Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Websearch opens every time Chrome opens


  • Please log in to reply

#1
dtekka

dtekka

    Member

  • Member
  • PipPipPip
  • 174 posts
Every time I open up google chrome, google.com and hXXp://static.flipora.com/websearch opens up. I tried changing the settings in chrome (specify a specific set of pages when chrome starts), but after changing that to only www.google.com the darn websearch still pops up in a new tab. That and everytime I start the computer, in the lower left hand corner where the programs are running, I see something that says xtreme n gigabit router has installed, the only issue is, I'm not using one of those. I have included a OTL log file, any help with this would be much appreciated.


OTL logfile created on: 2013/10/25 08:01:17 È.Ù - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eshy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000429 | Country: Iran | Language: FAR | Date Format: yyyy/MM/dd

2.96 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 68.50% Memory free
4.80 Gb Paging File | 3.96 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.74 Gb Total Space | 182.53 Gb Free Space | 79.80% Space Free | Partition Type: NTFS

Computer Name: ESHRAT | User Name: Eshy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/23 22:21:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eshy\Desktop\OTL.exe
PRC - [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/09/24 20:45:51 | 002,511,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe
PRC - [2013/09/24 20:45:51 | 000,164,888 | ---- | M] (Google Inc) -- C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
PRC - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/20 20:19:50 | 002,701,880 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 13:09:24 | 002,105,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13102501\algo.dll
MOD - [2013/10/08 17:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 17:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 17:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 17:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/07/25 02:44:06 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol\1.0_0\CTB.dll
MOD - [2013/07/10 21:21:27 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/24 20:45:51 | 000,164,888 | ---- | M] (Google Inc) [Auto | Running] -- C:\Program Files\Google\Google Input Tools\GoogleInputService.exe -- (GoogleInputService)
SRV - [2013/08/16 22:12:35 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/08 02:03:54 | 000,263,168 | ---- | M] (SPAMfighter ApS) [On_Demand | Stopped] -- C:\Program Files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe -- (Common Toolkit 2)
SRV - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/08 18:20:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2013/10/25 16:30:27 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/06/29 22:53:50 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/29 22:53:50 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/29 22:53:50 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/17 15:47:04 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/07 17:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/06/30 11:26:46 | 000,974,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/06/13 14:26:06 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/04/21 09:20:04 | 000,737,792 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/04/14 05:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/03/25 00:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 00:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/25 00:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/11/29 17:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {01A7EB04-7259-4130-B6B8-FE22978901FA}
IE - HKCU\..\SearchScopes\{01A7EB04-7259-4130-B6B8-FE22978901FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....35,20028,0,74,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@InboxAce_1g.com/Plugin: C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin: C:\Documents and Settings\Eshy\Local Settings\Application Data\TNT2\2.0.0.1267\npTNT2.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]_1g.com: C:\Program Files\InboxAce_1g\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/13 17:53:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/16 22:12:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Documents and Settings\Eshy\Local Settings\Application Data\GreatArcadeHits\gahff.xpi

[2013/02/07 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Extensions
[2013/02/07 17:44:05 | 000,000,000 | ---D | M] (Special Savings) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Extensions\[email protected]
[2013/10/25 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\extensions
[2013/09/26 20:22:15 | 000,000,000 | ---D | M] (ArcadeFrontier) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
[2013/08/29 22:25:35 | 000,000,000 | ---D | M] (TvShows) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\extensions\[email protected]
[2013/08/29 16:18:27 | 000,001,460 | ---- | M] () -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\searchplugins\tvshows.xml
[2013/10/25 16:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 22:12:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 22:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 22:12:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ESHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RZEIHM7W.DEFAULT\EXTENSIONS\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ESHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RZEIHM7W.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ESHY\LOCAL SETTINGS\APPLICATION DATA\GREATARCADEHITS\GAHFF.XPI
[2013/06/13 17:53:28 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\PROGRAM FILES\FAST FREE CONVERTER\FASTFREECONVERTER\[email protected]
[2011/11/16 07:01:49 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Ask Google for suggestions = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\acocmkgefnbeclfhddmnakncbfgodeeh\2013.4.12.19857_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.307_0\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.308_0\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.308_1\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.309_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
CHR - Extension: GreatArcadeHits Add-on = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: TVShows Toolbar = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol\1.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/25 16:39:30 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKCU..\Run: [FDPRO-501] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1362188778031 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADDC6EE6-B08E-4298-8B60-AC4BDD90DB07}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eshy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eshy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 15:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 18:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/25 18:42:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/25 18:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/25 16:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/10/25 16:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/25 16:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/10/25 15:25:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/23 22:21:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eshy\Desktop\OTL.exe
[2013/10/23 21:41:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/23 21:33:01 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/09/30 18:53:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/09/30 18:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/09/30 18:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eshy\Start Menu\Programs\SySaver
[2013/09/30 18:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eshy\Local Settings\Application Data\SySaver
[2013/09/26 20:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eshy\Start Menu\Programs\ArcadeFrontier
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/25 20:02:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/10/25 19:57:41 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/25 19:57:40 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 19:57:39 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
[2013/10/25 19:57:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
[2013/10/25 19:57:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
[2013/10/25 19:56:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/25 19:56:11 | 3179,868,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/25 19:11:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 18:42:13 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 16:55:08 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B6CF21CA-E98A-4650-8519-9F04231C2AC0}.job
[2013/10/25 16:30:27 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/10/25 16:28:35 | 000,003,626 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/10/23 22:21:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eshy\Desktop\OTL.exe
[2013/10/23 21:33:23 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/23 20:57:59 | 000,507,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/23 20:57:59 | 000,090,320 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/23 20:50:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/23 20:39:19 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/23 19:55:22 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Eshy\ntuser.pol
[2013/10/08 18:21:19 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\Eshy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/30 19:30:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/25 18:42:13 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 16:30:27 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/10/25 16:28:35 | 000,003,626 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/10/25 14:45:18 | 3179,868,160 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/08 18:21:19 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/09/30 18:54:07 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Eshy\ntuser.pol
[2013/09/02 09:13:23 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\System32\spfid.bin
[2013/09/02 09:13:23 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\spfid.bin
[2013/06/29 22:53:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/29 22:53:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/29 22:53:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/13 18:14:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2013/06/13 17:53:41 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/13 17:53:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/13 16:52:36 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2013/06/13 16:52:36 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2013/06/13 16:52:35 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2013/06/13 16:52:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\iglhsip32.dll
[2013/06/13 16:52:35 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\iglhcp32.dll
[2013/06/13 16:52:35 | 000,092,356 | ---- | C] () -- C:\WINDOWS\System32\igfcg500m.bin
[2013/06/13 16:52:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2013/05/24 00:52:10 | 000,000,592 | ---- | C] () -- C:\WINDOWS\RegistryKit.ini
[2013/04/17 16:29:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/03/24 15:00:49 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Eshy\Application Datauser_gensett.xml
[2013/03/05 22:18:06 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2013/03/05 22:18:06 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2013/03/05 22:18:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2013/03/05 22:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2013/03/05 21:59:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013/02/25 20:32:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/02/24 17:27:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2013/02/16 19:06:44 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/02/16 19:06:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012/06/10 01:13:29 | 000,074,188 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/10 01:56:34 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Eshy\Local Settings\Application Data\fusioncache.dat
[2012/04/29 22:11:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Eshy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 19:40:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2008/07/21 15:06:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/08/11 18:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/06/13 17:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/02/08 22:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2013/02/24 16:05:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/08/29 10:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite
[2013/09/10 14:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2010/12/01 23:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2013/10/25 16:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/02/11 23:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/02/01 22:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/10/17 15:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/10/23 20:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/17 15:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2013/03/13 14:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/04/01 00:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/02/24 16:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\0T1F0D1F2W1G1I1F1T1Q
[2013/06/13 15:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Bitdefender
[2011/08/26 15:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Digiarty
[2012/09/23 00:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\DriverFinder
[2013/08/29 10:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\InstallX
[2011/07/29 00:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\InterVideo
[2013/06/13 17:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Leadertech
[2011/01/12 03:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\licenses
[2012/03/28 14:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\ooVoo Details
[2012/09/30 01:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\OpenOffice.org
[2013/02/07 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\PC Utility Kit
[2011/01/12 03:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\PCMM2009
[2011/01/12 03:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\PCMM2010
[2012/02/08 22:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\QuickScan
[2013/05/24 00:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Registry Kit
[2013/05/11 20:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\ScanSoft
[2013/03/13 14:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\TeamViewer
[2013/08/29 10:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\tvshows
[2012/09/30 01:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Eshy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >

Edited by Dakeyras, 26 October 2013 - 12:25 AM.
Disabled malicious url.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
# AdwCleaner v3.010 - Report created 25/10/2013 at 14:42:30
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Eshy - ESHRAT
# Running from : C:\Documents and Settings\Eshy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BackupStack

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\PC Optimizer Pro
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\File Type Helper
Folder Deleted : C:\Program Files\internethelper3.1
[!] Folder Deleted : C:\Program Files\MyPC Backup
[!] Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\tuguu sl
Folder Deleted : C:\Program Files\SweetPacks
Folder Deleted : C:\Program Files\SweetPacks_A1
Folder Deleted : C:\Program Files\Common Files\337
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\LocalService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\internethelper3.1
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\SweetPacks
Folder Deleted : C:\Documents and Settings\NetworkService\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\internethelper3.1
Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\SweetPacks
Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\SweetPacks_A1
Folder Deleted : C:\DOCUME~1\Eshy\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\DOCUME~1\Eshy\LOCALS~1\Temp\Desk365
Folder Deleted : C:\Documents and Settings\Eshy\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\optimizer pro
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\PC Health Kit
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Searchprotect
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\strongvault
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Eshy\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Documents and Settings\Eshy\My Documents\PC Health Kit
Folder Deleted : C:\Documents and Settings\Administrator\AppData\LocalLow\Fast Free Converter
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Smartbar
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\CT3289663
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\CT3314198
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
Folder Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\{b3420a9c-a397-4409-b90d-bcf22da1a08a}
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
[!] Folder Deleted : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
[!] Folder Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
File Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\invalidprefs.js
File Deleted : C:\Program Files\Mozilla Firefox\nsprotector.js
File Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\searchplugins\bingp.xml
File Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\user.js
File Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\WINDOWS\Tasks\PC Optimizer Pro Updates.job

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3310511
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314198
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3420A9C-A397-4409-B90D-BCF22DA1A08A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A997FC8A-2CD8-4027-A226-9A5C0CE4F817}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B3420A9C-A397-4409-B90D-BCF22DA1A08A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A997FC8A-2CD8-4027-A226-9A5C0CE4F817}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0461E521-1333-45AC-AD1D-1C211015694B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA554507-03DD-4E3A-AAA0-93B8B916FF02}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1D481C03-66E8-49B6-9A94-209ED55D7DC0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76239CF2-92D2-48F1-B1EA-F2D3A9C5FB97}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B16595F0-6676-41D7-BF15-4A16F4FD72EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F6093B1-1D33-41DB-B8F6-BCBC820CA938}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A5B9C0F5-5616-47CD-A95F-E43B488FACCF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B3420A9C-A397-4409-B90D-BCF22DA1A08A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B3420A9C-A397-4409-B90D-BCF22DA1A08A}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\fTalk
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\SweetPacks
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\InternetHelper3.1
Key Deleted : HKCU\Software\SweetPacks_A1
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Desksvc
Key Deleted : HKLM\Software\Fast Free Converter
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\pc optimizer pro
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SweetPacks
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\Software\V9
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\InternetHelper3.1
Key Deleted : HKLM\Software\SweetPacks_A1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\prefs.js ]

Line Deleted : user_pref("CT3289663.FirstTime", "true");
Line Deleted : user_pref("CT3289663.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3289663.UserID", "UN10485488261653910");
Line Deleted : user_pref("CT3289663.defaultSearch", "true");
Line Deleted : user_pref("CT3289663.enableAlerts", "true");
Line Deleted : user_pref("CT3289663.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3289663.fullUserID", "UN10485488261653910.IN.20130930184953");
Line Deleted : user_pref("CT3289663.installId", "stub.exe");
Line Deleted : user_pref("CT3289663.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3289663.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3289663.lastVersion", "10.20.1.508");
Line Deleted : user_pref("CT3289663.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.apple.com%2Fsupport%2F\",\"EB_MAIN_FRAME_TITLE\":\"Apple%20-%20Support%20\"}");
Line Deleted : user_pref("CT3289663.openThankYouPage", "false");
Line Deleted : user_pref("CT3289663.openUninstallPage", "true");
Line Deleted : user_pref("CT3289663.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3289663.settingsINI", true);
Line Deleted : user_pref("CT3289663.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3289663.smartbar.CTID", "CT3289663");
Line Deleted : user_pref("CT3289663.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
Line Deleted : user_pref("CT3289663.startPage", "true");
Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381281875228,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3310511.FirstTime", "true");
Line Deleted : user_pref("CT3310511.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN30405616124182560");
Line Deleted : user_pref("CT3310511.countryCode", "US");
Line Deleted : user_pref("CT3310511.defaultSearch", "true");
Line Deleted : user_pref("CT3310511.enableAlerts", "true");
Line Deleted : user_pref("CT3310511.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN30405616124182560.IN.20130926202305");
Line Deleted : user_pref("CT3310511.installId", "cid106");
Line Deleted : user_pref("CT3310511.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3310511.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3310511.lastVersion", "10.20.1.8");
Line Deleted : user_pref("CT3310511.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fbuildingitnow.com%2F%3Fgo%3D4%26keyword%3DBrowser%26query%3DBrowser\",\"EB_MAIN_FRAME_TITLE\":\"buildingitnow.com\"}[...]
Line Deleted : user_pref("CT3310511.openThankYouPage", "false");
Line Deleted : user_pref("CT3310511.openUninstallPage", "true");
Line Deleted : user_pref("CT3310511.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3310511.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3310511\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SweetPacks.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks \"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.settingsINI", true);
Line Deleted : user_pref("CT3310511.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3310511.smartbar.CTID", "CT3310511");
Line Deleted : user_pref("CT3310511.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3310511.smartbar.toolbarName", "SweetPacks ");
Line Deleted : user_pref("CT3310511.startPage", "true");
Line Deleted : user_pref("CT3310511_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381279399282,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3314198.FF19Solved", "true");
Line Deleted : user_pref("CT3314198.UserID", "UN31288861962243020");
Line Deleted : user_pref("CT3314198.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3314198.fullUserID", "UN31288861962243020.IN.20131008182009");
Line Deleted : user_pref("CT3314198.installDate", "08/10/2013 18:20:18");
Line Deleted : user_pref("CT3314198.installSessionId", "{61D28C4D-D2BA-48B1-AB69-B0FEE399E6AC}");
Line Deleted : user_pref("CT3314198.installSp", "TRUE");
Line Deleted : user_pref("CT3314198.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3314198.keyword", "true");
Line Deleted : user_pref("CT3314198.originalHomepage", "about:home");
Line Deleted : user_pref("CT3314198.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3314198.originalSearchEngine", "");
Line Deleted : user_pref("CT3314198.originalSearchEngineName", "");
Line Deleted : user_pref("CT3314198.searchRevert", "false");
Line Deleted : user_pref("CT3314198.searchUserMode", "2");
Line Deleted : user_pref("CT3314198.smartbar.homepage", "true");
Line Deleted : user_pref("CT3314198.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3314198.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN31288861962243020&UM=2&SearchSource=13&UP=SP244372BD-44F1-48C2-A9C2-E78C10EF41E0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks A1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks A1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&CUI=UN31288861962243020&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks A1 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN31288861962243020&UM=2&SearchSource=13&UP=SP244372BD-44F1-48C2-A9C2-E78C10EF41E0");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN31288861962243020&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3314198");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN31288861962243020&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3314198&CUI=UN31288861962243020&UM=2[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314198&SearchSource=2&CUI=UN31288861962243020&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3314198");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3314198");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [26892 octets] - [23/10/2013 21:41:57]
AdwCleaner[R1].txt - [26786 octets] - [25/10/2013 13:59:14]
AdwCleaner[R2].txt - [26906 octets] - [25/10/2013 14:38:15]
AdwCleaner[S0].txt - [309 octets] - [23/10/2013 21:44:17]
AdwCleaner[S1].txt - [309 octets] - [25/10/2013 14:02:04]
AdwCleaner[S2].txt - [25426 octets] - [25/10/2013 14:42:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [25487 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Eshy on Sat 10/26/2013 at 1:27:59.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/26/2013 at 1:33:02.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2013
Ran by Eshy (administrator) on ESHRAT on 26-10-2013 01:36:01
Running from C:\Documents and Settings\Eshy\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant) C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc) C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Google Inc.) C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE [2701880 2008-07-20] (Conexant)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-22] (Google Inc.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [FDPRO-501] - C:\Program Files\Fighters\FighterLauncher.exe FDPRO
HKU\Administrator\...\RunOnce: [CTRLWOL] - C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.VBS [ 2007-12-09] ()
Lsa: [Authentication Packages] msv1_0 nwprovau

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {62045DCC-09BF-EA59-BC56-439BA702D087} URL =
SearchScopes: HKCU - DefaultScope {01A7EB04-7259-4130-B6B8-FE22978901FA} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - {01A7EB04-7259-4130-B6B8-FE22978901FA} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....35,20028,0,74,0
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @InboxAce_1g.com/Plugin - C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll No File
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tnt2toolbar.com/Plugin - C:\Documents and Settings\Eshy\Local Settings\Application Data\TNT2\2.0.0.1267\npTNT2.dll No File
FF SearchPlugin: C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\searchplugins\tvshows.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: TvShows - C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\[email protected]
FF Extension: ArcadeFrontier - C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [[email protected]_1g.com] - C:\Program Files\InboxAce_1g\bar\1.bin
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Documents and Settings\Eshy\Local Settings\Application Data\GreatArcadeHits\gahff.xpi

Chrome:
=======
CHR HomePage: https://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Extension: (Ask Google for suggestions) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\acocmkgefnbeclfhddmnakncbfgodeeh\2013.4.12.19857_0
CHR Extension: (Google Docs) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Discover The Web With Friends) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.307_0
CHR Extension: (avast! Online Security) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0
CHR Extension: (GreatArcadeHits Add-on) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (TVShows Toolbar) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol\1.0_0
CHR Extension: (Gmail) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [ogpnmalfbjmndgkplccigakhbphkefol] - C:\Program Files\InstallX\tvshows\1.8.23.1\tvshows.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 Common Toolkit 2; C:\Program Files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [263168 2013-08-08] (SPAMfighter ApS)
R2 GoogleInputService; C:\Program Files\Google\Google Input Tools\GoogleInputService.exe [164888 2013-09-24] (Google Inc)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [x]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2011-07-08] (Meetinghouse Data Communications)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-29] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-29] ()
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [163328 2007-11-29] (Broadcom Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDAU32.sys [737792 2008-04-21] (Conexant Systems Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-25] ()
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-28] (Intel Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2010-10-17] (Microsoft Corporation)
R1 PMHler; C:\Windows\System32\drivers\PMHler.sys [10240 2006-05-24] (Lenovo )
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [709248 2009-03-04] (Ralink Technology, Corp.)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [974336 2008-06-30] (Vimicro Corporation)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-26 01:35 - 2013-10-26 01:35 - 01088889 _____ (Farbar) C:\Documents and Settings\Eshy\Desktop\FRST.exe
2013-10-26 01:35 - 2013-10-26 01:35 - 00000000 ____D C:\FRST
2013-10-26 01:33 - 2013-10-26 01:33 - 00000588 _____ C:\Documents and Settings\Eshy\Desktop\JRT.txt
2013-10-26 01:27 - 2013-10-26 01:27 - 00000130 _____ C:\Documents and Settings\Eshy\Desktop\Replying To Websearch opens every time Chrome opens - Geeks to Go Forums.url
2013-10-25 20:07 - 2013-10-25 20:07 - 00084892 _____ C:\Documents and Settings\Eshy\Desktop\OTL.Txt
2013-10-25 18:42 - 2013-10-25 18:42 - 00000791 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-25 18:42 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-25 16:58 - 2013-10-25 16:58 - 00000000 ____D C:\Program Files\ESET
2013-10-25 16:40 - 2013-10-25 16:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-25 16:30 - 2013-10-25 16:30 - 00030976 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2013-10-25 16:28 - 2013-10-25 16:28 - 00003626 _____ C:\WINDOWS\system32\.crusader
2013-10-25 16:20 - 2013-10-25 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-25 15:25 - 2013-10-25 15:25 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-23 22:21 - 2013-10-23 22:21 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Eshy\Desktop\OTL.exe
2013-10-23 21:41 - 2013-10-25 14:43 - 00000000 ____D C:\AdwCleaner
2013-10-23 21:33 - 2013-10-25 19:55 - 00000000 ____D C:\Avenger
2013-10-23 20:51 - 2013-10-23 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-23 20:50 - 2013-10-23 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-23 20:49 - 2013-10-23 20:50 - 00133686 _____ C:\WINDOWS\KB2862335.log
2013-10-23 20:33 - 2013-10-23 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-23 20:32 - 2013-10-23 20:34 - 00011869 _____ C:\WINDOWS\KB2868038.log
2013-10-23 20:27 - 2013-10-23 20:30 - 00011742 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-23 20:26 - 2013-10-23 20:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-23 20:24 - 2013-10-23 20:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-08 18:21 - 2013-10-23 20:39 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-08 17:06 - 2013-10-23 20:51 - 00137040 _____ C:\WINDOWS\KB2847311.log
2013-10-08 17:06 - 2013-07-02 19:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-08 16:59 - 2013-07-16 17:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-08 16:59 - 2013-07-16 17:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-08 16:59 - 2013-07-16 17:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-08 16:56 - 2013-08-08 17:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-08 16:56 - 2013-08-08 17:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-09-30 18:54 - 2013-10-23 19:55 - 00000884 __RSH C:\Documents and Settings\Eshy\ntuser.pol
2013-09-30 18:53 - 2013-09-30 18:53 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-30 18:53 - 2013-09-30 18:53 - 00000000 ____D C:\Documents and Settings\Eshy\Start Menu\Programs\SySaver
2013-09-30 18:52 - 2013-09-30 18:53 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\SySaver
2013-09-26 20:22 - 2013-09-26 20:22 - 00000000 ____D C:\Documents and Settings\Eshy\Start Menu\Programs\ArcadeFrontier
2013-09-26 20:22 - 2013-07-04 00:12 - 00632656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr80.dll
2013-09-26 20:22 - 2013-07-04 00:12 - 00554832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp80.dll
2013-09-26 20:22 - 2013-07-04 00:12 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcm80.dll
2013-09-26 20:22 - 2013-07-04 00:11 - 00001870 _____ C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest

==================== One Month Modified Files and Folders =======

2013-10-26 01:35 - 2013-10-26 01:35 - 01088889 _____ (Farbar) C:\Documents and Settings\Eshy\Desktop\FRST.exe
2013-10-26 01:35 - 2013-10-26 01:35 - 00000000 ____D C:\FRST
2013-10-26 01:33 - 2013-10-26 01:33 - 00000588 _____ C:\Documents and Settings\Eshy\Desktop\JRT.txt
2013-10-26 01:27 - 2013-10-26 01:27 - 00000130 _____ C:\Documents and Settings\Eshy\Desktop\Replying To Websearch opens every time Chrome opens - Geeks to Go Forums.url
2013-10-26 01:24 - 2011-02-08 16:41 - 01295344 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-26 01:21 - 2013-06-13 17:53 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-26 01:21 - 2013-05-30 22:00 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
2013-10-26 01:21 - 2013-02-24 19:19 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
2013-10-26 01:21 - 2011-02-08 16:43 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-26 01:21 - 2011-02-08 16:43 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-26 01:21 - 2010-12-22 13:12 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
2013-10-26 01:21 - 2010-10-22 00:09 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-26 01:21 - 2008-07-21 15:50 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-26 01:21 - 2008-07-21 15:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-25 20:16 - 2011-02-08 16:42 - 00032254 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-25 20:16 - 2010-10-17 15:56 - 00000178 ___SH C:\Documents and Settings\Eshy\ntuser.ini
2013-10-25 20:11 - 2010-10-22 00:09 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-25 20:07 - 2013-10-25 20:07 - 00084892 _____ C:\Documents and Settings\Eshy\Desktop\OTL.Txt
2013-10-25 19:55 - 2013-10-23 21:33 - 00000000 ____D C:\Avenger
2013-10-25 19:55 - 2012-03-13 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2621440$
2013-10-25 18:42 - 2013-10-25 18:42 - 00000791 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-25 18:27 - 2010-10-22 00:09 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\Google
2013-10-25 16:58 - 2013-10-25 16:58 - 00000000 ____D C:\Program Files\ESET
2013-10-25 16:55 - 2011-01-23 15:01 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{B6CF21CA-E98A-4650-8519-9F04231C2AC0}.job
2013-10-25 16:40 - 2013-10-25 16:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-25 16:30 - 2013-10-25 16:30 - 00030976 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2013-10-25 16:28 - 2013-10-25 16:28 - 00003626 _____ C:\WINDOWS\system32\.crusader
2013-10-25 16:28 - 2013-10-25 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-25 16:11 - 2013-06-13 17:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2013-10-25 15:41 - 2013-06-13 15:19 - 00238248 _____ C:\WINDOWS\setupapi.log
2013-10-25 15:25 - 2013-10-25 15:25 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-25 14:59 - 2008-07-21 15:06 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-25 14:43 - 2013-10-23 21:41 - 00000000 ____D C:\AdwCleaner
2013-10-25 14:43 - 2013-08-16 22:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-23 22:44 - 2010-10-17 15:56 - 00000000 ____D C:\Documents and Settings\Eshy
2013-10-23 22:21 - 2013-10-23 22:21 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Eshy\Desktop\OTL.exe
2013-10-23 21:33 - 2010-11-03 23:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-23 21:33 - 2010-10-17 18:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981852$
2013-10-23 21:33 - 2008-07-21 07:55 - 00346608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-23 20:57 - 2008-07-21 07:55 - 00590066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-23 20:51 - 2013-10-23 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-23 20:51 - 2013-10-08 17:06 - 00137040 _____ C:\WINDOWS\KB2847311.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00141319 _____ C:\WINDOWS\iis6.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00129333 _____ C:\WINDOWS\FaxSetup.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00062076 _____ C:\WINDOWS\ocgen.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00059245 _____ C:\WINDOWS\tsoc.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00043276 _____ C:\WINDOWS\comsetup.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00039962 _____ C:\WINDOWS\msmqinst.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00026213 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00022743 _____ C:\WINDOWS\netfxocm.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00012216 _____ C:\WINDOWS\updspapi.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00008925 _____ C:\WINDOWS\MedCtrOC.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00007182 _____ C:\WINDOWS\ocmsn.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00006531 _____ C:\WINDOWS\tabletoc.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00006489 _____ C:\WINDOWS\msgsocm.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-23 20:50 - 2013-10-23 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-23 20:50 - 2013-10-23 20:49 - 00133686 _____ C:\WINDOWS\KB2862335.log
2013-10-23 20:50 - 2013-07-10 21:14 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-23 20:46 - 2013-08-03 20:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-23 20:39 - 2013-10-08 18:21 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-23 20:39 - 2010-10-17 18:38 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-23 20:37 - 2010-11-03 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-23 20:34 - 2013-10-23 20:32 - 00011869 _____ C:\WINDOWS\KB2868038.log
2013-10-23 20:33 - 2013-10-23 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-23 20:30 - 2013-10-23 20:27 - 00011742 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-23 20:28 - 2011-01-23 14:42 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-23 20:26 - 2013-10-23 20:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-23 20:24 - 2013-10-23 20:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-23 19:55 - 2013-09-30 18:54 - 00000884 __RSH C:\Documents and Settings\Eshy\ntuser.pol
2013-10-08 18:18 - 2008-07-21 15:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-08 18:18 - 2008-07-21 15:05 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-08 18:18 - 2008-07-21 15:05 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-08 17:00 - 2011-04-01 00:55 - 00000000 ____D C:\Documents and Settings\Eshy\Application Data\Apple Computer
2013-10-08 15:26 - 2010-10-22 00:09 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2013-09-30 19:30 - 2012-11-09 03:10 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-30 18:53 - 2013-09-30 18:53 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-30 18:53 - 2013-09-30 18:53 - 00000000 ____D C:\Documents and Settings\Eshy\Start Menu\Programs\SySaver
2013-09-30 18:53 - 2013-09-30 18:52 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\SySaver
2013-09-30 18:49 - 2010-10-17 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-09-26 20:22 - 2013-09-26 20:22 - 00000000 ____D C:\Documents and Settings\Eshy\Start Menu\Programs\ArcadeFrontier

Some content of TEMP:
====================
C:\Documents and Settings\Eshy\Local Settings\Temp\4D_install_flashplayer11x32_mssd_aih.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\air4C.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\airB2.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\google-chrome[1].exe
C:\Documents and Settings\Eshy\Local Settings\Temp\helper.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Eshy\Local Settings\Temp\PreferencesJson.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\sqlite3.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2013
Ran by Eshy at 2013-10-26 01:37:13
Running from C:\Documents and Settings\Eshy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
Could not list Security Center items. Check WMI.


==================== Installed Programs ======================

Acrobat.com (Version: 0.0.0)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 8.0.1489.0)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite (Version: 1.00)
CCleaner (Version: 4.02)
Conexant HD Audio (Version: 3.49.4.50)
DirectXInstallService (Version: 9.0.2)
Driver Genius (Version: 12.0)
ERUNT 1.1j
ESET Online Scanner v3
FULL-DISKfighter (Version: 1.4.66)
Google Chrome (Version: 30.0.1599.101)
Google Drive (Version: 1.12.5329.1887)
Google Farsi Input
Google Input Farsi
Google Input Tools
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4601.54)
Google Update Helper (Version: 1.3.21.165)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.73.00.50)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.0.4.4)
Lenovo EasyCamera (Version: 1.8.0701.01)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Firefox Packages
Mozilla Maintenance Service (Version: 23.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Skype Click to Call (Version: 6.7.12055)
SkypeÖ 6.3 (Version: 6.3.107)
Sonic Icons for Lenovo (Version: 2.0.0)
Strongvault Online Backup (Version: 5.0.2.34)
SySaver (HKCU Version: 2)
TeamViewer 8 (Version: 8.0.18930)
ThinkPad PC Card Power Policy (Version: 1.02)
TvShows toolbar on IE and Chrome (Version: 1.8.23.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Yahoo! Toolbar

==================== Restore Points =========================

29-07-2013 14:43:28 System Checkpoint
01-08-2013 18:02:02 System Checkpoint
04-08-2013 03:10:47 Software Distribution Service 3.0
06-08-2013 17:18:59 System Checkpoint
09-08-2013 05:30:14 System Checkpoint
10-08-2013 20:24:05 System Checkpoint
12-08-2013 01:02:02 Installed iTunes
14-08-2013 19:18:13 System Checkpoint
15-08-2013 05:41:23 Software Distribution Service 3.0
16-08-2013 18:10:40 Software Distribution Service 3.0
18-08-2013 03:59:01 System Checkpoint
26-08-2013 06:06:33 System Checkpoint
29-08-2013 17:29:43 Software Distribution Service 3.0
31-08-2013 03:22:21 System Checkpoint
04-09-2013 03:20:35 System Checkpoint
05-09-2013 06:04:08 System Checkpoint
08-09-2013 04:07:30 System Checkpoint
09-09-2013 05:52:17 System Checkpoint
10-09-2013 21:56:52 System Checkpoint
12-09-2013 03:50:44 System Checkpoint
15-09-2013 01:27:49 Software Distribution Service 3.0
24-09-2013 23:48:01 System Checkpoint
26-09-2013 01:09:27 System Checkpoint
05-10-2013 03:03:36 System Checkpoint
08-10-2013 23:17:35 System Checkpoint
24-10-2013 02:59:25 Software Distribution Service 3.0
26-10-2013 00:32:17 System Checkpoint
26-10-2013 01:24:54 Removed Facebook Video Calling 1.2.0.287

==================== Hosts content: ==========================

2008-07-21 15:49 - 2013-10-25 16:39 - 00000741 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{B6CF21CA-E98A-4650-8519-9F04231C2AC0}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-10-25 15:58 - 2013-10-25 13:09 - 02105856 _____ () C:\Program Files\AVAST Software\Avast\defs\13102501\algo.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2008-07-21 15:49 - 2008-04-14 05:00 - 00059904 ____N () C:\WINDOWS\system32\devenum.dll
2008-07-21 15:49 - 2008-04-14 05:00 - 00014336 ____N () C:\WINDOWS\system32\msdmo.dll
2013-10-23 20:39 - 2013-10-08 17:02 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-23 20:39 - 2013-10-08 17:02 - 00415184 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-23 20:38 - 2013-10-08 17:01 - 01604560 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-07-25 02:44 - 2013-07-25 02:44 - 00237568 _____ () C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol\1.0_0\ctb.dll
2013-10-23 20:39 - 2013-10-08 17:02 - 13584336 _____ () C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\system32\muweb.dll:BDU
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/23/2013 09:36:02 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (10/23/2013 07:58:23 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/08/2013 06:22:27 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/08/2013 06:21:24 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/08/2013 06:20:23 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/08/2013 04:24:47 PM) (Source: Google Update) (User: ESHRAT)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned

Error: (09/30/2013 06:51:01 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (09/30/2013 06:44:42 PM) (Source: Application Error) (User: )
Description: Faulting application chrome.exe, version 29.0.1547.76, faulting module chrome.dll, version 29.0.1547.76, fault address 0x00626d22.
Processing media-specific event for [chrome.exe!ws!]

Error: (09/21/2013 09:28:16 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 23.0.1.4974, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/17/2013 04:16:55 AM) (Source: Application Hang) (User: )
Description: Fault bucket -845507623.


System errors:
=============
Error: (10/26/2013 01:21:32 AM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (10/25/2013 07:56:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Pcmcia

Error: (10/25/2013 07:56:35 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (10/25/2013 06:36:53 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (10/25/2013 06:08:53 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (10/25/2013 04:51:14 PM) (Source: Service Control Manager) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%3

Error: (10/25/2013 04:40:54 PM) (Source: Service Control Manager) (User: )
Description: The Suite Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/25/2013 04:31:39 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error 0 (0x0).

Error: (10/25/2013 04:31:21 PM) (Source: Service Control Manager) (User: )
Description: The Fax service failed to start due to the following error:
%%1053

Error: (10/25/2013 04:31:21 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Fax service to connect.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3032.49 MB
Available physical RAM: 2143.92 MB
Total Pagefile: 4917.76 MB
Available Pagefile: 4078.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.19 MB

==================== Drives ================================

Drive c: (Preload) (Fixed) (Total:228.74 GB) (Free:182.47 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 777AA0E1)
Partition 1: (Active) - (Size=229 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================
  • 0

#5
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
And finally the OTL custom scan results...

OTL logfile created on: 2013/10/26 01:39:58 Ů.┘ - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eshy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000429 | Country: Iran | Language: FAR | Date Format: yyyy/MM/dd

2.96 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.98% Memory free
4.80 Gb Paging File | 3.89 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.74 Gb Total Space | 182.47 Gb Free Space | 79.77% Space Free | Partition Type: NTFS

Computer Name: ESHRAT | User Name: Eshy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/23 22:21:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eshy\Desktop\OTL.exe
PRC - [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/09/24 20:45:51 | 002,511,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe
PRC - [2013/09/24 20:45:51 | 000,164,888 | ---- | M] (Google Inc) -- C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
PRC - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/20 20:19:50 | 002,701,880 | ---- | M] (Conexant) -- C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/25 13:09:24 | 002,105,856 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13102501\algo.dll
MOD - [2013/10/08 17:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 17:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 17:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 17:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/07/25 02:44:06 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol\1.0_0\CTB.dll
MOD - [2013/07/10 21:21:27 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/24 20:45:51 | 000,164,888 | ---- | M] (Google Inc) [Auto | Running] -- C:\Program Files\Google\Google Input Tools\GoogleInputService.exe -- (GoogleInputService)
SRV - [2013/08/16 22:12:35 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/08 02:03:54 | 000,263,168 | ---- | M] (SPAMfighter ApS) [On_Demand | Stopped] -- C:\Program Files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe -- (Common Toolkit 2)
SRV - [2013/06/07 05:39:25 | 004,150,112 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/08 18:20:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2013/10/25 16:30:27 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2013/06/29 22:53:50 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/29 22:53:50 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/29 22:53:50 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/17 15:47:04 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/07 17:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/06/30 11:26:46 | 000,974,336 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vm331avs.sys -- (vm331avs)
DRV - [2008/06/13 14:26:06 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/28 06:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/04/21 09:20:04 | 000,737,792 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/04/14 05:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008/03/25 00:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 00:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/25 00:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/11/29 17:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/24 11:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {01A7EB04-7259-4130-B6B8-FE22978901FA}
IE - HKCU\..\SearchScopes\{01A7EB04-7259-4130-B6B8-FE22978901FA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....35,20028,0,74,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@InboxAce_1g.com/Plugin: C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin: C:\Documents and Settings\Eshy\Local Settings\Application Data\TNT2\2.0.0.1267\npTNT2.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]_1g.com: C:\Program Files\InboxAce_1g\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/13 17:53:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/16 22:12:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Documents and Settings\Eshy\Local Settings\Application Data\GreatArcadeHits\gahff.xpi

[2013/02/07 17:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Extensions
[2013/02/07 17:44:05 | 000,000,000 | ---D | M] (Special Savings) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Extensions\[email protected]
[2013/10/25 16:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\extensions
[2013/09/26 20:22:15 | 000,000,000 | ---D | M] (ArcadeFrontier) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
[2013/08/29 22:25:35 | 000,000,000 | ---D | M] (TvShows) -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\extensions\[email protected]
[2013/08/29 16:18:27 | 000,001,460 | ---- | M] () -- C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\searchplugins\tvshows.xml
[2013/10/25 16:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/16 22:12:26 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 22:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 22:12:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ESHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RZEIHM7W.DEFAULT\EXTENSIONS\{07CBF788-1359-421B-A4E3-5A8D041B90A3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ESHY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\RZEIHM7W.DEFAULT\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ESHY\LOCAL SETTINGS\APPLICATION DATA\GREATARCADEHITS\GAHFF.XPI
[2013/06/13 17:53:28 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\PROGRAM FILES\FAST FREE CONVERTER\FASTFREECONVERTER\[email protected]
[2011/11/16 07:01:49 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Ask Google for suggestions = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\acocmkgefnbeclfhddmnakncbfgodeeh\2013.4.12.19857_0\
CHR - Extension: Google Docs = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.307_0\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.308_0\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.308_1\
CHR - Extension: Discover The Web With Friends = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.309_0\
CHR - Extension: avast! Online Security = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
CHR - Extension: GreatArcadeHits Add-on = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: TVShows Toolbar = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol\1.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/25 16:39:30 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE (Conexant)
O4 - HKCU..\Run: [FDPRO-501] C:\Program Files\Fighters\FighterLauncher.exe FDPRO File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1362188778031 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADDC6EE6-B08E-4298-8B60-AC4BDD90DB07}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eshy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eshy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 15:02:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe ()
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: IMEKRMIG6.1 - hkey= - key= - C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: hitmanpro37 - C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
SafeBootMin: hitmanpro37.sys - C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
SafeBootMin: HitmanPro37Crusader - Reg Error: Value error.
SafeBootMin: HitmanPro37CrusaderBoot - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro37 - C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
SafeBootNet: hitmanpro37.sys - C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
SafeBootNet: HitmanPro37Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro37CrusaderBoot - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - BingBar 7.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{21d337f6-7548-4c7c-a931-2eeaf254b69a} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/26 01:35:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/26 01:35:05 | 001,088,889 | ---- | C] (Farbar) -- C:\Documents and Settings\Eshy\Desktop\FRST.exe
[2013/10/25 18:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/25 18:42:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/25 18:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/25 16:58:11 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/10/25 16:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/25 16:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/10/25 15:25:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/23 22:21:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eshy\Desktop\OTL.exe
[2013/10/23 21:41:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/23 21:33:01 | 000,000,000 | ---D | C] -- C:\Avenger
[2013/10/08 17:06:17 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/08 16:59:19 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/08 16:59:19 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/08 16:59:19 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/10/08 16:56:24 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/08 16:56:24 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/09/30 18:53:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/09/30 18:53:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/09/30 18:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eshy\Start Menu\Programs\SySaver
[2013/09/30 18:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eshy\Local Settings\Application Data\SySaver
[2013/09/26 20:22:37 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/09/26 20:22:37 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/09/26 20:22:37 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/09/26 20:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eshy\Start Menu\Programs\ArcadeFrontier
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/26 01:35:06 | 001,088,889 | ---- | M] (Farbar) -- C:\Documents and Settings\Eshy\Desktop\FRST.exe
[2013/10/26 01:27:44 | 000,000,130 | ---- | M] () -- C:\Documents and Settings\Eshy\Desktop\Replying To Websearch opens every time Chrome opens - Geeks to Go Forums.url
[2013/10/26 01:21:44 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/10/26 01:21:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/26 01:21:12 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/26 01:21:12 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
[2013/10/26 01:21:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
[2013/10/26 01:21:12 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
[2013/10/26 01:21:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/26 01:21:04 | 3179,868,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/25 20:11:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/25 18:42:13 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 16:55:08 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B6CF21CA-E98A-4650-8519-9F04231C2AC0}.job
[2013/10/25 16:30:27 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/10/25 16:28:35 | 000,003,626 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/10/23 22:21:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eshy\Desktop\OTL.exe
[2013/10/23 21:33:23 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/23 20:57:59 | 000,507,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/23 20:57:59 | 000,090,320 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/23 20:50:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/23 20:39:19 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/23 19:55:22 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Eshy\ntuser.pol
[2013/10/08 18:21:19 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\Eshy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/30 19:30:20 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/26 01:27:44 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Eshy\Desktop\Replying To Websearch opens every time Chrome opens - Geeks to Go Forums.url
[2013/10/25 18:42:13 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 16:30:27 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/10/25 16:28:35 | 000,003,626 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/10/25 14:45:18 | 3179,868,160 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/08 18:21:19 | 000,001,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/09/30 18:54:07 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Eshy\ntuser.pol
[2013/09/02 09:13:23 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\System32\spfid.bin
[2013/09/02 09:13:23 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\spfid.bin
[2013/06/29 22:53:51 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/29 22:53:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/06/29 22:53:50 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/13 18:14:52 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2013/06/13 17:53:41 | 000,175,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/06/13 17:53:41 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/06/13 16:52:36 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2013/06/13 16:52:36 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2013/06/13 16:52:35 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2013/06/13 16:52:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\iglhsip32.dll
[2013/06/13 16:52:35 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\iglhcp32.dll
[2013/06/13 16:52:35 | 000,092,356 | ---- | C] () -- C:\WINDOWS\System32\igfcg500m.bin
[2013/06/13 16:52:35 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2013/05/24 00:52:10 | 000,000,592 | ---- | C] () -- C:\WINDOWS\RegistryKit.ini
[2013/04/17 16:29:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2013/03/24 15:00:49 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Eshy\Application Datauser_gensett.xml
[2013/03/05 22:18:06 | 000,000,212 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2013/03/05 22:18:06 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2013/03/05 22:18:06 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2013/03/05 22:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2013/03/05 21:59:34 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013/02/25 20:32:30 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/02/24 17:27:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2013/02/16 19:06:44 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/02/16 19:06:44 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2012/06/10 01:13:29 | 000,074,188 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/10 01:56:34 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Eshy\Local Settings\Application Data\fusioncache.dat
[2012/04/29 22:11:40 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Eshy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 19:40:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2008/07/21 15:06:30 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST9250827AS
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 229.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 4.00GB
Starting Offset: 245609005056
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2013/02/24 16:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\0T1F0D1F2W1G1I1F1T1Q
[2012/01/13 14:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Adobe
[2013/10/08 17:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Apple Computer
[2013/06/13 15:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Bitdefender
[2013/02/16 19:15:41 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Eshy\Application Data\Brother
[2011/08/26 15:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Digiarty
[2012/09/23 00:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\DriverFinder
[2013/09/24 20:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Google
[2013/06/01 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Help
[2008/07/21 15:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Identities
[2010/10/17 15:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\InstallShield
[2013/08/29 10:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\InstallX
[2011/07/30 20:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Intel
[2011/07/29 00:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\InterVideo
[2013/06/13 17:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Leadertech
[2011/01/12 03:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\licenses
[2010/10/17 15:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Macromedia
[2013/03/13 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Malwarebytes
[2013/05/08 22:47:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Eshy\Application Data\Microsoft
[2011/11/16 15:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Mozilla
[2010/12/06 17:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Office Genuine Advantage
[2012/03/28 14:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\ooVoo Details
[2012/09/30 01:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\OpenOffice.org
[2013/02/07 11:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\PC Utility Kit
[2011/01/12 03:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\PCMM2009
[2011/01/12 03:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\PCMM2010
[2012/02/08 22:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\QuickScan
[2013/06/13 17:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Real
[2013/06/13 17:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\RealNetworks
[2013/05/24 00:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Registry Kit
[2013/05/11 20:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\ScanSoft
[2013/06/13 15:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Skype
[2011/06/17 11:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\skypePM
[2010/10/17 15:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Sun
[2013/03/13 14:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\TeamViewer
[2013/08/29 10:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\tvshows
[2011/07/30 21:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\U3
[2012/01/18 15:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\vlc
[2012/09/30 01:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\WeatherBug
[2013/08/29 10:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eshy\Application Data\Yahoo!

< MD5 for: ATAPI.SYS >
[2008/04/14 05:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RRbackups\FR\UF\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/04/14 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\RRbackups\FR\UF\WINDOWS\system32\csrss.exe
[2008/04/14 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\RRbackups\FR\UF\WINDOWS\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/06/20 10:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\ERDNT\cache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/14 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 10:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll

< MD5 for: NWPROVAU.DLL >
[2008/04/14 05:00:00 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll

< MD5 for: PNRPNSP.DLL >
[2008/04/14 05:00:00 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll

< MD5 for: RSVPSP.DLL >
[2008/04/14 05:00:00 | 000,092,672 | ---- | M] (Microsoft Corporation) MD5=72451FD61DDBB0A1FB071B7C3CDE5594 -- C:\WINDOWS\system32\rsvpsp.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 05:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\RRbackups\FR\UF\WINDOWS\system32\services.exe
[2008/04/14 05:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\RRbackups\FR\UF\WINDOWS\system32\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2008/04/14 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\RRbackups\FR\UF\WINDOWS\system32\user32.dll
[2008/04/14 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ERDNT\cache\user32.dll
[2008/04/14 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\RRbackups\FR\UF\WINDOWS\system32\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\RRbackups\FR\UF\WINDOWS\system32\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/04/14 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll

< dir C:\ /S /A:L /C >
Volume in drive C is Preload
Volume Serial Number is A4F8-68D0
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/23/2013 08:57 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/23/2013 08:57 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/23/2013 08:48 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
10/23/2013 08:17 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 195,892,977,664 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/16 22:12:35 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/16 22:12:35 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/16 22:12:35 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/16 22:12:36 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/16 22:12:36 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/16 22:12:36 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/16 22:12:35 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/16 22:12:35 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/16 22:12:35 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/16 22:12:36 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/16 22:12:36 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/16 22:12:36 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/09/23 23:36:50 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2008/04/14 05:00:00 | 000,539,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\dialer.exe
[2008/04/14 05:00:00 | 000,013,312 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\htrn_jis.dll
[2008/04/14 05:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.) -- C:\Program Files\WINDOWS NT\hypertrm.exe
[2009/11/20 04:14:51 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd6.wpc
[2010/12/21 05:51:53 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\mswrd8.wpc
[2010/07/12 05:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\wordpad.exe
[2009/11/20 04:14:50 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\WINDOWS NT\Accessories\write.wpc
[2008/04/14 05:00:00 | 000,003,947 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\FONT.DAT
[2008/04/14 05:00:00 | 000,928,700 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.DAT
[2008/04/14 05:00:00 | 000,281,088 | ---- | M] (Cinematronics) -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.EXE
[2008/04/14 05:00:00 | 000,108,607 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL.MID
[2008/04/14 05:00:00 | 000,028,888 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\PINBALL2.MID
[2008/04/14 05:00:00 | 000,055,490 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND1.WAV
[2008/04/14 05:00:00 | 000,001,226 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND104.WAV
[2008/04/14 05:00:00 | 000,001,968 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND105.WAV
[2008/04/14 05:00:00 | 000,007,754 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND108.WAV
[2008/04/14 05:00:00 | 000,000,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND111.WAV
[2008/04/14 05:00:00 | 000,000,824 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND112.WAV
[2008/04/14 05:00:00 | 000,004,296 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND12.WAV
[2008/04/14 05:00:00 | 000,008,034 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND13.WAV
[2008/04/14 05:00:00 | 000,001,290 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND131.WAV
[2008/04/14 05:00:00 | 000,019,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND136.WAV
[2008/04/14 05:00:00 | 000,003,002 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND14.WAV
[2008/04/14 05:00:00 | 000,001,046 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND16.WAV
[2008/04/14 05:00:00 | 000,002,090 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND17.WAV
[2008/04/14 05:00:00 | 000,003,986 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND18.WAV
[2008/04/14 05:00:00 | 000,027,472 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND181.WAV
[2008/04/14 05:00:00 | 000,005,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND19.WAV
[2008/04/14 05:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND20.WAV
[2008/04/14 05:00:00 | 000,009,194 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND21.WAV
[2008/04/14 05:00:00 | 000,007,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND22.WAV
[2008/04/14 05:00:00 | 000,012,106 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND24.WAV
[2008/04/14 05:00:00 | 000,014,600 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND240.WAV
[2008/04/14 05:00:00 | 000,020,712 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND243.WAV
[2008/04/14 05:00:00 | 000,025,704 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND25.WAV
[2008/04/14 05:00:00 | 000,007,306 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND26.WAV
[2008/04/14 05:00:00 | 000,020,242 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND27.WAV
[2008/04/14 05:00:00 | 000,008,650 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND28.WAV
[2008/04/14 05:00:00 | 000,010,364 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND29.WAV
[2008/04/14 05:00:00 | 000,022,858 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND3.WAV
[2008/04/14 05:00:00 | 000,022,570 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND30.WAV
[2008/04/14 05:00:00 | 000,001,520 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND34.WAV
[2008/04/14 05:00:00 | 000,019,498 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND35.WAV
[2008/04/14 05:00:00 | 000,033,848 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND36.WAV
[2008/04/14 05:00:00 | 000,013,024 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND38.WAV
[2008/04/14 05:00:00 | 000,028,282 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND39.WAV
[2008/04/14 05:00:00 | 000,016,626 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND4.WAV
[2008/04/14 05:00:00 | 000,029,140 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND42.WAV
[2008/04/14 05:00:00 | 000,022,796 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND43.WAV
[2008/04/14 05:00:00 | 000,009,770 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND45.WAV
[2008/04/14 05:00:00 | 000,001,876 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49.WAV
[2008/04/14 05:00:00 | 000,003,330 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND49D.WAV
[2008/04/14 05:00:00 | 000,003,180 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND5.WAV
[2008/04/14 05:00:00 | 000,012,074 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND50.WAV
[2008/04/14 05:00:00 | 000,008,932 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND528.WAV
[2008/04/14 05:00:00 | 000,009,022 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND53.WAV
[2008/04/14 05:00:00 | 000,018,250 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND54.WAV
[2008/04/14 05:00:00 | 000,021,890 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND55.WAV
[2008/04/14 05:00:00 | 000,029,004 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND560.WAV
[2008/04/14 05:00:00 | 000,024,192 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND563.WAV
[2008/04/14 05:00:00 | 000,030,502 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND57.WAV
[2008/04/14 05:00:00 | 000,003,408 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND58.WAV
[2008/04/14 05:00:00 | 000,004,376 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND6.WAV
[2008/04/14 05:00:00 | 000,017,676 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND65.WAV
[2008/04/14 05:00:00 | 000,032,402 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND68.WAV
[2008/04/14 05:00:00 | 000,026,442 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND7.WAV
[2008/04/14 05:00:00 | 000,014,592 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND713.WAV
[2008/04/14 05:00:00 | 000,027,268 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND735.WAV
[2008/04/14 05:00:00 | 000,002,102 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND8.WAV
[2008/04/14 05:00:00 | 000,047,230 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND827.WAV
[2008/04/14 05:00:00 | 000,020,098 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND9.WAV
[2008/04/14 05:00:00 | 000,006,742 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\SOUND999.WAV
[2008/04/14 05:00:00 | 000,339,178 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\table.bmp
[2008/04/14 05:00:00 | 000,002,687 | ---- | M] () -- C:\Program Files\WINDOWS NT\Pinball\wavemix.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Eshy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf:SummaryInformation
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >
  • 0

#6
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Here is the extras section of the custom OTL scan


OTL Extras logfile created on: 2013/10/26 01:39:59 Ů.┘ - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Eshy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000429 | Country: Iran | Language: FAR | Date Format: yyyy/MM/dd

2.96 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.98% Memory free
4.80 Gb Paging File | 3.89 Gb Available in Paging File | 81.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.74 Gb Total Space | 182.47 Gb Free Space | 79.77% Space Free | Partition Type: NTFS

Computer Name: ESHRAT | User Name: Eshy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- C:\Program Files\File Type Helper\FileTypeHelper.exe "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"443:TCP" = 443:TCP:*:Enabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Enabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = SkypeÖ 6.3
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E33D30D-D896-4D92-B033-5F45819B2937}" = Strongvault Online Backup
"{66986E4B-E9FB-47C2-83FB-59AD8E40386A}" = FULL-DISKfighter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Driver Genius_is1" = Driver Genius
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Google Farsi Input" = Google Farsi Input
"GoogleInputFarsi" = Google Input Farsi
"GoogleInputFramework" = Google Input Tools
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCMCIAPW" = ThinkPad PC Card Power Policy
"TeamViewer 8" = TeamViewer 8
"tvshows" = TvShows toolbar on IE and Chrome
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox Packages" = Mozilla Firefox Packages
"SySaver" = SySaver

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013/09/17 07:16:55 Ů.┘ | Computer Name = ESHRAT | Source = Application Hang | ID = 1001
Description = Fault bucket -845507623.

Error - 2013/09/22 12:28:16 Ů.┘ | Computer Name = ESHRAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 23.0.1.4974, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2013/09/30 09:44:42 ╚.┘ | Computer Name = ESHRAT | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 29.0.1547.76, faulting module
chrome.dll, version 29.0.1547.76, fault address 0x00626d22.

Error - 2013/09/30 09:51:01 ╚.┘ | Computer Name = ESHRAT | Source = CltMngSvc | ID = 1000
Description =

Error - 2013/10/08 07:24:47 ╚.┘ | Computer Name = ESHRAT | Source = Google Update | ID = 20
Description =

Error - 2013/10/08 09:20:23 ╚.┘ | Computer Name = ESHRAT | Source = CltMngSvc | ID = 1000
Description =

Error - 2013/10/08 09:21:24 ╚.┘ | Computer Name = ESHRAT | Source = CltMngSvc | ID = 1000
Description =

Error - 2013/10/08 09:22:27 ╚.┘ | Computer Name = ESHRAT | Source = CltMngSvc | ID = 1000
Description =

Error - 2013/10/23 10:58:23 ╚.┘ | Computer Name = ESHRAT | Source = CltMngSvc | ID = 1000
Description =

Error - 2013/10/24 12:36:02 Ů.┘ | Computer Name = ESHRAT | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

[ System Events ]
Error - 2013/10/25 07:31:21 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.

Error - 2013/10/25 07:31:21 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7000
Description = The Fax service failed to start due to the following error: %%1053

Error - 2013/10/25 07:31:39 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7024
Description = The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific
error 0 (0x0).

Error - 2013/10/25 07:40:54 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7034
Description = The Suite Service service terminated unexpectedly. It has done this
1 time(s).

Error - 2013/10/25 07:51:14 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 2013/10/25 09:08:53 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 2013/10/25 09:36:53 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 2013/10/25 10:56:35 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 2013/10/25 10:56:36 ╚.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Pcmcia

Error - 2013/10/26 04:21:32 Ů.┘ | Computer Name = ESHRAT | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3


< End of report >
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Uninstall Hitman Pro. Dangerous program. It often removes malware incorrectly and leaves the PC unable to boot.


Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

How is it running now?
  • 0

#8
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-10-2013 01
Ran by Eshy at 2013-10-26 12:35:29 Run:1
Running from C:\Documents and Settings\Eshy\My Documents
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {62045DCC-09BF-EA59-BC56-439BA702D087} URL =
SearchScopes: HKCU - {8fe8d013-c3fd-4802-af48-79274e9f969e} URL =
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://search.yahoo....35,20028,0,74,0
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
Toolbar: HKLM - No Name - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
FF Plugin: @InboxAce_1g.com/Plugin - C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll No File
FF Plugin HKCU: @tnt2toolbar.com/Plugin - C:\Documents and Settings\Eshy\Local Settings\Application Data\TNT2\2.0.0.1267\npTNT2.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: TvShows - C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\[email protected]
FF Extension: ArcadeFrontier - C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53}
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [[email protected]_1g.com] - C:\Program Files\InboxAce_1g\bar\1.bin
FF HKCU\...\Firefox\Extensions: [{B21F5E31-B8E8-41CD-B74C-168A71A10E49}] - C:\Documents and Settings\Eshy\Local Settings\Application Data\GreatArcadeHits\gahff.xpi
CHR Plugin: (Skype Toolbars) - C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (RealNetworksÖ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworksÖ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworksÖ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayerÖ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Extension: (Discover The Web With Friends) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc\7.307_0
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0
CHR Extension: (GreatArcadeHits Add-on) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0
CHR Extension: (TVShows Toolbar) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol\1.0_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [ogpnmalfbjmndgkplccigakhbphkefol] - C:\Program Files\InstallX\tvshows\1.8.23.1\tvshows.crx
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [x]
S2 SessionLauncher; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [x]
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [x]
C:\Documents and Settings\Eshy\Local Settings\Temp\4D_install_flashplayer11x32_mssd_aih.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\air4C.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\airB2.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\google-chrome[1].exe
C:\Documents and Settings\Eshy\Local Settings\Temp\helper.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Eshy\Local Settings\Temp\PreferencesJson.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Eshy\Local Settings\Temp\sqlite3.exe
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720



*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{62045DCC-09BF-EA59-BC56-439BA702D087} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{62045DCC-09BF-EA59-BC56-439BA702D087} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\!{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key not found.
HKLM\Software\MozillaPlugins\@InboxAce_1g.com/Plugin => Key deleted successfully.
C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll not found.
HKCU\Software\MozillaPlugins\@tnt2toolbar.com/Plugin => Key deleted successfully.
C:\Documents and Settings\Eshy\Local Settings\Application Data\TNT2\2.0.0.1267\npTNT2.dll not found.
C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml => Moved successfully.
C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\[email protected] => Moved successfully.
C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\Extensions\{1a68cbde-3e4c-4fae-bf49-af5ab9868e53} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\[email protected]_1g.com => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} => Value deleted successfully.
C:\Documents and Settings\Eshy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll not found.
C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll not found.
C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll not found.
C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll not found.
C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll not found.
C:\Program Files\Google\Update\1.3.21.129\npGoogleUpdate3.dll not found.
C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll not found.
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll not found.
C:\WINDOWS\system32\npdeployJava1.dll => Moved successfully.
c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll not found.
c:\program files\real\realplayer\Netscape6\nppl3260.dll not found.
c:\program files\real\realplayer\Netscape6\nprpplugin.dll not found.
C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\delljcncghcpfoenicicifkolnkhmkdc => Moved successfully.
C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Moved successfully.
C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh => Moved successfully.
C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ogpnmalfbjmndgkplccigakhbphkefol => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ogpnmalfbjmndgkplccigakhbphkefol => Key deleted successfully.
C:\Program Files\InstallX\tvshows\1.8.23.1\tvshows.crx => Moved successfully.
RoxLiveShare10 => Service deleted successfully.
SessionLauncher => Service deleted successfully.
ApfiltrService => Service deleted successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\4D_install_flashplayer11x32_mssd_aih.exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\air4C.exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\airB2.exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\fp_pl_pfs_installer.exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\google-chrome[1].exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\helper.exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\ntdll_dump.dll => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\PreferencesJson.exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Eshy\Local Settings\Temp\sqlite3.exe => Moved successfully.
C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.

==== End of Fixlog ====
  • 0

#9
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
After reboot the disk check did not automatically start. Can I manually start that up?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
My fault. I should have removed several lines from the writeup:

Delete these lines:

The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


So just go straight from Reboot to downloading and running VEW.
  • 0

Advertisements


#11
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/10/2013 02:51:54 ?.?

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 26/10/2013 02:44:58 ?.?
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 26/10/2013 12:38:44 ?.?
Type: warning Category: 0
Event: 4 Source: b57w2k
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.



Vino's Event Viewer v01c run on Windows XP in English
Report run at 26/10/2013 02:52:38 ?.?

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
No errors so that looks good. Is it working OK now?
  • 0

#13
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Well everything seems to be running much better, but I still get that weird websearch when I launch google chrome. Maybe I should uninstall chrome and then re-install it?
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Can you run FRST one more time and just do a Scan?

Also can you do a screen shot of the search thing?


Can you take a screen shot of the page?

Bring up Chrome again. When you see the search thingie:

Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Search

Select a file type. jpeg

Click the Save button.

Attach Search.jpg to your Reply.

(Start a Reply. Click on the Browse button, point it at your desktop and click on search.jpg then Open. Now click on Attach this File)
  • 0

#15
dtekka

dtekka

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 174 posts
Here are the scan results. I uninstalled chrome to see what would happen, and now that I re-installed chrome it's not there anymore. So I guess everything is back to normal.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2013
Ran by Eshy (administrator) on ESHRAT on 27-10-2013 12:31:56
Running from C:\Documents and Settings\Eshy\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Conexant) C:\Program Files\CONEXANT\SMARTAUDIO\SMAUDIO.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc) C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SmartAudio\SmAudio.exe [2701880 2008-07-20] (Conexant)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE [59392 2008-04-14] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-22] (Google Inc.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [FDPRO-501] - C:\Program Files\Fighters\FighterLauncher.exe FDPRO
HKU\Administrator\...\RunOnce: [CTRLWOL] - C:\SWTOOLS\OSFIXES\CTRLWOL\CTRLWOL.vbs [ 2007-12-09] ()
Lsa: [Authentication Packages] msv1_0 nwprovau

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {01A7EB04-7259-4130-B6B8-FE22978901FA} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - {01A7EB04-7259-4130-B6B8-FE22978901FA} URL = http://www.bing.com/...rc=IE-SearchBox
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\WINDOWS\system32\npdeployJava1.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Eshy\Application Data\Mozilla\Firefox\Profiles\rzeihm7w.default\searchplugins\tvshows.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Google Docs) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\Eshy\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 Common Toolkit 2; C:\Program Files\Common Files\Common Toolkit Suite\Tools\CommonToolkit2.exe [263168 2013-08-08] (SPAMfighter ApS)
R2 GoogleInputService; C:\Program Files\Google\Google Input Tools\GoogleInputService.exe [164888 2013-09-24] (Google Inc)
R2 NWCWorkstation; C:\Windows\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
R2 NwSapAgent; C:\Windows\System32\ipxsap.dll [66560 2008-04-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21419 2011-07-08] (Meetinghouse Data Communications)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-29] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-29] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-29] ()
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [163328 2007-11-29] (Broadcom Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDAU32.sys [737792 2008-04-21] (Conexant Systems Inc.)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [210560 2008-03-25] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [985472 2008-03-25] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-28] (Intel Corporation)
R2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2008-04-14] (Microsoft Corporation)
R2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2008-04-14] (Microsoft Corporation)
R3 NWRDR; C:\Windows\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2010-10-17] (Microsoft Corporation)
R1 PMHler; C:\Windows\System32\drivers\PMHler.sys [10240 2006-05-24] (Lenovo )
S3 rt2870; C:\Windows\System32\DRIVERS\rt2870.sys [709248 2009-03-04] (Ralink Technology, Corp.)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [974336 2008-06-30] (Vimicro Corporation)
S3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 12:31 - 2013-10-27 12:31 - 01089097 _____ (Farbar) C:\Documents and Settings\Eshy\Desktop\FRST.exe
2013-10-26 19:54 - 2013-10-26 19:54 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-26 19:54 - 2013-10-26 19:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-10-26 19:51 - 2013-10-26 19:51 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\Deployment
2013-10-26 14:51 - 2013-10-26 14:52 - 00000360 _____ C:\VEW.txt
2013-10-26 14:50 - 2013-10-26 14:50 - 00061440 _____ ( ) C:\Documents and Settings\Eshy\Desktop\VEW.exe
2013-10-26 12:19 - 2013-10-26 12:19 - 94203606 _____ C:\Documents and Settings\Eshy\Desktop\regbup.reg
2013-10-26 01:35 - 2013-10-26 01:35 - 00000000 ____D C:\FRST
2013-10-26 01:27 - 2013-10-26 01:27 - 00000130 _____ C:\Documents and Settings\Eshy\Desktop\Replying To Websearch opens every time Chrome opens - Geeks to Go Forums.url
2013-10-25 18:42 - 2013-10-25 18:42 - 00000791 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-25 18:42 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-10-25 16:58 - 2013-10-25 16:58 - 00000000 ____D C:\Program Files\ESET
2013-10-25 16:40 - 2013-10-25 16:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-25 16:28 - 2013-10-25 16:28 - 00003626 _____ C:\WINDOWS\system32\.crusader
2013-10-25 16:20 - 2013-10-25 16:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-25 15:25 - 2013-10-25 15:25 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-23 22:21 - 2013-10-23 22:21 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Eshy\Desktop\OTL.exe
2013-10-23 21:41 - 2013-10-25 14:43 - 00000000 ____D C:\AdwCleaner
2013-10-23 21:33 - 2013-10-25 19:55 - 00000000 ____D C:\Avenger
2013-10-23 20:51 - 2013-10-23 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-23 20:50 - 2013-10-23 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-23 20:49 - 2013-10-23 20:50 - 00133686 _____ C:\WINDOWS\KB2862335.log
2013-10-23 20:33 - 2013-10-23 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-23 20:32 - 2013-10-23 20:34 - 00011869 _____ C:\WINDOWS\KB2868038.log
2013-10-23 20:27 - 2013-10-23 20:30 - 00011742 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-23 20:26 - 2013-10-23 20:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-23 20:24 - 2013-10-23 20:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-08 17:06 - 2013-10-23 20:51 - 00137040 _____ C:\WINDOWS\KB2847311.log
2013-10-08 17:06 - 2013-07-02 19:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-08 16:59 - 2013-07-16 17:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-08 16:59 - 2013-07-16 17:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-08 16:59 - 2013-07-16 17:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-08 16:56 - 2013-08-08 17:55 - 00032384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-10-08 16:56 - 2013-08-08 17:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-09-30 18:54 - 2013-10-23 19:55 - 00000884 __RSH C:\Documents and Settings\Eshy\ntuser.pol
2013-09-30 18:53 - 2013-09-30 18:53 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-30 18:52 - 2013-10-26 19:49 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\SySaver

==================== One Month Modified Files and Folders =======

2013-10-27 12:31 - 2013-10-27 12:31 - 01089097 _____ (Farbar) C:\Documents and Settings\Eshy\Desktop\FRST.exe
2013-10-27 12:26 - 2011-02-08 16:41 - 01337594 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-27 12:23 - 2013-06-13 17:53 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-10-27 12:22 - 2013-05-30 22:00 - 00000276 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
2013-10-27 12:22 - 2013-02-24 19:19 - 00000298 _____ C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
2013-10-27 12:22 - 2011-02-08 16:43 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-27 12:22 - 2011-02-08 16:43 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-27 12:22 - 2010-12-22 13:12 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-4125080498-3594736250-3986610717-1005.job
2013-10-27 12:22 - 2010-10-22 00:09 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 12:22 - 2008-07-21 15:50 - 00002278 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-27 12:22 - 2008-07-21 15:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-26 20:03 - 2011-02-08 16:42 - 00032424 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-26 20:03 - 2010-10-17 15:56 - 00000178 ___SH C:\Documents and Settings\Eshy\ntuser.ini
2013-10-26 19:54 - 2013-10-26 19:54 - 00001820 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-10-26 19:54 - 2013-10-26 19:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-10-26 19:54 - 2010-10-22 00:09 - 00000000 ____D C:\Program Files\Google
2013-10-26 19:54 - 2010-10-22 00:09 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\Google
2013-10-26 19:51 - 2013-10-26 19:51 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\Deployment
2013-10-26 19:49 - 2013-09-30 18:52 - 00000000 ____D C:\Documents and Settings\Eshy\Local Settings\Application Data\SySaver
2013-10-26 19:11 - 2010-10-22 00:09 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-26 17:51 - 2011-01-23 15:01 - 00000420 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{B6CF21CA-E98A-4650-8519-9F04231C2AC0}.job
2013-10-26 14:52 - 2013-10-26 14:51 - 00000360 _____ C:\VEW.txt
2013-10-26 14:50 - 2013-10-26 14:50 - 00061440 _____ ( ) C:\Documents and Settings\Eshy\Desktop\VEW.exe
2013-10-26 12:19 - 2013-10-26 12:19 - 94203606 _____ C:\Documents and Settings\Eshy\Desktop\regbup.reg
2013-10-26 01:35 - 2013-10-26 01:35 - 00000000 ____D C:\FRST
2013-10-26 01:27 - 2013-10-26 01:27 - 00000130 _____ C:\Documents and Settings\Eshy\Desktop\Replying To Websearch opens every time Chrome opens - Geeks to Go Forums.url
2013-10-25 19:55 - 2013-10-23 21:33 - 00000000 ____D C:\Avenger
2013-10-25 19:55 - 2012-03-13 21:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2621440$
2013-10-25 18:42 - 2013-10-25 18:42 - 00000791 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-10-25 18:42 - 2013-10-25 18:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-10-25 16:58 - 2013-10-25 16:58 - 00000000 ____D C:\Program Files\ESET
2013-10-25 16:40 - 2013-10-25 16:40 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-25 16:28 - 2013-10-25 16:28 - 00003626 _____ C:\WINDOWS\system32\.crusader
2013-10-25 16:28 - 2013-10-25 16:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-25 15:41 - 2013-06-13 15:19 - 00238248 _____ C:\WINDOWS\setupapi.log
2013-10-25 15:25 - 2013-10-25 15:25 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-10-25 14:59 - 2008-07-21 15:06 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-25 14:43 - 2013-10-23 21:41 - 00000000 ____D C:\AdwCleaner
2013-10-25 14:43 - 2013-08-16 22:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-23 22:44 - 2010-10-17 15:56 - 00000000 ____D C:\Documents and Settings\Eshy
2013-10-23 22:21 - 2013-10-23 22:21 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Eshy\Desktop\OTL.exe
2013-10-23 21:33 - 2010-11-03 23:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-23 21:33 - 2010-10-17 18:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981852$
2013-10-23 21:33 - 2008-07-21 07:55 - 00346608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-23 20:57 - 2008-07-21 07:55 - 00590066 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-23 20:51 - 2013-10-23 20:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-23 20:51 - 2013-10-08 17:06 - 00137040 _____ C:\WINDOWS\KB2847311.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00141319 _____ C:\WINDOWS\iis6.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00129333 _____ C:\WINDOWS\FaxSetup.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00062076 _____ C:\WINDOWS\ocgen.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00059245 _____ C:\WINDOWS\tsoc.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00043276 _____ C:\WINDOWS\comsetup.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00039962 _____ C:\WINDOWS\msmqinst.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00026213 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00022743 _____ C:\WINDOWS\netfxocm.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00012216 _____ C:\WINDOWS\updspapi.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00008925 _____ C:\WINDOWS\MedCtrOC.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00007182 _____ C:\WINDOWS\ocmsn.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00006531 _____ C:\WINDOWS\tabletoc.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00006489 _____ C:\WINDOWS\msgsocm.log
2013-10-23 20:51 - 2013-07-10 21:14 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-23 20:50 - 2013-10-23 20:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-23 20:50 - 2013-10-23 20:49 - 00133686 _____ C:\WINDOWS\KB2862335.log
2013-10-23 20:50 - 2013-07-10 21:14 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-23 20:46 - 2013-08-03 20:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-23 20:39 - 2010-10-17 18:38 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-23 20:37 - 2010-11-03 23:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-23 20:34 - 2013-10-23 20:32 - 00011869 _____ C:\WINDOWS\KB2868038.log
2013-10-23 20:33 - 2013-10-23 20:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-23 20:30 - 2013-10-23 20:27 - 00011742 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-23 20:28 - 2011-01-23 14:42 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-23 20:26 - 2013-10-23 20:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-23 20:24 - 2013-10-23 20:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-23 19:55 - 2013-09-30 18:54 - 00000884 __RSH C:\Documents and Settings\Eshy\ntuser.pol
2013-10-08 18:18 - 2008-07-21 15:05 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-08 18:18 - 2008-07-21 15:05 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-08 18:18 - 2008-07-21 15:05 - 00000000 ____D C:\Documents and Settings\Administrator
2013-10-08 17:00 - 2011-04-01 00:55 - 00000000 ____D C:\Documents and Settings\Eshy\Application Data\Apple Computer
2013-10-08 15:26 - 2010-10-22 00:09 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2013-09-30 19:30 - 2012-11-09 03:10 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-30 18:53 - 2013-09-30 18:53 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2013-09-30 18:49 - 2010-10-17 15:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP