Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VIrus, Malware, and/or Adware [Closed]

Started by Serine , Jan 09 2014 06:21 PM

  • This topic is locked This topic is locked

#1
Serine
Posted 09 January 2014 - 06:21 PM

Serine

    Member

  • Member
  • PipPipPip
  • 109 posts
Hello,
I was trying to download a program off of the cnet website yesterday (Jan 8th) but I ended up stopping midway as there were so many offers for additional programs making it difficult to navigate through the download. However despite stopping the download process halfway much of the programs specifically adware, spyware, malware,etc has got into my computer. When I turned on my computer the next day I noticed my internet home page/ tab page was changed (I managed to change it back though), there were programs I didn't intend to install there, there were no longer any system restore points, and I could not create any.

I ran an avast full system scan which found nothing, then I ran malwarebytes which found 13 infected objects which i then promptly deleted. Any help on this issue would be greatly appreciated.

This is the malwarebytes log after the infected files were removed:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.09.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
user :: OWNER [administrator]

1/9/2014 4:26:29 PM
mbam-log-2014-01-09 (16-26-29).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 527504
Time elapsed: 2 hour(s), 27 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 11
C:\Users\user\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nseFB2E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nso9734.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsp5503.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsp5CF0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsu157.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\1_Offer_5.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\dlm9640.tmp\pdftopowerpoint_setup.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\dlmCD66.tmp\pdftopowerpoint_setup.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements

#2
Biscuithd
Posted 09 January 2014 - 06:59 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hello Serine, :wave: Welcome to the forums!
:welcome:. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult
Ok, let's get started. In order to figure out what is wrong with your computer, I'll need a diagnostic scan.

  • Download OTL to your Desktop
  • Open Posted Image on the desktop. To do that:
    • Right click on the icon and click Run as Administrator)
  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      Quote

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
  • Make sure all other windows are closed.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Quick Scan button
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • If the OTL.txt is opened please press ctrl + A , then CTRL + C to copy the content of the file
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the post window.
[/list]Repeat that for the Extras.txt file.
  • 0

#3
Serine
Posted 09 January 2014 - 08:14 PM

Serine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

Thank you for your timely reply, it's very much appreciated.
I ran the OTL program (quick scan) and it only produced an OTL.txt, there was no Extras.txt file on the task bar.

Here's the OTL.txt file though:


OTL logfile created on: 1/9/2014 8:51:23 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 60.58% Memory free
6.09 Gb Paging File | 4.76 Gb Available in Paging File | 78.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.53 Gb Total Space | 136.40 Gb Free Space | 61.02% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.36 Gb Free Space | 14.59% Space Free | Partition Type: NTFS

Computer Name: OWNER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 20:48:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/11/02 00:54:46 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/11/02 00:54:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxebcoms.exe
PRC - [2009/11/23 19:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 19:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 19:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 06:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/02 00:54:54 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/18 02:32:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/18 02:29:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/18 02:29:02 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/18 02:28:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/18 02:27:49 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/18 02:27:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/10/18 18:29:54 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebdatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2008/06/12 00:17:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/12/19 22:51:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:23:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/02 00:54:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/01 15:49:19 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2010/04/14 14:55:54 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2009/11/23 19:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 19:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/10/17 20:54:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\Desktop\SysProt\SysProt\SysProtDrv.sys -- (SysProtDrv.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/11/06 14:23:55 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2013/11/02 00:54:57 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/02 00:54:57 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/02 00:54:57 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/02 00:54:57 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/02 00:54:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/02 00:54:57 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/02 00:54:56 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/08/14 15:03:51 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009/08/27 18:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/07/09 12:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 14:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 12:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3405851E-616E-4C48-A09B-1BBCA358146D}: "URL" = http://ca.search.yah...ing}&fr=hp-psnb
IE - HKLM\..\SearchScopes\{E9B7B3CA-A87E-4958-B740-084A0AA86A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=cacql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://ca.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 11 EB E4 57 03 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0488186F-833C-4024-BAB1-1DB77CC5A5E8}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0488186F-833C-4024-BAB1-1DB77CC5A5E8}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3405851E-616E-4C48-A09B-1BBCA358146D}: "URL" = http://ca.search.yah...ing}&fr=hp-psnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://ca.msn.com/|h.../ca.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/06 21:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/11/02 00:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/19 22:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/11/06 15:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/01/02 22:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ol1itmyx.default\extensions
[2014/01/02 22:16:27 | 000,535,529 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ol1itmyx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/11/06 15:24:40 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ol1itmyx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/09 01:54:35 | 000,000,861 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ol1itmyx.default\searchplugins\conduit-search.xml
[2013/12/19 22:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/19 22:51:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/02 00:54:59 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

O1 HOSTS File: ([2010/11/22 18:55:42 | 000,425,428 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14659 more lines...
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{918AA5D4-0638-4301-8198-38BE746FA522}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7EF96C0-0D60-4080-800D-22CC22D5C006}: DhcpNameServer = 64.71.255.204 64.71.255.198
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\Pictures\Damon-Elena-Banner-01-600x450 edit.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\Pictures\Damon-Elena-Banner-01-600x450 edit.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/15 23:04:56 | 000,000,262 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ba9db6d-4ec9-11e2-8bb5-001f1653213c}\Shell - "" = AutoRun
O33 - MountPoints2\{4ba9db6d-4ec9-11e2-8bb5-001f1653213c}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{4ba9db76-4ec9-11e2-8bb5-001f1653213c}\Shell - "" = AutoRun
O33 - MountPoints2\{4ba9db76-4ec9-11e2-8bb5-001f1653213c}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{568a84bf-1192-11e2-ab38-001f1653213c}\Shell - "" = AutoRun
O33 - MountPoints2\{568a84bf-1192-11e2-ab38-001f1653213c}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/09 20:48:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/09 01:56:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Free PDF Solutions
[2013/12/19 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/17 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Audacity
[14 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/09 20:56:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B75A2C7B-2F0B-4546-8094-5981395FB375}.job
[2014/01/09 20:52:12 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4561535-CFD0-4B75-A6EC-F773166355B3}.job
[2014/01/09 20:48:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/09 20:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/09 19:37:31 | 000,002,595 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Word.lnk
[2014/01/09 19:01:41 | 000,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2014/01/09 19:00:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 19:00:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 19:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 19:00:20 | 3147,010,048 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/09 13:46:09 | 002,357,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/09 01:25:41 | 002,828,347 | ---- | M] () -- C:\Users\user\Documents\Lecture_01- biochem.pdf
[2013/12/22 22:48:53 | 000,407,037 | ---- | M] () -- C:\Users\user\Documents\Directions to aquarium.pdf
[2013/12/14 23:54:02 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job
[14 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/09 01:25:40 | 002,828,347 | ---- | C] () -- C:\Users\user\Documents\Lecture_01- biochem.pdf
[2013/12/22 22:48:51 | 000,407,037 | ---- | C] () -- C:\Users\user\Documents\Directions to aquarium.pdf
[2013/12/17 20:46:38 | 033,914,924 | ---- | C] () -- C:\Users\user\Documents\Sound clip 09.wav
[2013/08/28 14:47:03 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
[2013/03/22 17:25:32 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/22 17:25:31 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/10/12 23:02:09 | 000,201,520 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/02/10 03:10:38 | 001,532,315 | ---- | C] () -- C:\Users\user\hamlet assign.psd
[2012/02/03 16:51:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll
[2012/02/03 16:51:42 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll
[2012/02/03 16:51:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll
[2012/02/03 16:51:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll
[2012/02/03 16:51:21 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll
[2012/02/03 16:49:20 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxebrwrd.ini
[2012/02/03 16:49:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll
[2012/02/03 16:49:05 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEBhcp.dll
[2012/02/03 16:49:05 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll
[2012/02/03 16:49:04 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll
[2012/02/03 16:49:04 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll
[2012/02/03 16:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll
[2012/02/03 16:49:04 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll
[2012/02/03 16:49:03 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll
[2012/02/03 16:49:03 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe
[2012/02/03 16:49:03 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll
[2012/02/03 16:49:03 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll
[2012/02/03 16:49:03 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll
[2012/02/03 16:49:03 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll
[2012/02/03 16:49:02 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll
[2012/02/03 16:49:02 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe
[2012/02/03 16:49:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll
[2012/02/03 16:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll
[2012/02/03 16:49:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll
[2012/02/03 16:49:02 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll
[2012/02/03 16:49:01 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll
[2012/02/03 16:49:01 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe
[2012/02/03 16:49:01 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll
[2012/02/03 16:48:21 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEBsm.dll
[2012/02/03 16:48:21 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEBsmr.dll
[2011/09/30 18:53:14 | 000,000,022 | RHS- | C] () -- C:\ProgramData\ExpPDFSAMSystem.kje
[2011/09/21 16:27:46 | 000,010,758 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011/05/07 21:46:35 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/08/14 15:03:50 | 000,000,990 | -HS- | C] () -- C:\Users\user\AppData\Roaming\systemfl.$dk
[2010/07/16 22:33:06 | 000,000,000 | ---- | C] () -- C:\Users\user\jagex__preferences3.dat
[2010/07/16 22:33:05 | 000,000,099 | ---- | C] () -- C:\Users\user\jagex_runescape_preferences2.dat
[2010/07/16 22:32:58 | 000,000,046 | ---- | C] () -- C:\Users\user\jagex_runescape_preferences.dat
[2010/02/12 18:00:52 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/03/31 21:03:50 | 000,000,162 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/03/25 17:57:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/24 17:53:18 | 000,000,632 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2009/01/22 20:00:34 | 000,107,008 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/07 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\8CEFB4323FDEFC030B001678C90BE9E4
[2013/11/27 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Advanced Chemistry Development
[2013/12/17 20:52:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2013/11/02 16:51:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVAST Software
[2009/07/06 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVCWare Studio
[2013/09/13 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software
[2014/01/09 01:56:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Free PDF Solutions
[2011/02/19 23:35:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GrabPro
[2013/10/14 18:11:37 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\hsehaavc
[2013/08/29 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView
[2009/02/14 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\muvee Technologies
[2011/02/19 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Orbit
[2011/09/21 16:27:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2009/02/07 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/02/19 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ProgSense
[2009/02/02 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Publish Providers
[2011/10/20 01:04:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Softland
[2009/07/07 15:39:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2009/03/14 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2009/03/31 21:03:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2014/01/07 22:10:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2009/02/07 14:33:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2009/02/13 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2011/02/13 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WTouch
[2009/07/07 16:04:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xilisoft Corporation

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 21:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 21:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2008/01/20 21:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/06/16 10:09:32 | 000,328,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2008/04/18 00:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 21:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2008/01/20 21:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/03/02 23:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2008/01/20 21:24:02 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 09:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 21:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 04:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 21:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/06/18 22:31:48 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2008/01/20 21:24:23 | 000,310,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 21:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 21:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 21:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 21:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 21:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008/01/20 21:24:02 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 08:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2008/06/25 22:29:02 | 000,565,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 21:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2008/01/20 21:24:36 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/03/02 23:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 21:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2008/01/20 21:23:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 11:24:40 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:21:29 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/01/20 21:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/06 06:09:57 | 000,603,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2008/01/20 21:24:54 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:21:29 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2008/01/20 21:24:04 | 000,153,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2008/01/20 21:23:50 | 001,054,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2008/01/20 21:24:54 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2008/01/20 21:24:54 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 21:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:49 | 001,013,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2008/01/20 21:24:47 | 000,393,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2008/01/20 21:23:39 | 000,452,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2008/01/20 21:24:27 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2008/01/20 21:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/08/06 21:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2008/01/20 21:24:22 | 000,175,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:32:52 | 000,513,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:12:29 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2013/12/03 23:12:27 | 000,052,392 | ---- | M] () MD5=044DD9DC2BE5DDF33729EB9F7C6C1D37 -- C:\Windows\Temp\f057c67b-b983-4691-8231-fb4e08f70cc0\explorer.exe
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/20 21:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\System32\qmgr.dll
[2008/01/20 21:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.AIP >
[2008/09/18 03:07:48 | 000,118,784 | ---- | M] (Adobe Systems Incorporated) MD5=41EE0A80B951D675B9227F29651511E0 -- C:\Program Files\Adobe\Adobe Illustrator CS4\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2008/07/12 04:44:37 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C780967616B794778D1B444B1DB550BB -- C:\Windows\System32\fr-FR\services.exe.mui
[2008/07/12 04:44:37 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C780967616B794778D1B444B1DB550BB -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_0a4957fe1c0324f4\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2008/07/12 04:45:07 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2008/07/12 04:45:07 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_fr-fr_448b27e9f26cbee7\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2010/10/26 02:42:42 | 000,034,104 | ---- | M] () MD5=396C67EA23B7B14A083ACB13463BE028 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 1687-606C
Directory of C:\
11/02/2006 08:02 AM <JUNCTION> Documents and Settings [c:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 08:02 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 08:02 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 08:02 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 08:02 AM <SYMLINKD> All Users [c:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Default User [c:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Ace
03/25/2009 02:59 PM <JUNCTION> Application Data [C:\Users\Ace\AppData\Roaming]
03/25/2009 02:59 PM <JUNCTION> Cookies [C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Cookies]
03/25/2009 02:59 PM <JUNCTION> Local Settings [C:\Users\Ace\AppData\Local]
03/25/2009 02:59 PM <JUNCTION> My Documents [C:\Users\Ace\Documents]
03/25/2009 02:59 PM <JUNCTION> NetHood [C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/25/2009 02:59 PM <JUNCTION> PrintHood [C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/25/2009 02:59 PM <JUNCTION> Recent [C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Recent]
03/25/2009 02:59 PM <JUNCTION> SendTo [C:\Users\Ace\AppData\Roaming\Microsoft\Windows\SendTo]
03/25/2009 02:59 PM <JUNCTION> Start Menu [C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Start Menu]
03/25/2009 02:59 PM <JUNCTION> Templates [C:\Users\Ace\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ace\AppData\Local
03/25/2009 02:59 PM <JUNCTION> Application Data [C:\Users\Ace\AppData\Local]
03/25/2009 02:59 PM <JUNCTION> History [C:\Users\Ace\AppData\Local\Microsoft\Windows\History]
03/25/2009 02:59 PM <JUNCTION> Temporary Internet Files [C:\Users\Ace\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ace\Documents
03/25/2009 02:59 PM <JUNCTION> My Music [C:\Users\Ace\Music]
03/25/2009 02:59 PM <JUNCTION> My Pictures [C:\Users\Ace\Pictures]
03/25/2009 02:59 PM <JUNCTION> My Videos [C:\Users\Ace\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\ProgramData]
11/02/2006 08:02 AM <JUNCTION> Desktop [c:\Users\Public\Desktop]
11/02/2006 08:02 AM <JUNCTION> Documents [c:\Users\Public\Documents]
11/02/2006 08:02 AM <JUNCTION> Favorites [c:\Users\Public\Favorites]
11/02/2006 08:02 AM <JUNCTION> Start Menu [c:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [c:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Roaming]
11/02/2006 08:02 AM <JUNCTION> Cookies [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 08:02 AM <JUNCTION> Local Settings [c:\Users\Default\AppData\Local]
11/02/2006 08:02 AM <JUNCTION> My Documents [c:\Users\Default\Documents]
11/02/2006 08:02 AM <JUNCTION> NetHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 08:02 AM <JUNCTION> PrintHood [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 08:02 AM <JUNCTION> Recent [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 08:02 AM <JUNCTION> SendTo [c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 08:02 AM <JUNCTION> Start Menu [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 08:02 AM <JUNCTION> Templates [c:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 08:02 AM <JUNCTION> Application Data [c:\Users\Default\AppData\Local]
11/02/2006 08:02 AM <JUNCTION> History [c:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 08:02 AM <JUNCTION> Temporary Internet Files [c:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 08:02 AM <JUNCTION> My Music [c:\Users\Default\Music]
11/02/2006 08:02 AM <JUNCTION> My Pictures [c:\Users\Default\Pictures]
11/02/2006 08:02 AM <JUNCTION> My Videos [c:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
03/22/2009 03:50 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
03/22/2009 03:50 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
03/22/2009 03:50 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
03/22/2009 03:50 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]
03/22/2009 03:50 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/22/2009 03:50 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/22/2009 03:50 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
03/22/2009 03:50 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
03/22/2009 03:50 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
03/22/2009 03:50 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
03/22/2009 03:50 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
03/22/2009 03:50 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
03/22/2009 03:50 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
03/22/2009 03:50 PM <JUNCTION> My Music [C:\Users\Guest\Music]
03/22/2009 03:50 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
03/22/2009 03:50 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 08:02 AM <JUNCTION> My Music [c:\Users\Public\Music]
11/02/2006 08:02 AM <JUNCTION> My Pictures [c:\Users\Public\Pictures]
11/02/2006 08:02 AM <JUNCTION> My Videos [c:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\user
01/17/2009 12:50 PM <JUNCTION> Application Data [C:\Users\user\AppData\Roaming]
01/17/2009 12:50 PM <JUNCTION> Cookies [C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies]
01/17/2009 12:50 PM <JUNCTION> Local Settings [C:\Users\user\AppData\Local]
01/17/2009 12:50 PM <JUNCTION> My Documents [C:\Users\user\Documents]
01/17/2009 12:50 PM <JUNCTION> NetHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/17/2009 12:50 PM <JUNCTION> PrintHood [C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/17/2009 12:50 PM <JUNCTION> Recent [C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent]
01/17/2009 12:50 PM <JUNCTION> SendTo [C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo]
01/17/2009 12:50 PM <JUNCTION> Start Menu [C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu]
01/17/2009 12:50 PM <JUNCTION> Templates [C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\user\AppData\Local
01/17/2009 12:50 PM <JUNCTION> Application Data [C:\Users\user\AppData\Local]
01/17/2009 12:50 PM <JUNCTION> History [C:\Users\user\AppData\Local\Microsoft\Windows\History]
01/17/2009 12:50 PM <JUNCTION> Temporary Internet Files [C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\user\Documents
01/17/2009 12:50 PM <JUNCTION> My Music [C:\Users\user\Music]
01/17/2009 12:50 PM <JUNCTION> My Pictures [C:\Users\user\Pictures]
01/17/2009 12:50 PM <JUNCTION> My Videos [C:\Users\user\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
07/12/2008 07:36 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
07/12/2008 07:36 AM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
07/12/2008 07:36 AM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
07/12/2008 07:36 AM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
07/12/2008 07:36 AM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/12/2008 07:36 AM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/12/2008 07:36 AM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
07/12/2008 07:36 AM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
07/12/2008 07:36 AM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
07/12/2008 07:36 AM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
07/12/2008 07:36 AM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
07/12/2008 07:36 AM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
07/12/2008 07:36 AM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
07/12/2008 07:36 AM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
07/12/2008 07:36 AM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
07/12/2008 07:36 AM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
98 Dir(s) 146,462,781,440 bytes free

< >
[2006/11/02 08:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 08:01:49 | 000,032,630 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/04/02 10:46:12 | 000,000,318 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForuser.job
[2010/09/04 09:43:24 | 000,000,414 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B75A2C7B-2F0B-4546-8094-5981395FB375}.job
[2012/05/05 18:33:13 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/08/23 01:47:41 | 000,000,390 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E4561535-CFD0-4B75-A6EC-F773166355B3}.job

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Users\user\Documents\What the....png:SummaryInformation

< End of report >
  • 0

#4
Biscuithd
Posted 09 January 2014 - 08:59 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi Serine,

I see why there was no Extras.txt. Could you run OTL again and check "Use Safe List" under Extra-Registry and click the "Run Scan" Button. OTL should produce an Extras.txt this time. Would you post that log please?
  • 0

#5
Serine
Posted 09 January 2014 - 10:06 PM

Serine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
OTL Extras logfile created on: 1/9/2014 10:06:53 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 55.68% Memory free
6.09 Gb Paging File | 4.69 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.53 Gb Total Space | 136.40 Gb Free Space | 61.02% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.35 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: OWNER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1621933612-3435701669-3567826921-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20D32E31-D8A0-4C18-A257-19E096951068}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{22878E78-ADF3-4778-BD51-5BE5B8EE8546}" = lport=49204 | protocol=6 | dir=in | name=akamai netsession interface |
"{2E54AA4D-A98C-49F9-B973-31B7B148D5FA}" = lport=50306 | protocol=6 | dir=in | name=akamai netsession interface |
"{426FE0A9-3A16-4F52-8C31-0BF2B7D01715}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{C6CDA5DB-24FF-422C-A4C3-73B5C9BB31C7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D35ED92-1747-4201-9B49-3D2B62229268}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1FA8C250-5563-44BC-943F-F9B0BE0AE45F}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2096EAB4-BDCF-428B-8552-7823D7A62E2B}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{3D938EB0-90F8-41B5-8749-1ABFDCC3B8A4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{6CCEF075-6B04-46CD-8EF0-1946F859EC79}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6DF174B6-1906-48FB-97F3-1FE24582A93F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7D1C596E-5CD3-48D9-96AA-2A0343FC3D08}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{8545678A-F481-4439-9C98-FE9AA8A15316}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{85733B2A-7337-4012-8295-AD0652BA9FE6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{91295A29-254A-43E4-AF7F-A1948E92B5F2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A7C371FE-1C6A-479A-9EED-FF0AEE73D144}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{AD7FFC5D-5D99-4ACE-B91C-0479C1698C5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4465B32-F1C9-4CBB-A249-409989ACA1B8}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E2D675CA-095A-44DA-8A61-49799CA05C44}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\j9vyiwvs\moviebario_fm[1].exe |
"{E56724B9-64B1-4516-9497-4D1E7CC86062}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E6EDC9A6-BF69-4740-9090-986E06EEFC6A}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\microsoft\windows\temporary internet files\content.ie5\j9vyiwvs\moviebario_fm[1].exe |
"{F48743C9-FF14-4289-95C9-90E988B5D8F4}" = dir=in | app=c:\windows\system32\lxebcoms.exe |
"{F650C2FD-D210-454B-8E23-FDCD6A2AD75B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FF00CB58-0862-4ABB-88C5-CDF7E8F39E0C}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{063C4ACF-3234-4E4C-BFD0-C0F04E91F466}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{394DD8A0-C31B-4DBE-A07E-3A756EEB8B9A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{74EFC2B5-CDB2-4799-A275-52C59FE7B2A6}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{852E0A18-8EC4-4914-BC4B-0DBCE88D76D0}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{D29ACFA9-A41E-4BD9-8134-46E272520DC2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{35341A4F-CF0C-4E4B-8CBD-B5B085B82B59}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{3B7FEC72-5EC0-4E47-A5FA-1F7D773D3941}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{4F939316-FE0B-48A7-ABD6-2FB29CD00B44}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B3463942-E518-4E47-A5D9-A37AC2CB1140}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D9D19479-F5CC-474E-A4BC-C38F0114C87B}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D7DF9B2-BCA3-4AF7-9C5F-4ADEB7495F7E}" = HP User Guides 0121
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{51FD8515-2F15-4E6D-A93C-BC6988AEC29A}" = Sony Media Manager 2.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B6DFA96-41E6-4FD7-B380-51764CF7A4BF}" = Trigonometry Solved!
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7FC84AD6-D939-41A0-A3DF-FB9B511FF275}_is1" = Sothink SWF Catcher for Internet Explorer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DE78A52-B79D-4574-9D2A-A56C90CEEA8D}" = Calculus Solved!
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E51E08E3-BBD2-40AD-8F9F-4BF9DEA54B44}" = Algebra 2 Solved!
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"ACDLabs in C__Program_Files_ACD2012FREE_" = ACD/Labs Freeware in C:\Program Files\ACD2012FREE\
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface Service
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CFHDCodec" = CineForm HD VFW Codec
"CineForm NEO Player" = CineForm NEO Player 4.0
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"doPDF 7 printer_is1" = doPDF 7.2 printer
"Foxit Reader_is1" = Foxit Reader
"GPL Ghostscript 9.09" = GPL Ghostscript
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro35" = Hitman Pro 3.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PDF Split Or Merge 1.1" = PDF Split Or Merge 1.1
"Pen Tablet Driver" = Bamboo
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shockwave" = Shockwave
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TI-83 Plus Flash Debugger" = TI-83 Plus Flash Debugger
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent hp Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.0.2
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2014 2:47:30 PM | Computer Name = OWNER | Source = TabletServicePen | ID = 0
Description =

Error - 1/9/2014 3:13:20 PM | Computer Name = OWNER | Source = VSS | ID = 12293
Description =

Error - 1/9/2014 8:00:38 PM | Computer Name = OWNER | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2014 8:00:58 PM | Computer Name = OWNER | Source = TabletServicePen | ID = 0
Description =

Error - 1/9/2014 8:20:33 PM | Computer Name = OWNER | Source = VSS | ID = 12305
Description =

Error - 1/9/2014 8:20:33 PM | Computer Name = OWNER | Source = VSS | ID = 12293
Description =

Error - 1/9/2014 9:54:59 PM | Computer Name = OWNER | Source = VSS | ID = 12305
Description =

Error - 1/9/2014 9:54:59 PM | Computer Name = OWNER | Source = VSS | ID = 12293
Description =

Error - 1/9/2014 11:10:11 PM | Computer Name = OWNER | Source = VSS | ID = 12305
Description =

Error - 1/9/2014 11:10:11 PM | Computer Name = OWNER | Source = VSS | ID = 12293
Description =

[ System Events ]
Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15021
Description =

Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15021
Description =

Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15021
Description =

Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15021
Description =

Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15021
Description =

Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15021
Description =

Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15021
Description =

Error - 5/18/2011 4:07:15 PM | Computer Name = OWNER | Source = HTTP | ID = 15016
Description =

Error - 5/18/2011 4:21:56 PM | Computer Name = OWNER | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:08:01 PM on 5/18/2011 was unexpected.

Error - 5/18/2011 4:40:22 PM | Computer Name = OWNER | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:32:34 PM on 5/18/2011 was unexpected.


< End of report >
  • 0

#6
Biscuithd
Posted 10 January 2014 - 08:54 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi Serine,

Would you perform the following instructions please.

Download CKScanner from here:http://downloads.mal...m/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
Give permission if necessary, and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program once only.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
  • 0

#7
Serine
Posted 10 January 2014 - 09:41 PM

Serine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hello,
I had to run the program twice as the first time i did so it froze here are the results though.

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.NLLBQ0
----- EOF -----
  • 0

#8
Biscuithd
Posted 13 January 2014 - 10:16 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi Serine,

Thanks for you patience.

IMPORTANT I see, you have one or more P2P (Peer to Peer) programs installed.

1.) If you download files via a P2P File sharing programs, you can usually expect a infection of malware. Certainly you can use P2P programs at your own risk, but they are often the source of many computer infections.
2.) Please read these reports about the danger of P2P Programs:
3.) I would recommend that you uninstall your P2P programs. Do do this, you can perform the following instructions. Start >> Control Panel >> Add or Remove Programs
4.) If you want to keep the program on your computer , please don't use it while we are fixing your computer!


To perform the fix you will need to disable TeaTimer and Defender temporarily. To do this, perform the following steps.

Disable Spybot S+D

• Open Spybot-S&D

• Go to the Mode menu and make sure "Advanced Mode" is selected

• On the left hand side, choose Tools ~> Resident

• Uncheck "Resident TeaTimer and OK any prompts

• Restart your computer.

Disable Windows Defender

Click Start and in the search box type: CMD in the results right click CMD and Run as Administrator
<LI>At the command prompt (flashing cursor) copy and paste the following: sc stop WinDefend and press Enter
<LI>At the next command prompt copy and paste the following: sc config WinDefend start= disable and press Enter
<LI>Close CMD box


Uninstall Software

  • Click on the Start Posted Image button and select Control Panel
  • Click on Uninstall a program or Programs and Features
  • You will now see a list of your installed software, double click on the following to uninstall it:
  • Orbit
Once you have done this, reboot your computer


OTL Fix

  • Run OTL as you did before.
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
[2011/02/19 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Orbit
IE - HKLM\..\SearchScopes\{E9B7B3CA-A87E-4958-B740-084A0AA86A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=cacql
IE - HKCU\..\SearchScopes,DefaultScope = {0488186F-833C-4024-BAB1-1DB77CC5A5E8}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui....rchTerms}=
[2014/01/09 01:54:35 | 000,000,861 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ol1itmyx.default\searchplugins\conduit-search.xml
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found.
O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found

:Commands
[emptytemp]


Then press the Run Fix button

Your computer will reboot. If it does not, please manually reboot.

Re-Run OTL

Run OTL again and click Quick Scan.

Copy and paste the contents of the log that it produces into your next post back to me.
  • 0

#9
Serine
Posted 13 January 2014 - 02:31 PM

Serine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi Biscuithd,

I have followed your instructions and disabled Tea Timer and Windows Defender however I cannot find the program "Orbit" in my programs and features list to uninstall.
  • 0

#10
Biscuithd
Posted 13 January 2014 - 02:35 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
You're right. Go ahead with the rest of the instructions.


  • 0

Advertisements

#11
Serine
Posted 14 January 2014 - 08:35 PM

Serine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

I copy and pasted the OTL quote and ran the fix as you described and at the bottom of the OTL window it said it was creating a restore point. I waited for 4 hours and it had the same message so I just ended up turning my computer off. I haven't retried it as I believe that it will freeze again since trying to create a restore point doesn't work either.
  • 0

#12
Biscuithd
Posted 15 January 2014 - 01:12 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Could you check the status of System Restore on your computer. I suspect you already know how to check, but just in case, here are some instructions.


Click on Start > All Programs > Accessories > System Tools >System Restore. This will open the system restore window.

Posted Image

Click open System Protection on the system restore window to open the system properties window.

Posted Image

On the System Properties window you will be able to see all the available partitions and the most recent restore points.



Posted Image

Let know how it's set right now and if necessary, enable Restore.

Also, run OTL again and click Quick Scan.

Copy and paste the contents of the log that it produces into your next post back to me.
  • 0

#13
Serine
Posted 15 January 2014 - 02:37 PM

Serine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hi,

System Restore is enabled and when I try to manually create a restore point I get a message saying that creation of the restore point was sucessful, but as soon as I close the system restore window and re-open it there are no restore points to be found.


OTL logfile created on: 1/15/2014 3:09:33 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 55.96% Memory free
6.08 Gb Paging File | 4.64 Gb Available in Paging File | 76.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.53 Gb Total Space | 136.61 Gb Free Space | 61.12% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.24 Gb Free Space | 13.30% Space Free | Partition Type: NTFS

Computer Name: OWNER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 20:48:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/11/02 00:54:46 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/11/02 00:54:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\user\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxebcoms.exe
PRC - [2009/11/23 19:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 19:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 19:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 06:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/02 00:54:54 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2013/02/12 21:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/12 21:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/18 02:32:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/18 02:29:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/18 02:29:02 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/18 02:28:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/18 02:27:49 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/18 02:27:09 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/10/18 18:29:54 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebdatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2008/06/12 00:17:08 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2007/08/14 15:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 15:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 15:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/12/19 22:51:41 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:23:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/02 00:54:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/07/01 15:49:19 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxebcoms.exe -- (lxeb_device)
SRV - [2010/04/14 14:55:54 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2009/11/23 19:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 19:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/10/17 20:54:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\Desktop\SysProt\SysProt\SysProtDrv.sys -- (SysProtDrv.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/11/06 14:23:55 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2013/11/02 00:54:57 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/11/02 00:54:57 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/02 00:54:57 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/11/02 00:54:57 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/11/02 00:54:57 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/11/02 00:54:57 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/11/02 00:54:56 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/08/14 15:03:51 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009/08/27 18:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/07/09 12:16:24 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 14:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/06/10 13:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 11:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/04 12:54:22 | 000,113,664 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/20 21:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/02/16 14:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{3405851E-616E-4C48-A09B-1BBCA358146D}: "URL" = http://ca.search.yah...ing}&fr=hp-psnb
IE - HKLM\..\SearchScopes\{E9B7B3CA-A87E-4958-B740-084A0AA86A9D}: "URL" = http://www.ask.com/w...}&l=dis&o=cacql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 11 EB E4 57 03 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0488186F-833C-4024-BAB1-1DB77CC5A5E8}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0488186F-833C-4024-BAB1-1DB77CC5A5E8}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3405851E-616E-4C48-A09B-1BBCA358146D}: "URL" = http://ca.search.yah...ing}&fr=hp-psnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://ca.msn.com/|h.../ca.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI7967~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/06 21:57:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/11/02 00:54:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/19 22:51:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/11/06 15:19:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/01/11 22:12:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ol1itmyx.default\extensions
[2014/01/11 22:12:33 | 000,536,010 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ol1itmyx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/11/06 15:24:40 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ol1itmyx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/09 01:54:35 | 000,000,861 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ol1itmyx.default\searchplugins\conduit-search.xml
[2013/12/19 22:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/19 22:51:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/02 00:54:59 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

O1 HOSTS File: ([2010/11/22 18:55:42 | 000,425,428 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14659 more lines...
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office 2010\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: &Grab video by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: Down&load all by Orbit - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - Reg Error: Value error. File not found
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{918AA5D4-0638-4301-8198-38BE746FA522}: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7EF96C0-0D60-4080-800D-22CC22D5C006}: DhcpNameServer = 64.71.255.204 64.71.255.198
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\user\Pictures\Damon-Elena-Banner-01-600x450 edit.jpg
O24 - Desktop BackupWallPaper: C:\Users\user\Pictures\Damon-Elena-Banner-01-600x450 edit.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/15 23:04:56 | 000,000,262 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4ba9db6d-4ec9-11e2-8bb5-001f1653213c}\Shell - "" = AutoRun
O33 - MountPoints2\{4ba9db6d-4ec9-11e2-8bb5-001f1653213c}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{4ba9db76-4ec9-11e2-8bb5-001f1653213c}\Shell - "" = AutoRun
O33 - MountPoints2\{4ba9db76-4ec9-11e2-8bb5-001f1653213c}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O33 - MountPoints2\{568a84bf-1192-11e2-ab38-001f1653213c}\Shell - "" = AutoRun
O33 - MountPoints2\{568a84bf-1192-11e2-ab38-001f1653213c}\Shell\AutoRun\command - "" = F:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/12 18:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/01/12 18:01:51 | 010,583,912 | ---- | C] (McAfee Inc) -- C:\Users\user\Desktop\stinger32.exe
[2014/01/12 17:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/01/12 17:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/12 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/01/09 20:48:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/09 01:56:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Free PDF Solutions
[2013/12/19 22:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/17 20:45:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Audacity
[14 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/15 15:12:47 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E4561535-CFD0-4B75-A6EC-F773166355B3}.job
[2014/01/15 15:11:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B75A2C7B-2F0B-4546-8094-5981395FB375}.job
[2014/01/15 14:56:53 | 000,000,284 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2014/01/15 14:55:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 14:55:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/15 14:55:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/15 14:55:39 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 23:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/13 23:54:04 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job
[2014/01/13 18:33:10 | 000,002,595 | ---- | M] () -- C:\Users\user\Desktop\Microsoft Word.lnk
[2014/01/13 14:32:38 | 002,357,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/01/12 18:17:32 | 000,000,108 | RH-- | M] () -- C:\Users\user\Desktop\Stinger.opt
[2014/01/12 18:01:54 | 010,583,912 | ---- | M] (McAfee Inc) -- C:\Users\user\Desktop\stinger32.exe
[2014/01/12 17:54:18 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/01/10 22:14:49 | 000,468,480 | ---- | M] () -- C:\Users\user\Desktop\CKScanner.exe
[2014/01/09 20:48:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/09 01:25:41 | 002,828,347 | ---- | M] () -- C:\Users\user\Documents\Lecture_01- biochem.pdf
[2013/12/22 22:48:53 | 000,407,037 | ---- | M] () -- C:\Users\user\Documents\Directions to aquarium.pdf
[14 C:\Users\user\Documents\*.tmp files -> C:\Users\user\Documents\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/12 18:02:15 | 000,000,108 | RH-- | C] () -- C:\Users\user\Desktop\Stinger.opt
[2014/01/12 17:54:18 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/01/10 22:14:48 | 000,468,480 | ---- | C] () -- C:\Users\user\Desktop\CKScanner.exe
[2014/01/09 01:25:40 | 002,828,347 | ---- | C] () -- C:\Users\user\Documents\Lecture_01- biochem.pdf
[2013/12/22 22:48:51 | 000,407,037 | ---- | C] () -- C:\Users\user\Documents\Directions to aquarium.pdf
[2013/12/17 20:46:38 | 033,914,924 | ---- | C] () -- C:\Users\user\Documents\Sound clip 09.wav
[2013/08/28 14:47:03 | 000,216,064 | ---- | C] () -- C:\Windows\System32\gcapi_dll.dll
[2013/03/22 17:25:32 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/22 17:25:31 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/10/12 23:02:09 | 000,201,520 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/02/10 03:10:38 | 001,532,315 | ---- | C] () -- C:\Users\user\hamlet assign.psd
[2012/02/03 16:51:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll
[2012/02/03 16:51:42 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll
[2012/02/03 16:51:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll
[2012/02/03 16:51:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll
[2012/02/03 16:51:21 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll
[2012/02/03 16:49:20 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxebrwrd.ini
[2012/02/03 16:49:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll
[2012/02/03 16:49:05 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEBhcp.dll
[2012/02/03 16:49:05 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll
[2012/02/03 16:49:04 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll
[2012/02/03 16:49:04 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll
[2012/02/03 16:49:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll
[2012/02/03 16:49:04 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll
[2012/02/03 16:49:03 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll
[2012/02/03 16:49:03 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe
[2012/02/03 16:49:03 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll
[2012/02/03 16:49:03 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll
[2012/02/03 16:49:03 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll
[2012/02/03 16:49:03 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll
[2012/02/03 16:49:02 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll
[2012/02/03 16:49:02 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe
[2012/02/03 16:49:02 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll
[2012/02/03 16:49:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll
[2012/02/03 16:49:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll
[2012/02/03 16:49:02 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll
[2012/02/03 16:49:01 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll
[2012/02/03 16:49:01 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe
[2012/02/03 16:49:01 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll
[2012/02/03 16:48:21 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEBsm.dll
[2012/02/03 16:48:21 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEBsmr.dll
[2011/09/30 18:53:14 | 000,000,022 | RHS- | C] () -- C:\ProgramData\ExpPDFSAMSystem.kje
[2011/09/21 16:27:46 | 000,010,758 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2011/05/07 21:46:35 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/08/14 15:03:50 | 000,000,990 | -HS- | C] () -- C:\Users\user\AppData\Roaming\systemfl.$dk
[2010/07/16 22:33:06 | 000,000,000 | ---- | C] () -- C:\Users\user\jagex__preferences3.dat
[2010/07/16 22:33:05 | 000,000,099 | ---- | C] () -- C:\Users\user\jagex_runescape_preferences2.dat
[2010/07/16 22:32:58 | 000,000,046 | ---- | C] () -- C:\Users\user\jagex_runescape_preferences.dat
[2010/02/12 18:00:52 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/03/31 21:03:50 | 000,000,162 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/03/25 17:57:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/03/24 17:53:18 | 000,000,632 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2009/01/22 20:00:34 | 000,107,008 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/07 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\8CEFB4323FDEFC030B001678C90BE9E4
[2013/11/27 16:21:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Advanced Chemistry Development
[2013/12/17 20:52:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2013/11/02 16:51:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVAST Software
[2009/07/06 13:39:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVCWare Studio
[2013/09/13 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit Software
[2014/01/09 01:56:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Free PDF Solutions
[2011/02/19 23:35:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GrabPro
[2013/10/14 18:11:37 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\hsehaavc
[2013/08/29 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView
[2009/02/14 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\muvee Technologies
[2011/02/19 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Orbit
[2011/09/21 16:27:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2009/02/07 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2011/02/19 23:35:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ProgSense
[2009/02/02 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Publish Providers
[2011/10/20 01:04:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Softland
[2009/07/07 15:39:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2009/03/14 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2009/03/31 21:03:51 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2014/01/07 22:10:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2009/02/07 14:33:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent
[2009/02/13 16:43:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2011/02/13 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WTouch
[2009/07/07 16:04:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Xilisoft Corporation

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Users\user\Documents\What the....png:SummaryInformation

< End of report >

Edited by Serine, 15 January 2014 - 02:38 PM.

  • 0

#14
Biscuithd
Posted 15 January 2014 - 02:43 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Let's see if FSS doesn't shed some light on this issue.

Please download Farbar Service Scanner to the desktop.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#15
Serine
Posted 15 January 2014 - 04:06 PM

Serine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Farbar Service Scanner Version: 08-01-2014
Ran by user (administrator) on 15-01-2014 at 17:04:52
Running from "C:\Users\user\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-15 23:47] - [2011-04-21 08:16] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-13 16:43] - [2010-06-16 10:55] - 0902032 ____A (Microsoft Corporation) 6216A954ED7045B62880A92D6C9B9FC7

C:\Windows\system32\dnsrslvr.dll
[2011-04-15 17:18] - [2011-03-02 09:49] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2010-08-13 16:43] - [2010-06-16 10:09] - 0328704 ____A (Microsoft Corporation) D3E6D78285529962349A7F1617035938

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-20 21:23] - [2008-01-20 21:23] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-20 21:23] - [2008-01-20 21:23] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-20 21:25] - [2008-01-20 21:25] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-01-17 13:40] - [2008-04-18 00:48] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-20 21:24] - [2008-01-20 21:24] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-04-13 19:10] - [2010-02-18 09:11] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-04-14 17:33] - [2009-03-02 23:39] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP