009/11/06 22:58:33 | 000,006,196 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/25 14:21:00 | 000,023,413 | ---- | C] () -- C:\Users\Jc\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Jc\AppData\Roaming\Mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/21 16:58:00 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\.minecraft
[2010/01/06 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Autodesk
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Canon
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Datalayer
[2009/12/27 17:20:07 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\FlashGet
[2011/01/12 13:12:56 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\fltk.org
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Forge of Games
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Foxit
[2010/01/07 10:49:44 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Foxit Software
[2012/03/02 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\GetRightToGo
[2013/05/13 11:46:29 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\IGC
[2009/11/07 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Leadertech
[2010/10/22 14:49:43 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Mirillis
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\muvee Technologies
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\NewSoft
[2010/10/20 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Nokia
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Oberon Media
[2010/10/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PC Suite
[2010/09/13 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PC-FAX TX
[2008/02/25 14:21:00 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PeerNetworking
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PlayFirst
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Publish Providers
[2012/03/07 13:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PureEdge
[2012/06/27 22:07:32 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\redsn0w
[2013/06/26 17:13:44 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SanDisk
[2013/06/13 09:59:51 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SanDisk SecureAccess
[2010/09/13 11:37:47 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\ScanSoft
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Sony
[2010/01/04 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SystemRequirementsLab
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Template
[2011/12/27 23:33:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Thinstall
[2009/12/27 17:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Thunderbird
[2009/12/02 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Uniblue
[2013/08/19 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\uTorrent
[2012/03/02 15:36:17 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\WinAVI
[2010/09/13 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Zeon
[2012/03/27 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 14:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is Win 7
Volume Serial Number is 596B-C4C1
Directory of C:\
14/07/2009 12:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 12:53 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 12:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 12:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 12:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 12:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 12:53 PM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 12:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 12:53 PM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 12:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 12:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 12:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 12:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 12:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 12:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 12:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 12:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 12:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 12:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 12:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 12:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 12:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 12:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 12:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 12:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 12:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 12:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Jc
06/11/2009 10:09 PM <JUNCTION> Application Data [C:\Users\Jc\AppData\Roaming]
06/11/2009 10:09 PM <JUNCTION> Cookies [C:\Users\Jc\AppData\Roaming\Microsoft\Windows\Cookies]
06/11/2009 10:09 PM <JUNCTION> Local Settings [C:\Users\Jc\AppData\Local]
06/11/2009 10:09 PM <JUNCTION> My Documents [C:\Users\Jc\Documents]
06/11/2009 10:09 PM <JUNCTION> NetHood [C:\Users\Jc\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/11/2009 10:09 PM <JUNCTION> PrintHood [C:\Users\Jc\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/11/2009 10:09 PM <JUNCTION> Recent [C:\Users\Jc\AppData\Roaming\Microsoft\Windows\Recent]
06/11/2009 10:09 PM <JUNCTION> SendTo [C:\Users\Jc\AppData\Roaming\Microsoft\Windows\SendTo]
06/11/2009 10:09 PM <JUNCTION> Start Menu [C:\Users\Jc\AppData\Roaming\Microsoft\Windows\Start Menu]
06/11/2009 10:09 PM <JUNCTION> Templates [C:\Users\Jc\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Jc\AppData\Local
06/11/2009 10:09 PM <JUNCTION> Application Data [C:\Users\Jc\AppData\Local]
06/11/2009 10:09 PM <JUNCTION> History [C:\Users\Jc\AppData\Local\Microsoft\Windows\History]
06/11/2009 10:09 PM <JUNCTION> Temporary Internet Files [C:\Users\Jc\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Jc\Documents
06/11/2009 10:09 PM <JUNCTION> My Music [C:\Users\Jc\Music]
06/11/2009 10:09 PM <JUNCTION> My Pictures [C:\Users\Jc\Pictures]
06/11/2009 10:09 PM <JUNCTION> My Videos [C:\Users\Jc\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 12:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 12:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 12:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
49 Dir(s) 6,698,795,008 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

Extra.txt

OTL Extras logfile created on: 20/08/2013 2:36:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jc\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.50% Memory free
3.98 Gb Paging File | 2.67 Gb Available in Paging File | 67.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.51 Gb Total Space | 6.24 Gb Free Space | 4.41% Space Free | Partition Type: NTFS
Drive D: | 7.54 Gb Total Space | 2.38 Gb Free Space | 31.56% Space Free | Partition Type: NTFS

Computer Name: COMPAQC700 | User Name: Jc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{58E7263F-6BED-4BBB-9498-EA6F75B9511C}" = lport=58290 | protocol=17 | dir=in | name=pando media booster |
"{773CC835-BE65-42D9-B0D0-74796CE7E0F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8724EF35-18D7-4278-B044-61E98F9EE013}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{AC4BF0C2-8076-436C-9995-0845C7F902DA}" = lport=58290 | protocol=6 | dir=in | name=pando media booster |
"{BC7DBA64-2915-4475-9F17-6C8383AF2FC8}" = lport=58290 | protocol=17 | dir=in | name=pando media booster |
"{C9BAC194-F7DF-40A9-981D-079A2D04653E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F81338AA-F2DB-4C87-A2C6-84B0A56B76F6}" = lport=58290 | protocol=6 | dir=in | name=pando media booster |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BF6A1C3-F7A8-4DAA-9E6C-E0625D62A604}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0D28A144-270D-4E62-847E-092371DFD14A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1422C7F5-729D-41D1-A857-E26B0E749333}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1557E2CC-A856-4271-9CDF-85E8E359009A}" = protocol=17 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{24BD58AD-7F4B-4F28-8F2F-4CBA3C2A1A36}" = protocol=17 | dir=in | app=c:\program files\iahgames\counter-strike online\nmservice.exe |
"{51D735FB-2D42-485D-B460-29090CCC55FB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{63FA153A-0E0B-422F-BD78-33FB085877B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65B9F904-3C3C-457E-A5C0-8961875E39D3}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08y\faxrx.exe |
"{83EB089E-6D1C-4316-925A-0F1B1263F28B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{98DFEEF6-28CF-4F60-B0C9-68DEAD66BEAD}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08y\faxrx.exe |
"{990D8087-E412-44C9-933C-BB84621084DC}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{99BA895D-FDDF-4FD6-BEBF-55953E57A89A}" = protocol=6 | dir=in | app=c:\program files\iahgames\counter-strike online\cstrike-online.exe |
"{ABFE95F0-99D9-4143-A6B7-EAE217A1B5A3}" = protocol=6 | dir=in | app=c:\program files\brother\bradmin light\bradmlight.exe |
"{B4BB6A1F-4860-43A3-B1AE-11B819BF3433}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CA3ED5F7-8C88-4AE7-8875-B24242A4D0C1}" = protocol=6 | dir=in | app=c:\program files\iahgames\counter-strike online\nmservice.exe |
"{D7334A1C-3608-46DB-A29C-2BA05928D6C3}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DEEDF8E3-8EBB-4174-8AAC-6F7EC1699740}" = protocol=17 | dir=in | app=c:\program files\iahgames\counter-strike online\cstrike-online.exe |
"{E32E6FEA-7C19-46B2-A4B0-E290FDF1A662}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EFDC9A18-2C48-4777-912A-1980B60BC823}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{019ACEC2-9888-420E-8839-EC46A7041175}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{28A6AE23-8B23-4C09-960E-258C8ABE831B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{4787351B-7D29-48C1-B11D-576FA52771CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7BCD5F30-3FD5-4E34-93A5-1365CAA593D4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B0B28E95-9B87-42B1-A821-D5A5B04172C3}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{36690FB9-047C-4A1C-80C5-23496A09855F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{57C487CF-B511-4890-ABF2-89ECA707174C}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{B882AF79-7EFB-4ABD-B7EC-624BD29CA7C8}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E25DC6A5-AE95-4A73-BF83-AB610A3F49B1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F00C7AC7-6AB8-4E31-8979-6407F133F219}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20E970DF-A7B2-4345-9DEB-72213A29645E}" = Brother MFL-Pro Suite MFC-6490CW
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5783F2D7-0301-0409-0002-0060B0CE6BBA}" = AutoCAD 2005 - English
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66C1DD9B-02D8-4A31-B54C-FE8DC76F25D4}" = HP User Guides 0078
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek PCI Fast Ethernet Controller Driver For Vista and Win7
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 7.1
"{B8E8C8EC-5C22-4B02-9C02-D851262F574C}" = Sony Vegas Movie Studio Platinum 8.0
"{C91B24F6-1629-11E2-B696-21676188709B}" = PDF Split And Merge Basic
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{DB75941E-30C4-4D97-B000-D17C764B998C}" = Brother BRAdmin Light 1.17.0002
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"IsoBuster_is1" = IsoBuster 2.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Micro 8.2.8.0
"sp6" = Logitech SetPoint 6.20
"SpywareBlaster_is1" = SpywareBlaster 5.0
"SpywareGuard_is1" = SpywareGuard v2.2
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"pdfsam" = pdfsam
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/08/2013 2:56:22 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:56:22.457]: [00001680]: GetDeviceIpAddress:
GetAddressByName [BRW78E4001E3E36] Error

Error - 20/08/2013 2:56:57 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:56:57.814]: [00001680]: GetDeviceIpAddress:
GetAddressByName [BRW78E4001E3E36] Error

Error - 20/08/2013 2:57:00 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:57:00.008]: [00001680]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.194]

Error - 20/08/2013 2:57:33 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:57:33.134]: [00001680]: GetDeviceIpAddress:
GetAddressByName [BRW78E4001E3E36] Error

Error - 20/08/2013 2:58:08 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:58:08.613]: [00001680]: GetDeviceIpAddress:
GetAddressByName [BRW78E4001E3E36] Error

Error - 20/08/2013 2:58:09 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:58:09.013]: [00001680]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.194]

Error - 20/08/2013 2:58:43 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:58:43.816]: [00001680]: GetDeviceIpAddress:
GetAddressByName [BRW78E4001E3E36] Error

Error - 20/08/2013 2:59:18 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:59:18.034]: [00001680]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.1.194]

Error - 20/08/2013 2:59:19 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:59:19.162]: [00001680]: GetDeviceIpAddress:
GetAddressByName [BRW78E4001E3E36] Error

Error - 20/08/2013 2:59:54 AM | Computer Name = CompaqC700 | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/20 14:59:54.514]: [00001680]: GetDeviceIpAddress:
GetAddressByName [BRW78E4001E3E36] Error

[ OSession Events ]
Error - 16/01/2013 10:39:12 AM | Computer Name = CompaqC700 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 160
seconds with 120 seconds of active time. This session ended with a crash.

Error - 16/01/2013 10:40:52 AM | Computer Name = CompaqC700 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 78
seconds with 60 seconds of active time. This session ended with a crash.

Error - 01/03/2013 3:13:44 AM | Computer Name = CompaqC700 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 65 seconds with 0 seconds of active time. This session ended with a crash.

[ Spybot - Search and Destroy Events ]
Error - 10/12/2012 4:17:04 AM | Computer Name = CompaqC700 | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 29/01/2013 3:43:23 AM | Computer Name = CompaqC700 | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 12/05/2013 10:35:54 PM | Computer Name = CompaqC700 | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 19/08/2013 12:45:09 PM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
%%-1073473535.

Error - 19/08/2013 12:45:09 PM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 19/08/2013 12:55:17 PM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 19/08/2013 12:55:47 PM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 19/08/2013 12:56:17 PM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the CryptSvc service.

Error - 19/08/2013 12:56:47 PM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 20/08/2013 2:21:32 AM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 20/08/2013 2:22:02 AM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.

Error - 20/08/2013 2:22:32 AM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the CryptSvc service.

Error - 20/08/2013 2:23:02 AM | Computer Name = CompaqC700 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Dnscache service.


< End of report >

AdwClearner[R1].txt

# AdwCleaner v2.306 - Logfile created 08/20/2013 at 15:02:21
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Jc - COMPAQC700
# Boot Mode : Normal
# Running from : C:\Users\Jc\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Mozilla Firefox v23.0.1 (en-US)

File : C:\Users\Jc\AppData\Roaming\Mozilla\Firefox\Profiles\l2q0i38z.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jc\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1044 octets] - [20/08/2013 15:02:21]

########## EOF - C:\AdwCleaner[R1].txt - [1104 octets] ##########
  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks Misshot. I see a number of problems, it will take me this evening to fully go over the logs and prepare a reply. So bear with me and we will get cracking. :)
  • 0

#5
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Misshot.

The reason your computer is slowing up is mainly down to a lack of free space on the hard-drive. In order for the operating system to function properly there needs to be a minimum of 15% you have 4.41% free! This needs to be addresed now.

If you have an external hard drive you can transfer you Pics, videos etc to that or copy them to DVD disks. Remember that 15% is the minimum so freeing up more would be a better idea. You have about 5 GB of space free and we need at least 20 GB free! What I have given you to do in this post will also free a little space.

NEXT

P2P WARNING
The following programs are installed on your machine:
  • uTorrent
Cease all P2P programs and downloads until declared clean. Although the programs themselves are legal, many of the torrent files infringe copyright laws, contain spyware and viruses which can have a detromental effect on your system. We strongly advise that you uninstall all P2P programs.

Follow in the order given

1. Uninstall
Pando Media Booster is a bundled install, this means another program ussually installs this software. It constantly uploads info in the background so get rid :)
  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Pando Media Booster
  • MediaInfo
  • uTorrent - Optional.

2. OTL Fix
  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :OTL
    IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    [2012/07/14 19:11:12 | 000,000,596 | ---- | M] () -- C:\Users\Jc\AppData\Roaming\Mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
    O3 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
    O15 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..Trusted Domains: starhub.com ([secure] https in Trusted sites)
    O15 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..Trusted Domains: starhubgee.com.sg ([login] https in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

    :FILES
    ipconfig /flushdns /c

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

3. Run ADWcleaner
  • Right click ADWcleaner and Run as Administrator then select Search
  • The search will complete and a log produced I do not need to see this log.
  • Back to ADWcleaner and click Delete and O.K to remove malware.
  • A reboot will be asked for click O.K
  • On reboot a log is produced. I need to see this log

4. Junkware Removal Tool
Posted Image 1. Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Things I want to see in your next post.
  • A lot more free space :)
  • OTL fix.txt
  • ADWcleaner log
  • JRT log

  • 0

#6
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi,

Thanks for your help so far.

i had uninstall Pando Media Booster. Not able to see MediaInfo in the list thou so did not uninstall it. But I did a search for MediaInfo and found the folder. It was empty with some txt files. I think i uninstalled it previously..idk so i just delete the folder. xD

Here's the log files you wanted.

OTL fix.txt

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Jc\AppData\Roaming\Mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png moved successfully.
Registry value HKEY_USERS\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ not found.
Registry key HKEY_USERS\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\starhub.com\secure\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\starhubgee.com.sg\login\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jc\Desktop\cmd.bat deleted successfully.
C:\Users\Jc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jc
->Temp folder emptied: 2293263 bytes
->Temporary Internet Files folder emptied: 5670235 bytes
->Java cache emptied: 258259 bytes
->FireFox cache emptied: 72576178 bytes
->Flash cache emptied: 15220714 bytes

User: Public
->Temp folder emptied: 0 bytes

User: QuickLaunch

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19082462 bytes
RecycleBin emptied: 994138195 bytes

Total Files Cleaned = 1,058.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08212013_224304

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

--------------

ADWcleaner log

# AdwCleaner v3.000 - Report created 21/08/2013 at 22:53:25
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Jc - COMPAQC700
# Running from : C:\Users\Jc\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Jc\AppData\Roaming\Mozilla\Firefox\Profiles\l2q0i38z.default\prefs.js ]

Line Deleted : user_pref("greasemonkey.scriptvals.unfriend_finder/Unfriend Finder.739795115_friends", "({'1559821579':{uid:\"1559821579\", name:\"Budiman Lie\", picture:\"hxxps://fbcdn-profile-a.akamaihd.net/hprofil[...]
Line Deleted : user_pref("greasemonkey.scriptvals.unfriend_finder/Unfriend Finder.739795115_unfriendsInfos", "({'1559821579':{uid:\"1559821579\", name:\"Budiman Lie\", picture:\"hxxps://fbcdn-profile-a.akamaihd.net/[...]

-\\ Google Chrome v

[ File : C:\Users\Jc\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1548 octets] - [21/08/2013 22:51:19]
AdwCleaner[S0].txt - [1477 octets] - [21/08/2013 22:53:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1537 octets] ##########


-------
JRT log


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.2 (08.20.2013:1)
OS: Windows 7 Ultimate x86
Ran by Jc on 21/08/2013 at 22:59:32.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jc\appdata\local\cre"



~~~ FireFox

Emptied folder: C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\minidumps [180 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/08/2013 at 23:02:40.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I have 7GB now. 2GB freed. :)
  • 0

#7
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thanks for those. While I get your next post ready, keep transferring files so we have 20GB free space :thumbsup:
  • 0

#8
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Misshot :)

Quite a bit removed there so lets carry on.

1. Are you able to Update Avira succesfully? please try and get back to me on this.

2. Are there any problems with Firefox, and do you use the ReminderFox add-on?


3. UPDATE AND RUN MALWAREBYTES
  • Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.


4. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


5. Security Check
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I want to see in your next post.
  • Malwarebytes results
  • ESET results
  • checkup.txt
  • How are things running now?

  • 0

#9
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
1. Are you able to Update Avira succesfully? please try and get back to me on this.

>> I am able to.

2. Are there any problems with Firefox, and do you use the ReminderFox add-on?

>> Yes, i do use it regularly.

---

MAM log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Jc :: COMPAQC700 [administrator]

22/08/2013 1:03:30 PM
mbam-log-2013-08-22 (13-03-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228851
Time elapsed: 11 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET results


[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=269732592a7f7a458f05815d3f06ce55
# engine=14857
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-22 09:24:20
# local_time=2013-08-22 05:24:20 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 0 147017565 0 0
# compatibility_mode=5893 16776574 100 94 2893615 128794651 0 0
# scanned=209310
# found=5
# cleaned=0
# scan_time=14527
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9X3FQN5\ApnIC[1].0"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PE3T6YVD\ApnIC[1].0"

Result?

C:\Program Files\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9X3FQN5\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PE3T6YVD\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask application



Checkup txt

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.0
SpywareGuard v2.2
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Mozilla Firefox (23.0.1)
Mozilla Thunderbird (17.0.8)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#10
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Great work Misshot :)

A number of issues have come to light. Avira has installed those lines ESET found. I class it as Adware. Also you have some dated Spyware scanning programs installed that aren't needed.

My advise to you is to carry out the instructions in this post to sort this out. I have recomended 2 Antivirus programs which provide ample protection. Use ONE of these programs along with a weekly scan with Malwarebytes and that's it. 2 programs and some safe surfing is all you need.

How is the Disk Space looking. You need to Defragment your Hard Drive, but we need space to do this O.K so don't run this until I see the OTL scan from this post.


1. Uninstall

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Avira
  • SpywareBlaster 5.0
  • SpywareGuard v2.2
  • Spybot - Search & Destroy

2. INSTALL ANTIVIRUS


3. Reset Windows Firewall

  • Click Start select Control Panel select Security then Windows Firewall
  • In the left Panel Click Restore Defaults once more click Restore Defaults click Yes at the warning prompt

4. OTL Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply

Things I want to see in your next post.
  • OTL.txt
  • Any other problems?

  • 0

Advertisements


#11
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi,

Had done as what you recommended.

I did not know so many of my programs are dated or are not necessary. xD Still working on freeing more files so i can defrag the HDD. Might be getting another HDD. I have 10GB space now.

System seems to be running smoother now. It used to have alot of noisy disk activity going on but disk activity seems lesser.


And i have a question. During the ESET scan, do i need to do anything to those Toolbar.ASK adware that was found? Because i did not.


ANyways, here's the OTL log

OTL logfile created on: 23/08/2013 2:35:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jc\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.97% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.51 Gb Total Space | 8.63 Gb Free Space | 6.10% Space Free | Partition Type: NTFS
Drive D: | 7.54 Gb Total Space | 2.38 Gb Free Space | 31.56% Space Free | Partition Type: NTFS

Computer Name: COMPAQC700 | User Name: Jc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/20 13:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
PRC - [2013/08/19 19:22:49 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/09 16:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 19:22:48 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/19 18:27:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\869523b43080bd707966444972bc8eef\System.Windows.Forms.ni.dll
MOD - [2013/08/19 18:27:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ef9c62e7806b5f461a762709e3f531e\System.Drawing.ni.dll
MOD - [2013/08/19 18:26:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98707c4b7b8ecf87ae85618de04564c9\System.ni.dll
MOD - [2013/07/10 13:41:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bb95b73d99bc2f61c750b3fa46f4f5a1\mscorlib.ni.dll
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/08/19 19:22:48 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/10 13:52:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/09 16:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/10/28 18:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/25 00:12:49 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/11/09 19:29:25 | 000,074,360 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Jc\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Game\SoftnyxGame\GunBoundIS\apf001.sys -- (apf001)
DRV - [2013/08/23 13:54:11 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/23 13:54:11 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/23 13:54:11 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 16:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 16:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 16:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 16:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 16:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/07/26 19:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/07 20:11:37 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2010/08/25 01:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/25 01:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/09/16 03:34:14 | 006,000,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32)
DRV - [2009/06/18 00:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/03/03 11:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/08 19:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/31 18:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/29 06:07:54 | 000,163,328 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{F3DA77C8-81F7-466E-8C43-C780B1993929}: "URL" = http://sg.search.yah...ing}&fr=hp-pvnb


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes,DefaultScope = {FF501EC5-1B40-4547-B4BB-DF53730D0DA2}
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{FF501EC5-1B40-4547-B4BB-DF53730D0DA2}: "URL" = http://www.google.co...startPage}&rlz=
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://goodman78.com...out/?locale=en"
FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1.3
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7Be1c8879e-9db4-4adf-92d2-d4856bd434ef%7D:1.1.9.2
FF - prefs.js..extensions.enabledAddons: %7Be36db930-f18d-4449-b45f-e286cfb9e03a%7D:4.0.11120600
FF - prefs.js..extensions.enabledAddons: %7Bf01f4cbe-b8a8-4c37-94b3-119d8779e7e0%7D:2.0
FF - prefs.js..extensions.enabledAddons: status4evar%40caligonstudios.com:2013.02.16.23
FF - prefs.js..extensions.enabledAddons: %7BAA052FD6-366A-4771-A591-0D8DC551585D%7D:1.1.28
FF - prefs.js..extensions.enabledAddons: fabtab%40captaincaveman.nl:1.5.2
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.11
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.1.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {AA052FD6-366A-4771-A591-0D8DC551585D}:1.1.20
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:4.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:3.1.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:4.0.11022100
FF - prefs.js..extensions.enabledItems: {e1c8879e-9db4-4adf-92d2-d4856bd434ef}:1.1.9.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/23 13:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 13:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/09 11:06:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013/01/09 11:06:08 | 000,000,000 | ---D | M]

[2009/12/27 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions
[2009/12/27 17:16:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/16 14:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions
[2013/06/18 17:33:26 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/08/11 21:24:28 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/07/03 20:50:29 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/01/25 17:21:49 | 000,000,000 | ---D | M] (text/plain) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e1c8879e-9db4-4adf-92d2-d4856bd434ef}
[2011/12/15 10:11:42 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Jc\AppData\Roaming\mozilla\Firefox\Profiles\l2q0i38z.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2013/03/27 09:54:24 | 000,085,870 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/04/29 12:11:36 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/02/18 09:55:39 | 000,151,803 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\[email protected]
[2013/06/13 09:58:52 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/01/06 16:39:09 | 000,244,900 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
[2013/08/16 14:11:35 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/18 09:55:39 | 000,201,966 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{AA052FD6-366A-4771-A591-0D8DC551585D}.xpi
[2013/08/02 10:39:50 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/31 14:16:58 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/03/23 15:12:11 | 000,008,977 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\extensions\{f01f4cbe-b8a8-4c37-94b3-119d8779e7e0}.xpi
[2009/09/10 17:55:27 | 000,467,548 | ---- | M] () (No name found) -- C:\Users\Jc\AppData\Roaming\mozilla\firefox\profiles\l2q0i38z.default\WiredMarker\cache\2009\09\10\17\d144047a3e1c4a47ab29763ea38d90bb\20090910175343\update_files\3.xpi
[2013/05/17 12:46:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/19 19:22:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/23 13:53:02 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2003/03/18 21:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2009/09/21 09:05:13 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011/03/21 17:41:26 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll

O1 HOSTS File: ([2013/08/19 20:54:59 | 000,975,933 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 30793 more lines...
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{252E5999-367D-40D8-B22F-EA0BF0A48123}: DhcpNameServer = 203.116.254.150 203.116.1.94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D24E04-403E-4FE4-8445-ADCFFF1AE03F}: DhcpNameServer = 202.156.1.16 218.186.2.16 218.186.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36CACC38-458B-485F-996A-DFB707D43D62}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF3ED816-9351-49FB-BE63-FA53244115EF}: DhcpNameServer = 203.116.254.150 203.116.1.94
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 13:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/23 13:53:50 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/08/23 13:53:49 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/23 13:53:44 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/08/23 13:53:43 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/08/23 13:53:42 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/23 13:53:33 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/08/23 13:53:32 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/08/23 13:52:11 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/23 13:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/08/23 13:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/08/22 13:06:31 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Jc\Desktop\esetsmartinstaller_enu(1).exe
[2013/08/22 13:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/22 13:04:15 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Jc\Desktop\esetsmartinstaller_enu.exe
[2013/08/21 22:59:23 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/21 22:51:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/21 22:43:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/21 22:37:49 | 001,018,947 | ---- | C] (Thisisu) -- C:\Users\Jc\Desktop\JRT.exe
[2013/08/20 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/08/20 13:02:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
[2013/08/20 12:46:10 | 000,000,000 | ---D | C] -- C:\Users\Jc\Documents\ProcAlyzer Dumps
[2013/08/19 19:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/19 19:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/19 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/08/11 21:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Split And Merge Basic
[2013/08/11 21:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge Basic

========== Files - Modified Within 30 Days ==========

[2013/08/23 14:36:02 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/23 14:27:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/08/23 14:17:02 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 14:17:01 | 000,018,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 14:08:04 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/23 14:07:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/23 13:54:11 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/08/23 13:54:11 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/08/23 13:54:11 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/23 13:54:11 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/23 13:54:11 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/23 13:54:11 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/23 13:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/23 13:40:37 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2013/08/22 13:15:45 | 000,891,115 | ---- | M] () -- C:\Users\Jc\Desktop\SecurityCheck.exe
[2013/08/22 13:06:32 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Jc\Desktop\esetsmartinstaller_enu(1).exe
[2013/08/22 13:04:32 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Jc\Desktop\esetsmartinstaller_enu.exe
[2013/08/22 09:46:05 | 000,628,874 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/22 09:46:05 | 000,111,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/21 22:49:51 | 000,975,858 | ---- | M] () -- C:\Users\Jc\Desktop\adwcleaner.exe
[2013/08/21 22:37:56 | 001,018,947 | ---- | M] (Thisisu) -- C:\Users\Jc\Desktop\JRT.exe
[2013/08/20 21:02:38 | 000,556,604 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.dwg
[2013/08/20 21:02:31 | 000,307,955 | ---- | M] () -- C:\Users\Jc\Desktop\1st FL SAN_revised (rev 3).dwg
[2013/08/20 21:02:16 | 000,102,460 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- sec-eles.dwg
[2013/08/20 20:40:22 | 000,556,035 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.bak
[2013/08/20 13:36:11 | 000,128,805 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 3rd sty.pdf
[2013/08/20 13:35:33 | 000,179,267 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 2nd sty.pdf
[2013/08/20 13:34:46 | 000,168,185 | ---- | M] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 1st sty.pdf
[2013/08/20 13:02:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jc\Desktop\OTL.exe
[2013/08/19 20:54:59 | 000,975,933 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2013/08/19 19:22:58 | 000,001,999 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/15 11:02:28 | 000,022,463 | ---- | M] () -- C:\Users\Jc\Desktop\Completed VO List - Daud.pdf
[2013/08/15 09:51:31 | 000,097,210 | ---- | M] () -- C:\Users\Jc\Desktop\Statement of VO Claim.pdf
[2013/08/11 22:52:39 | 000,004,964 | ---- | M] () -- C:\Users\Jc\Desktop\Win7LogonBackgroundChanger_Click.wma
[2013/08/11 22:00:28 | 000,057,016 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Please patch up false ceiling within this 2 days (Preparation for chinese new year).pdf
[2013/08/11 21:59:36 | 000,079,354 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ 39_41 Jalan Daud - Defect item (06_12_12).pdf
[2013/08/11 21:58:06 | 000,074,563 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Defect lists.pdf
[2013/08/11 21:55:46 | 000,070,118 | ---- | M] () -- C:\Users\Jc\Desktop\Re_ Leakages from ceiling.pdf
[2013/08/11 21:44:00 | 000,002,013 | ---- | M] () -- C:\Users\Jc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/06 11:30:46 | 000,287,011 | ---- | M] () -- C:\Users\Jc\Desktop\Defence and Counterclaim.pdf
[2013/08/05 10:18:00 | 050,715,213 | ---- | M] () -- C:\Users\Jc\Desktop\6 & 8 Jalan Redop.dwg

========== Files Created - No Company Name ==========

[2013/08/23 13:54:16 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/08/23 13:54:16 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/08/23 13:54:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/08/23 13:53:41 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/08/23 13:53:39 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/08/23 13:40:27 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/08/22 13:15:39 | 000,891,115 | ---- | C] () -- C:\Users\Jc\Desktop\SecurityCheck.exe
[2013/08/21 22:49:40 | 000,975,858 | ---- | C] () -- C:\Users\Jc\Desktop\adwcleaner.exe
[2013/08/20 20:57:30 | 000,102,460 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- sec-eles.dwg
[2013/08/20 20:21:11 | 000,307,955 | ---- | C] () -- C:\Users\Jc\Desktop\1st FL SAN_revised (rev 3).dwg
[2013/08/20 13:36:25 | 000,128,805 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 3rd sty.pdf
[2013/08/20 13:35:47 | 000,179,267 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 2nd sty.pdf
[2013/08/20 13:35:10 | 000,168,185 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan 1st sty.pdf
[2013/08/19 20:19:21 | 000,556,604 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.dwg
[2013/08/19 20:19:21 | 000,556,035 | ---- | C] () -- C:\Users\Jc\Desktop\3941JD- Flr plan_Before &After.bak
[2013/08/15 11:02:34 | 000,022,463 | ---- | C] () -- C:\Users\Jc\Desktop\Completed VO List - Daud.pdf
[2013/08/15 09:51:43 | 000,097,210 | ---- | C] () -- C:\Users\Jc\Desktop\Statement of VO Claim.pdf
[2013/08/11 22:52:39 | 000,004,964 | ---- | C] () -- C:\Users\Jc\Desktop\Win7LogonBackgroundChanger_Click.wma
[2013/08/11 21:59:57 | 000,057,016 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Please patch up false ceiling within this 2 days (Preparation for chinese new year).pdf
[2013/08/11 21:58:29 | 000,079,354 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ 39_41 Jalan Daud - Defect item (06_12_12).pdf
[2013/08/11 21:56:27 | 000,074,563 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Defect lists.pdf
[2013/08/11 21:54:57 | 000,070,118 | ---- | C] () -- C:\Users\Jc\Desktop\Re_ Leakages from ceiling.pdf
[2013/08/06 14:23:44 | 050,715,213 | ---- | C] () -- C:\Users\Jc\Desktop\6 & 8 Jalan Redop.dwg
[2013/08/06 11:07:18 | 000,287,011 | ---- | C] () -- C:\Users\Jc\Desktop\Defence and Counterclaim.pdf
[2010/10/20 22:18:01 | 000,005,632 | ---- | C] () -- C:\Users\Jc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 16:30:02 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/11/07 00:37:47 | 000,007,600 | ---- | C] () -- C:\Users\Jc\AppData\Local\resmon.resmoncfg
[2009/11/06 22:58:33 | 000,006,196 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/02/25 14:21:00 | 000,023,413 | ---- | C] () -- C:\Users\Jc\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 12:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/09/21 16:58:00 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\.minecraft
[2010/01/06 14:41:41 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Autodesk
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Canon
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Datalayer
[2009/12/27 17:20:07 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\FlashGet
[2011/01/12 13:12:56 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\fltk.org
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Forge of Games
[2009/11/06 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Foxit
[2010/01/07 10:49:44 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Foxit Software
[2012/03/02 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\GetRightToGo
[2013/05/13 11:46:29 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\IGC
[2009/11/07 01:29:29 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Leadertech
[2010/10/22 14:49:43 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Mirillis
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\muvee Technologies
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\NewSoft
[2010/10/20 22:17:23 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Nokia
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Oberon Media
[2010/10/20 20:40:09 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PC Suite
[2010/09/13 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PC-FAX TX
[2008/02/25 14:21:00 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PeerNetworking
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PlayFirst
[2009/11/06 22:30:26 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Publish Providers
[2012/03/07 13:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\PureEdge
[2012/06/27 22:07:32 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\redsn0w
[2013/06/26 17:13:44 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SanDisk
[2013/06/13 09:59:51 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SanDisk SecureAccess
[2010/09/13 11:37:47 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\ScanSoft
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Sony
[2010/01/04 10:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\SystemRequirementsLab
[2009/11/06 22:30:27 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Template
[2011/12/27 23:33:15 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Thinstall
[2009/12/27 17:16:21 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Thunderbird
[2009/12/02 11:16:03 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Uniblue
[2013/08/19 22:39:09 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\uTorrent
[2012/03/02 15:36:17 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\WinAVI
[2010/09/13 11:37:59 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\Zeon
[2012/03/27 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Jc\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1

< End of report >
  • 0

#12
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Misshot :)

I will clear up the ESET results in this post and a few other things. Let's try a Defrag program to clear some space.

1. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :OTL
    IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{FF501EC5-1B40-4547-B4BB-DF53730D0DA2}: "URL" = http://www.google.co...startPage}&rlz=
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    O34 - HKLM BootExecute: (sdnclean.exe)

    [2013/08/20 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
    [2013/08/11 22:52:39 | 000,004,964 | ---- | M] () -- C:\Users\Jc\Desktop\Win7LogonBackgroundChanger_Click.wma

    :FILES
    C:\Program Files\Avira
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9X3FQN5\ApnIC[1].0
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PE3T6YVD\ApnIC[1].0
    C:\Program Files\Pando Networks

    :COMMANDS
    [RESETHOSTS]
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


2. Disk-Defrag


Things I want to see in your next post.
  • OTL fix.txt
  • Defrag link to results

  • 0

#13
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Hi,

Seems like i run into some problem. I not able do the fix thing. OTL will just freeze and go unresponsive after it starts to
"Processing O34 - HKLM BootExecute: (sdnclean.exe)..."

I tried doing a quick scan with OTL and it work normally.

Edited by misshot, 24 August 2013 - 11:03 AM.

  • 0

#14
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hmm! O.K try this fix instead with the entry removed :) Then carry on with the defrag :thumbsup:

:OTL
IE - HKU\S-1-5-21-1179139014-3224358943-1326240950-1000\..\SearchScopes\{FF501EC5-1B40-4547-B4BB-DF53730D0DA2}: "URL" = http://www.google.co...startPage}&rlz=
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.

[2013/08/20 14:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/08/11 22:52:39 | 000,004,964 | ---- | M] () -- C:\Users\Jc\Desktop\Win7LogonBackgroundChanger_Click.wma

:FILES
C:\Program Files\Avira
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9X3FQN5\ApnIC[1].0
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PE3T6YVD\ApnIC[1].0
C:\Program Files\Pando Networks

:COMMANDS
[RESETHOSTS]
[EMPTYTEMP]


  • 0

#15
misshot

misshot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
It works now. :)

OTL.log

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1179139014-3224358943-1326240950-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FF501EC5-1B40-4547-B4BB-DF53730D0DA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF501EC5-1B40-4547-B4BB-DF53730D0DA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Program Files\Spybot - Search & Destroy 2 folder moved successfully.
C:\Users\Jc\Desktop\Win7LogonBackgroundChanger_Click.wma moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Avira not found.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9X3FQN5\ApnIC[1].0 moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PE3T6YVD\ApnIC[1].0 moved successfully.
File\Folder C:\Program Files\Pando Networks not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jc
->Temp folder emptied: 535796 bytes
->Temporary Internet Files folder emptied: 5697231 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 8654538 bytes
->Flash cache emptied: 58140 bytes

User: Public
->Temp folder emptied: 0 bytes

User: QuickLaunch

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4540 bytes
RecycleBin emptied: 9995851 bytes

Total Files Cleaned = 24.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08252013_083105

Files\Folders moved on Reboot...
C:\Users\Jc\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




----

file:///C:/ProgramData/Auslogics/DiskDefrag/4.x/Reports/Disk_Defrag_Report.xml

Edited by misshot, 24 August 2013 - 07:21 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP