thank you
USB files and folders renamed to weired symbols/characters
Started by
mido
, Feb 10 2013 12:16 AM
#1
Posted 10 February 2013 - 12:16 AM
thank you
#2
Posted 10 February 2013 - 11:41 AM
Hello mido and
My name is Tom and I am going to be helping you with your malware removal. Please note that I am currently training for my malware removal degree here at Geeks2Go and my instructors have to review my posts prior to me posting them. I will do my best to post at least once per day though.
Before we continue, I would like you to read the following text:
OTL
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
Disk Error Checking (chkdsk)
The exact time this will take depends on the size and the state of the flash drive but it will be quite a long time. When it finishes, please post the log which can be found by following the instructions in this tutorial: http://www.sevenforu...viewer-log.html
Things I would like from you in your next post:
Tom
My name is Tom and I am going to be helping you with your malware removal. Please note that I am currently training for my malware removal degree here at Geeks2Go and my instructors have to review my posts prior to me posting them. I will do my best to post at least once per day though.
Before we continue, I would like you to read the following text:
- Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
- Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
- Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
- If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
- Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
- Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
- Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
- If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
- Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed
OTL
- Download OTL to your Desktop
- Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.
Disk Error Checking (chkdsk)
- Click on the Start button and then click Computer.
- Right-click on the hard disk or flash drive that you want to check and click Properties.
- Select the Tools tab and under the Error-checking header, click Check Now .
You may be prompted for an administrator password. If so, please enter it.
- Tick both boxes:
- Automatically fix file system errors.
- Scan for and attempt recovery of bad sectors.
- Click Start.
The exact time this will take depends on the size and the state of the flash drive but it will be quite a long time. When it finishes, please post the log which can be found by following the instructions in this tutorial: http://www.sevenforu...viewer-log.html
Things I would like from you in your next post:
- Both OTL logs
- chkdsk log
Tom
#3
Posted 11 February 2013 - 10:09 AM
Hi tom i only got the OTL.txt and Extras.txt the Check disk log wouldn't appear i tried it twice nothing to be found in the log so i dont know why is that. but now i opened my USB and i found 2 folders FOUND.000 and FOUND.001 the FOUND.000 is visible and FOUND.001 appears to be hidden i opened FOUND.000 and it contains alot of files like this FILE0000.CHK i know these are recovered files but how can i open them or retrieve them.
========================
OTL.txt log below
========================
OTL logfile created on: 2/11/2013 11:26:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home-comp\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.32% Memory free
3.85 Gb Paging File | 2.76 Gb Available in Paging File | 71.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.90 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 36.69 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 13.78 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 24.13 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive G: | 58.59 Gb Total Space | 16.28 Gb Free Space | 27.78% Space Free | Partition Type: NTFS
Drive H: | 122.30 Gb Total Space | 80.63 Gb Free Space | 65.93% Space Free | Partition Type: NTFS
Drive L: | 29.90 Gb Total Space | 2.72 Gb Free Space | 9.08% Space Free | Partition Type: FAT32
Computer Name: HOME | User Name: Home-comp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/11 23:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home-comp\My Documents\Downloads\OTL.exe
PRC - [2013/02/08 19:02:14 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/30 10:47:34 | 000,202,448 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
PRC - [2013/01/30 10:47:34 | 000,190,672 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit.exe
PRC - [2013/01/30 10:47:34 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
PRC - [2013/01/15 09:59:28 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
PRC - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/12/31 08:40:06 | 001,169,920 | ---- | M] (Aestan Software) -- C:\wamp\wampmanager.exe
PRC - [2010/05/13 14:53:30 | 000,047,104 | ---- | M] (Inside Core) -- C:\Documents and Settings\Home-comp\My Documents\Downloads\AutoRunExterminator-1.8\AutoRunExterminator.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/10 12:37:56 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/02/08 19:02:13 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/30 10:47:36 | 008,024,784 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
MOD - [2013/01/30 10:47:36 | 002,254,544 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
MOD - [2013/01/30 10:47:36 | 001,299,664 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
MOD - [2013/01/30 10:47:36 | 000,976,080 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
MOD - [2012/08/30 22:36:49 | 000,815,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\46687aa6ebbca040975ebb0d0e0a49ab\System.Runtime.Remoting.ni.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:39:26 | 001,310,136 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/04/23 21:29:51 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\68248106926c904d908c2887c5d8f76d\System.Configuration.ni.dll
MOD - [2012/04/23 21:29:45 | 001,724,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\84593a6a5c786e4782c4e076786818e5\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/23 19:43:00 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\2aec374d577cb3479cf840d33627be2a\System.Xml.ni.dll
MOD - [2012/04/23 19:42:52 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\31a218bdcfc0b14eaff15127ed384ec8\System.Windows.Forms.ni.dll
MOD - [2012/04/23 19:42:35 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\bf944e0cff3d7c40b6f25eef1790e235\System.Drawing.ni.dll
MOD - [2012/04/23 19:42:31 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\fcf395dbaf427f4fa1f93a50c43255a1\System.ni.dll
MOD - [2012/04/23 19:42:17 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\332a5496071bf046933e7120285a660f\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/19 12:26:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
========== Services (SafeList) ==========
SRV - [2013/02/10 12:37:58 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/08 19:02:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/30 10:47:34 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/01/15 09:59:28 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () [On_Demand | Running] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2012/01/01 14:34:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/06/18 01:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/03 15:20:00 | 000,036,112 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2012/08/13 18:24:16 | 000,584,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/07/25 14:53:48 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2007/07/12 11:49:16 | 000,096,384 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001/08/17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws...2C&tbp=homepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B65e41d20-f092-41b7-bb83-c6e8a9ab0f57%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://blekko.com/ws...44FC4F0832C&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Documents and Settings\Home-comp\Application Data\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Documents and Settings\Home-comp\Application Data\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Documents and Settings\Home-comp\Application Data\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll (IGG)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:30:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:29:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/08 19:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/11/01 00:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/12/30 00:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Extensions
[2012/12/21 17:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions
[2012/05/29 23:51:52 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2012/12/13 23:16:08 | 002,151,598 | ---- | M] () (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\[email protected]
[2012/12/21 17:25:49 | 000,046,820 | ---- | M] () (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi
[2012/09/06 09:19:47 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/02/08 19:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/08 19:02:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/01 00:12:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/02/08 19:02:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/31 22:31:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/29 23:51:51 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/10/13 12:01:42 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Poppit = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
O1 HOSTS File: ([2012/02/08 22:11:08 | 000,000,815 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AutoRunExterminator] C:\Documents and Settings\Home-comp\My Documents\Downloads\AutoRunExterminator-1.8\AutoRunExterminator.exe (Inside Core)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DADA0107-3E2D-4EC8-825C-D2A6D17FF210}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DADA0107-3E2D-4EC8-825C-D2A6D17FF210}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/29 22:46:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/03 20:45:10 | 000,538,112 | ---- | M] () - G:\autorun help.doc -- [ NTFS ]
O32 - AutoRun File - [2009/01/22 23:00:38 | 000,000,120 | ---- | M] () - G:\autorun things.txt -- [ NTFS ]
O32 - AutoRun File - [2008/10/30 13:16:30 | 000,000,000 | ---D | M] - G:\autoshutdawen -- [ NTFS ]
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell - "" = AutoRun
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\explore\command - "" = \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\Open\command - "" = \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/11 00:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\DIY DataRecovery CHK-Mate
[2013/02/11 00:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DIY DataRecovery CHK-Mate
[2013/02/10 14:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/02/10 14:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/02/10 14:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/02/10 14:29:07 | 000,584,536 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/02/10 14:29:07 | 000,074,072 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/02/10 12:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo
[2013/02/10 12:37:52 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/10 00:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Image Recovery
[2013/02/10 00:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PC Solutions
[2013/02/10 00:21:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home-comp\My Documents\My Videos
[2013/02/10 00:21:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home-comp\Start Menu\Programs\Administrative Tools
[2013/02/09 23:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\PowerDataRecovery
[2013/02/08 19:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/04 23:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/02/04 23:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2013/01/24 18:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home-comp\Desktop\SWD
[2013/01/14 15:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\MP4 Media Player
[2013/01/14 15:14:51 | 008,215,188 | ---- | C] (vsevensoft.com ) -- C:\Documents and Settings\Home-comp\Desktop\MP4MediaPlayerSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/11 23:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/11 23:22:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 22:14:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/11 22:12:13 | 000,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/02/11 22:12:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 22:12:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/11 20:55:03 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2013/02/11 19:00:26 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2013/02/11 00:13:07 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Home-comp\Application Data\Microsoft\Internet Explorer\Quick Launch\CHK-Mate.lnk
[2013/02/11 00:13:07 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CHK-Mate.lnk
[2013/02/10 14:32:59 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\Safe Money.lnk
[2013/02/10 14:31:16 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/02/10 12:48:37 | 000,001,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiError.lnk
[2013/02/10 12:48:36 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/02/10 12:48:36 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/02/10 12:46:53 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/02/10 12:37:57 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/10 12:37:57 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/10 12:37:52 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/10 00:23:50 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\Click To Find and Fix PC Errors.lnk
[2013/02/10 00:23:50 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\Smart Image Recovery.lnk
[2013/02/07 19:02:11 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Home-comp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/04 23:51:45 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\HijackThis.lnk
[2013/02/04 13:39:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/02 12:31:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/01 23:39:24 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\MEDOXIS.lnk
[2013/01/31 01:05:25 | 000,194,309 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\andyyong_wkk3mqa8.sql
[2013/01/29 23:59:07 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\php.ini
[2013/01/29 18:19:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/26 15:17:48 | 000,780,616 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\pick-a-geek.rar
[2013/01/22 19:11:40 | 002,359,326 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.png
[2013/01/22 19:11:22 | 001,196,894 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.jpg
[2013/01/17 23:58:44 | 000,008,496 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\fbs.jpg
[2013/01/16 22:11:02 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Home-comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/15 22:56:05 | 000,194,967 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\b3.jpg
[2013/01/15 22:56:05 | 000,176,504 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\b2.jpg
[2013/01/14 15:19:13 | 008,215,188 | ---- | M] (vsevensoft.com ) -- C:\Documents and Settings\Home-comp\Desktop\MP4MediaPlayerSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/02/11 00:13:07 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Home-comp\Application Data\Microsoft\Internet Explorer\Quick Launch\CHK-Mate.lnk
[2013/02/11 00:13:07 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CHK-Mate.lnk
[2013/02/10 14:32:59 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\Safe Money.lnk
[2013/02/10 14:31:35 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/02/10 12:48:36 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiError.lnk
[2013/02/10 12:48:36 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/02/10 12:48:36 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/02/10 00:23:50 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\Click To Find and Fix PC Errors.lnk
[2013/02/10 00:23:50 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\Smart Image Recovery.lnk
[2013/02/04 23:51:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\HijackThis.lnk
[2013/01/31 01:04:32 | 000,194,309 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\andyyong_wkk3mqa8.sql
[2013/01/29 23:50:45 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\php.ini
[2013/01/26 15:17:48 | 000,780,616 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\pick-a-geek.rar
[2013/01/22 19:11:38 | 002,359,326 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.png
[2013/01/22 19:11:22 | 001,196,894 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.jpg
[2013/01/17 23:58:37 | 000,008,496 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\fbs.jpg
[2013/01/15 22:54:42 | 000,176,504 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\b2.jpg
[2013/01/15 22:54:37 | 000,194,967 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\b3.jpg
[2012/11/03 00:59:30 | 000,783,869 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1275210071-839522115-1003-0.dat
[2012/10/02 00:56:36 | 000,350,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/30 22:35:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/07/22 10:36:36 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/04/23 20:55:41 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/02/15 21:59:54 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Home-comp\Local Settings\Application Data\PUTTY.RND
[2012/01/07 00:32:00 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Home-comp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 06:37:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/30 06:36:13 | 001,565,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 23:11:27 | 000,000,544 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2011/12/29 23:03:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/12/29 22:55:22 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/12/29 22:55:22 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/12/29 22:55:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/12/29 22:55:22 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/12/29 22:55:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/12/29 22:55:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/12/29 22:55:22 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/29 22:55:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/12/29 22:55:21 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/12/29 22:55:21 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/12/29 22:55:21 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/29 22:49:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 22:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012/04/23 19:41:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
========================
Extras.txt log below
========================
OTL Extras logfile created on: 2/11/2013 11:26:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home-comp\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.32% Memory free
3.85 Gb Paging File | 2.76 Gb Available in Paging File | 71.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.90 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 36.69 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 13.78 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 24.13 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive G: | 58.59 Gb Total Space | 16.28 Gb Free Space | 27.78% Space Free | Partition Type: NTFS
Drive H: | 122.30 Gb Total Space | 80.63 Gb Free Space | 65.93% Space Free | Partition Type: NTFS
Drive L: | 29.90 Gb Total Space | 2.72 Gb Free Space | 9.08% Space Free | Partition Type: FAT32
Computer Name: HOME | User Name: Home-comp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"G:\test\coolpool\3D Ultra Cool Pool [FULL][NO-CD]\3DUCP\coolpool.exe" = G:\test\coolpool\3D Ultra Cool Pool [FULL][NO-CD]\3DUCP\coolpool.exe:*:Enabled:Cool Pool.
"C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Documents and Settings\Home-comp\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Home-comp\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Comodo\tvnserver.exe" = C:\Program Files\Common Files\Comodo\tvnserver.exe:*:Enabled:TVN Server
"C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe" = C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP -- (Comodo Security Solutions, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D84E9A-CFB6-4176-B4F6-E88079E2E5D0}" = GeekBuddy
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64B7E533-21EC-4DB3-95DE-6D2DDE81F855}" = Adobe Soundbooth CS3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8215DC5E-FDF8-4C8D-A2AC-1A0B1D6F3D3D}" = D-Link DGE-530T
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99312C08-19A1-4B20-9F1D-3BCEED582278}" = Adobe Soundbooth CS3 Codecs
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C0C9BA4D-F47D-EF63-ED51-C5B8D8FF5C74}" = iBBDemo2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D9200BC0-2529-4CDC-936D-8A1BF740895E}" = Medoxis
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_8bb24e071e5922899698c2105557bd2" = Add or Remove Adobe Creative Suite 3 Master Collection
"amg-texttwist2" = TextTwist 2
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AviSynth" = AviSynth 2.5
"blekkotb_031" = blekko search bar
"DIY DataRecovery CHK-Mate" = DIY DataRecovery CHK-Mate 1.0
"FileZilla Client" = FileZilla Client 3.6.0.1
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"iBBDemo2" = iBBDemo2
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.4.11 (remove only)
"InstallShield_{8215DC5E-FDF8-4C8D-A2AC-1A0B1D6F3D3D}" = D-Link DGE-530T
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.61.1250" = Opera 11.61
"PROPLUS" = Microsoft Office Professional Plus 2007
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Smart Image Recovery_is1" = Smart Image Recovery v2.4
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 0.9.4
"Vtune_is1" = Vtune 5.1
"WampServer 2_is1" = WampServer 2.2
"Web Games Player Plugin" = Web Games Player Plugin
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.11 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chikka Messenger" = Chikka Messenger
"Dropbox" = Dropbox
"IGG Web3D Player_is1" = IGG Web3D Player version 1.0.0.37
"Kalydo App GodsWar" = GodsWar
"KalydoPlayer" = Kalydo Player 4.06.04
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/28/2013 10:11:56 AM | Computer Name = HOME | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> (OS 10048)Only
one usage of each socket address (protocol/network address/port) is normally permitted.
: make_sock: could not bind to address 0.0.0.0:80 .
Error - 1/28/2013 10:11:56 AM | Computer Name = HOME | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> no listening
sockets available, shutting down .
Error - 1/28/2013 10:11:56 AM | Computer Name = HOME | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Unable
to open logs .
[ System Events ]
Error - 2/9/2013 12:45:21 PM | Computer Name = HOME | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.
Error - 2/9/2013 12:45:21 PM | Computer Name = HOME | Source = atapi | ID = 262149
Description = A parity error was detected on \Device\Ide\IdePort3.
Error - 2/9/2013 12:45:21 PM | Computer Name = HOME | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.
Error - 2/9/2013 12:45:22 PM | Computer Name = HOME | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.
Error - 2/9/2013 10:34:17 PM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001109DD9768 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 2/10/2013 2:26:54 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/10/2013 2:27:36 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/10/2013 10:23:17 AM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001109DD9768 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 2/10/2013 11:47:36 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 2/10/2013 10:37:30 PM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001109DD9768 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
< End of report >
Thank you for the help
========================
OTL.txt log below
========================
OTL logfile created on: 2/11/2013 11:26:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home-comp\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.32% Memory free
3.85 Gb Paging File | 2.76 Gb Available in Paging File | 71.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.90 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 36.69 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 13.78 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 24.13 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive G: | 58.59 Gb Total Space | 16.28 Gb Free Space | 27.78% Space Free | Partition Type: NTFS
Drive H: | 122.30 Gb Total Space | 80.63 Gb Free Space | 65.93% Space Free | Partition Type: NTFS
Drive L: | 29.90 Gb Total Space | 2.72 Gb Free Space | 9.08% Space Free | Partition Type: FAT32
Computer Name: HOME | User Name: Home-comp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/02/11 23:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home-comp\My Documents\Downloads\OTL.exe
PRC - [2013/02/08 19:02:14 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/30 10:47:34 | 000,202,448 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit_manager.exe
PRC - [2013/01/30 10:47:34 | 000,190,672 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit.exe
PRC - [2013/01/30 10:47:34 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
PRC - [2013/01/15 09:59:28 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
PRC - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe
PRC - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/12/31 08:40:06 | 001,169,920 | ---- | M] (Aestan Software) -- C:\wamp\wampmanager.exe
PRC - [2010/05/13 14:53:30 | 000,047,104 | ---- | M] (Inside Core) -- C:\Documents and Settings\Home-comp\My Documents\Downloads\AutoRunExterminator-1.8\AutoRunExterminator.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/10 12:37:56 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/02/08 19:02:13 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/30 10:47:36 | 008,024,784 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtGui4.dll
MOD - [2013/01/30 10:47:36 | 002,254,544 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtCore4.dll
MOD - [2013/01/30 10:47:36 | 001,299,664 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtScript4.dll
MOD - [2013/01/30 10:47:36 | 000,976,080 | ---- | M] () -- C:\Program Files\COMODO\GeekBuddy\QtNetwork4.dll
MOD - [2012/08/30 22:36:49 | 000,815,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\46687aa6ebbca040975ebb0d0e0a49ab\System.Runtime.Remoting.ni.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:39:26 | 001,310,136 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012/04/23 21:29:51 | 000,962,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\68248106926c904d908c2887c5d8f76d\System.Configuration.ni.dll
MOD - [2012/04/23 21:29:45 | 001,724,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\84593a6a5c786e4782c4e076786818e5\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/23 19:43:00 | 005,640,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\2aec374d577cb3479cf840d33627be2a\System.Xml.ni.dll
MOD - [2012/04/23 19:42:52 | 013,107,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\31a218bdcfc0b14eaff15127ed384ec8\System.Windows.Forms.ni.dll
MOD - [2012/04/23 19:42:35 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\bf944e0cff3d7c40b6f25eef1790e235\System.Drawing.ni.dll
MOD - [2012/04/23 19:42:31 | 008,093,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\fcf395dbaf427f4fa1f93a50c43255a1\System.ni.dll
MOD - [2012/04/23 19:42:17 | 011,415,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\332a5496071bf046933e7120285a660f\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/19 12:26:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
========== Services (SafeList) ==========
SRV - [2013/02/10 12:37:58 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/08 19:02:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/30 10:47:34 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/01/15 09:59:28 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () [On_Demand | Running] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2012/01/01 14:34:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/06/18 01:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/01/28 13:22:50 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/09/03 15:20:00 | 000,036,112 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2012/08/13 18:24:16 | 000,584,536 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/08/13 16:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2012/07/25 14:53:48 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/06/27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 11:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/05/25 19:38:48 | 000,023,896 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2007/07/12 11:49:16 | 000,096,384 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001/08/17 21:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws...2C&tbp=homepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B65e41d20-f092-41b7-bb83-c6e8a9ab0f57%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://blekko.com/ws...44FC4F0832C&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Documents and Settings\Home-comp\Application Data\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@g2.com/iggweb3dupdater: C:\Documents and Settings\Home-comp\Application Data\IGG\Web3D\1.0.0.37\NPIGGWeb3DUpdater.dll (IGG)
FF - HKCU\Software\MozillaPlugins\@g2.com/joyconnectshell: C:\Documents and Settings\Home-comp\Application Data\IGG\Web3D\1.0.0.37\NPJoyConnectShell.dll (IGG)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:30:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:30:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:29:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/02/10 14:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/08 19:02:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/11/01 00:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/12/30 00:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Extensions
[2012/12/21 17:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions
[2012/05/29 23:51:52 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2012/12/13 23:16:08 | 002,151,598 | ---- | M] () (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\[email protected]
[2012/12/21 17:25:49 | 000,046,820 | ---- | M] () (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}.xpi
[2012/09/06 09:19:47 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Home-comp\Application Data\Mozilla\Firefox\Profiles\xyzb3g9m.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/02/08 19:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/08 19:02:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/01 00:12:09 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/02/08 19:02:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/31 22:31:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/29 23:51:51 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
[2012/10/13 12:01:42 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Blekko (Enabled)
CHR - default_search_provider: search_url = http://blekko.com/ws...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Entanglement = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Safe Money = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Poppit = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Gmail = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Documents and Settings\Home-comp\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
O1 HOSTS File: ([2012/02/08 22:11:08 | 000,000,815 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AutoRunExterminator] C:\Documents and Settings\Home-comp\My Documents\Downloads\AutoRunExterminator-1.8\AutoRunExterminator.exe (Inside Core)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DADA0107-3E2D-4EC8-825C-D2A6D17FF210}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DADA0107-3E2D-4EC8-825C-D2A6D17FF210}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/29 22:46:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/02/03 20:45:10 | 000,538,112 | ---- | M] () - G:\autorun help.doc -- [ NTFS ]
O32 - AutoRun File - [2009/01/22 23:00:38 | 000,000,120 | ---- | M] () - G:\autorun things.txt -- [ NTFS ]
O32 - AutoRun File - [2008/10/30 13:16:30 | 000,000,000 | ---D | M] - G:\autoshutdawen -- [ NTFS ]
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell - "" = AutoRun
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\explore\command - "" = \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe
O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\Open\command - "" = \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/11 00:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\DIY DataRecovery CHK-Mate
[2013/02/11 00:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DIY DataRecovery CHK-Mate
[2013/02/10 14:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/02/10 14:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2013/02/10 14:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2013/02/10 14:29:07 | 000,584,536 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2013/02/10 14:29:07 | 000,074,072 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013/02/10 12:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo
[2013/02/10 12:37:52 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/10 00:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Smart Image Recovery
[2013/02/10 00:23:49 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PC Solutions
[2013/02/10 00:21:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home-comp\My Documents\My Videos
[2013/02/10 00:21:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home-comp\Start Menu\Programs\Administrative Tools
[2013/02/09 23:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\PowerDataRecovery
[2013/02/08 19:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/02/04 23:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/02/04 23:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2013/01/24 18:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Home-comp\Desktop\SWD
[2013/01/14 15:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\MP4 Media Player
[2013/01/14 15:14:51 | 008,215,188 | ---- | C] (vsevensoft.com ) -- C:\Documents and Settings\Home-comp\Desktop\MP4MediaPlayerSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/02/11 23:34:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/11 23:22:00 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 22:14:02 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/02/11 22:12:13 | 000,088,723 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/02/11 22:12:10 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 22:12:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/11 20:55:03 | 000,000,462 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2013/02/11 19:00:26 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2013/02/11 00:13:07 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Home-comp\Application Data\Microsoft\Internet Explorer\Quick Launch\CHK-Mate.lnk
[2013/02/11 00:13:07 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CHK-Mate.lnk
[2013/02/10 14:32:59 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\Safe Money.lnk
[2013/02/10 14:31:16 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/02/10 12:48:37 | 000,001,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiError.lnk
[2013/02/10 12:48:36 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/02/10 12:48:36 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/02/10 12:46:53 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/02/10 12:37:57 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/10 12:37:57 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/10 12:37:52 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/10 00:23:50 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\Click To Find and Fix PC Errors.lnk
[2013/02/10 00:23:50 | 000,000,995 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\Smart Image Recovery.lnk
[2013/02/07 19:02:11 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Home-comp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/04 23:51:45 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\HijackThis.lnk
[2013/02/04 13:39:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/02 12:31:25 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/02/01 23:39:24 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\MEDOXIS.lnk
[2013/01/31 01:05:25 | 000,194,309 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\andyyong_wkk3mqa8.sql
[2013/01/29 23:59:07 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\php.ini
[2013/01/29 18:19:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/26 15:17:48 | 000,780,616 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\pick-a-geek.rar
[2013/01/22 19:11:40 | 002,359,326 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.png
[2013/01/22 19:11:22 | 001,196,894 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.jpg
[2013/01/17 23:58:44 | 000,008,496 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\fbs.jpg
[2013/01/16 22:11:02 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\Home-comp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/15 22:56:05 | 000,194,967 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\b3.jpg
[2013/01/15 22:56:05 | 000,176,504 | ---- | M] () -- C:\Documents and Settings\Home-comp\Desktop\b2.jpg
[2013/01/14 15:19:13 | 008,215,188 | ---- | M] (vsevensoft.com ) -- C:\Documents and Settings\Home-comp\Desktop\MP4MediaPlayerSetup.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/02/11 00:13:07 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Home-comp\Application Data\Microsoft\Internet Explorer\Quick Launch\CHK-Mate.lnk
[2013/02/11 00:13:07 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CHK-Mate.lnk
[2013/02/10 14:32:59 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\Safe Money.lnk
[2013/02/10 14:31:35 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013/02/10 12:48:36 | 000,001,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiError.lnk
[2013/02/10 12:48:36 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GeekBuddy.lnk
[2013/02/10 12:48:36 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/02/10 00:23:50 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\Click To Find and Fix PC Errors.lnk
[2013/02/10 00:23:50 | 000,000,995 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\Smart Image Recovery.lnk
[2013/02/04 23:51:45 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\HijackThis.lnk
[2013/01/31 01:04:32 | 000,194,309 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\andyyong_wkk3mqa8.sql
[2013/01/29 23:50:45 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\php.ini
[2013/01/26 15:17:48 | 000,780,616 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\pick-a-geek.rar
[2013/01/22 19:11:38 | 002,359,326 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.png
[2013/01/22 19:11:22 | 001,196,894 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\LAYOUT.jpg
[2013/01/17 23:58:37 | 000,008,496 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\fbs.jpg
[2013/01/15 22:54:42 | 000,176,504 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\b2.jpg
[2013/01/15 22:54:37 | 000,194,967 | ---- | C] () -- C:\Documents and Settings\Home-comp\Desktop\b3.jpg
[2012/11/03 00:59:30 | 000,783,869 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1275210071-839522115-1003-0.dat
[2012/10/02 00:56:36 | 000,350,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/30 22:35:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2012/07/22 10:36:36 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/04/23 20:55:41 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe
[2012/02/15 21:59:54 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Home-comp\Local Settings\Application Data\PUTTY.RND
[2012/01/07 00:32:00 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Home-comp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/30 06:37:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/30 06:36:13 | 001,565,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 23:11:27 | 000,000,544 | ---- | C] () -- C:\WINDOWS\DFC.INI
[2011/12/29 23:03:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/12/29 22:55:22 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011/12/29 22:55:22 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011/12/29 22:55:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/12/29 22:55:22 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011/12/29 22:55:22 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011/12/29 22:55:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/12/29 22:55:22 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011/12/29 22:55:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2011/12/29 22:55:21 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011/12/29 22:55:21 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2011/12/29 22:55:21 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/29 22:49:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 22:44:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012/04/23 19:41:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 05:41:54 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
========================
Extras.txt log below
========================
OTL Extras logfile created on: 2/11/2013 11:26:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home-comp\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.32% Memory free
3.85 Gb Paging File | 2.76 Gb Available in Paging File | 71.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.90 Gb Free Space | 13.16% Space Free | Partition Type: NTFS
Drive D: | 58.59 Gb Total Space | 36.69 Gb Free Space | 62.62% Space Free | Partition Type: NTFS
Drive E: | 37.26 Gb Total Space | 13.78 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
Drive F: | 58.59 Gb Total Space | 24.13 Gb Free Space | 41.18% Space Free | Partition Type: NTFS
Drive G: | 58.59 Gb Total Space | 16.28 Gb Free Space | 27.78% Space Free | Partition Type: NTFS
Drive H: | 122.30 Gb Total Space | 80.63 Gb Free Space | 65.93% Space Free | Partition Type: NTFS
Drive L: | 29.90 Gb Total Space | 2.72 Gb Free Space | 9.08% Space Free | Partition Type: FAT32
Computer Name: HOME | User Name: Home-comp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"G:\test\coolpool\3D Ultra Cool Pool [FULL][NO-CD]\3DUCP\coolpool.exe" = G:\test\coolpool\3D Ultra Cool Pool [FULL][NO-CD]\3DUCP\coolpool.exe:*:Enabled:Cool Pool.
"C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Documents and Settings\Home-comp\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Home-comp\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Comodo\tvnserver.exe" = C:\Program Files\Common Files\Comodo\tvnserver.exe:*:Enabled:TVN Server
"C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe" = C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP -- (Comodo Security Solutions, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D84E9A-CFB6-4176-B4F6-E88079E2E5D0}" = GeekBuddy
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64B7E533-21EC-4DB3-95DE-6D2DDE81F855}" = Adobe Soundbooth CS3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}" = Adobe Creative Suite 3 Master Collection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8215DC5E-FDF8-4C8D-A2AC-1A0B1D6F3D3D}" = D-Link DGE-530T
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99312C08-19A1-4B20-9F1D-3BCEED582278}" = Adobe Soundbooth CS3 Codecs
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}" = Adobe Setup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C0C9BA4D-F47D-EF63-ED51-C5B8D8FF5C74}" = iBBDemo2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D9200BC0-2529-4CDC-936D-8A1BF740895E}" = Medoxis
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_8bb24e071e5922899698c2105557bd2" = Add or Remove Adobe Creative Suite 3 Master Collection
"amg-texttwist2" = TextTwist 2
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AviSynth" = AviSynth 2.5
"blekkotb_031" = blekko search bar
"DIY DataRecovery CHK-Mate" = DIY DataRecovery CHK-Mate 1.0
"FileZilla Client" = FileZilla Client 3.6.0.1
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"iBBDemo2" = iBBDemo2
"ie8" = Windows Internet Explorer 8
"IETester" = IETester v0.4.11 (remove only)
"InstallShield_{8215DC5E-FDF8-4C8D-A2AC-1A0B1D6F3D3D}" = D-Link DGE-530T
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 18.0.2 (x86 en-US)" = Mozilla Firefox 18.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.61.1250" = Opera 11.61
"PROPLUS" = Microsoft Office Professional Plus 2007
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Smart Image Recovery_is1" = Smart Image Recovery v2.4
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 0.9.4
"Vtune_is1" = Vtune 5.1
"WampServer 2_is1" = WampServer 2.2
"Web Games Player Plugin" = Web Games Player Plugin
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.11 (32-bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chikka Messenger" = Chikka Messenger
"Dropbox" = Dropbox
"IGG Web3D Player_is1" = IGG Web3D Player version 1.0.0.37
"Kalydo App GodsWar" = GodsWar
"KalydoPlayer" = Kalydo Player 4.06.04
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/28/2013 10:11:56 AM | Computer Name = HOME | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> (OS 10048)Only
one usage of each socket address (protocol/network address/port) is normally permitted.
: make_sock: could not bind to address 0.0.0.0:80 .
Error - 1/28/2013 10:11:56 AM | Computer Name = HOME | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> no listening
sockets available, shutting down .
Error - 1/28/2013 10:11:56 AM | Computer Name = HOME | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Unable
to open logs .
[ System Events ]
Error - 2/9/2013 12:45:21 PM | Computer Name = HOME | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.
Error - 2/9/2013 12:45:21 PM | Computer Name = HOME | Source = atapi | ID = 262149
Description = A parity error was detected on \Device\Ide\IdePort3.
Error - 2/9/2013 12:45:21 PM | Computer Name = HOME | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.
Error - 2/9/2013 12:45:22 PM | Computer Name = HOME | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.
Error - 2/9/2013 10:34:17 PM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001109DD9768 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 2/10/2013 2:26:54 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/10/2013 2:27:36 AM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 2/10/2013 10:23:17 AM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001109DD9768 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 2/10/2013 11:47:36 AM | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 2/10/2013 10:37:30 PM | Computer Name = HOME | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 001109DD9768 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
< End of report >
Thank you for the help
#4
Posted 12 February 2013 - 07:29 PM
Hi mido,
Thanks for the logs. Don't worry about the chkdsk log then; if any problems kick up then we'll have a hunt for it.
Regarding those .chk files, they are most likely just bad sectors of your hard disk and nothing recoverable will be inside, at most it will be a fragment of a file. Have you lost any files? I can have a look at the raw binary of the file for you and try to identify what the file is should you have any files missing but again, it is unlikely.
OTL Fix
Run OTL.
I see you have an outdated version of Java installed. Not only is the outdated version a risk in itself as it is susceptible to exploitation, but Java as a whole is very unsecure at the moment and governments are recommending it's removal until it is more secure. You can read more here: http://www.zdnet.com...fix-7000009785/
Uninstall Software
Tom
Thanks for the logs. Don't worry about the chkdsk log then; if any problems kick up then we'll have a hunt for it.
Regarding those .chk files, they are most likely just bad sectors of your hard disk and nothing recoverable will be inside, at most it will be a fragment of a file. Have you lost any files? I can have a look at the raw binary of the file for you and try to identify what the file is should you have any files missing but again, it is unlikely.
OTL Fix
Run OTL.
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\explore\command - "" = \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe O33 - MountPoints2\{35f06e6e-b884-11e1-8472-001109dd9768}\Shell\Open\command - "" = \RECYCLER\S-8-3-10-6351878267-7365748647-386817676-8876\TQXNCYCc.exe :Commands [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I see you have an outdated version of Java installed. Not only is the outdated version a risk in itself as it is susceptible to exploitation, but Java as a whole is very unsecure at the moment and governments are recommending it's removal until it is more secure. You can read more here: http://www.zdnet.com...fix-7000009785/
Uninstall Software
- Click on the Start button and select Control Panel
- Click on Programs then click on Uninstall a program
- You will now see a list of your installed software, double click on the following one by one to uninstall them:
- Java™ 6 Update 31
- Once you have done this, reboot your computer
Tom
#5
Posted 12 February 2013 - 09:47 PM
Hi Tom
Actually all the files on my flash drive are gone i have 11Gigs worth of files and right now they are all in a .chk is there anyway i can retrieve them?some files are really important.
Thank you.
Actually all the files on my flash drive are gone i have 11Gigs worth of files and right now they are all in a .chk is there anyway i can retrieve them?some files are really important.
Thank you.
#6
Posted 18 February 2013 - 01:57 PM
Hi mido,
I'm so, so sorry for the delay. I glanced at your reply in a lecture and completely forgot to reply when I got back home.
Are you still having problems with your missing data?
Tom
I'm so, so sorry for the delay. I glanced at your reply in a lecture and completely forgot to reply when I got back home.
Are you still having problems with your missing data?
Tom
#7
Posted 18 February 2013 - 09:54 PM
Yes i'm still having the .chk problem in my flash drive. when i open it there is one folder named FOUND.000 then when that folder is open there are a lot of files named like this:
FILE0000.CHK
FILE0001.CHK
FILE0002.CHK
I read in forums if you know the file extensions and you rename them they will open the problem is nothing indicates what these files are. so if you have a solution it will be great my last resort will be to format and lose all the files. according to the forums i read its hard to get back .chk files.
Thank you
FILE0000.CHK
FILE0001.CHK
FILE0002.CHK
I read in forums if you know the file extensions and you rename them they will open the problem is nothing indicates what these files are. so if you have a solution it will be great my last resort will be to format and lose all the files. according to the forums i read its hard to get back .chk files.
Thank you
#8
Posted 19 February 2013 - 09:09 AM
Hi mido,
As there are only 3 .chk files yet you have 11GB of files missing, I'm not confident that we will recover them but it's worth a shot!
Download and install HxD:
http://mh-nexus.de/en/hxd/
Click File > Open and navigate to one of the .chk files then open it. It will appear as many pairs of characters on your screen, this is the raw binary of the file. Can you take a screenshot of this view and attach it to your next post please? Repeat this for the other .chk files.
Tom
As there are only 3 .chk files yet you have 11GB of files missing, I'm not confident that we will recover them but it's worth a shot!
Download and install HxD:
http://mh-nexus.de/en/hxd/
Click File > Open and navigate to one of the .chk files then open it. It will appear as many pairs of characters on your screen, this is the raw binary of the file. Can you take a screenshot of this view and attach it to your next post please? Repeat this for the other .chk files.
Tom
#9
Posted 24 February 2013 - 09:16 AM
Hi Tom,
sorry for late reply i have been sick i followed your instructions and here are the screenshots but the files are too long to get it on a screenshot would you like me to zip some of the results for you and attach instead?
http://screencast.com/t/9zd82dgbsCDI
http://screencast.com/t/1pKew9w2gXy
http://screencast.com/t/WdWHjJaLxGwe
and about the 3 files i just used and example i got exactly 10000 .chk files under the found.000 folder
Thank You
Mido
sorry for late reply i have been sick i followed your instructions and here are the screenshots but the files are too long to get it on a screenshot would you like me to zip some of the results for you and attach instead?
http://screencast.com/t/9zd82dgbsCDI
http://screencast.com/t/1pKew9w2gXy
http://screencast.com/t/WdWHjJaLxGwe
and about the 3 files i just used and example i got exactly 10000 .chk files under the found.000 folder
Thank You
Mido
Edited by rshaffer61, 24 February 2013 - 09:41 AM.
Removed screenshot with user information
#10
Posted 25 February 2013 - 08:48 AM
Hi Mido,
Thanks for letting me know there's 10,000 files - I was about to start fixing them all manually!
One of your screenshots contained your serial key for XYPlorer so I have had that removed by a moderator before it gets stolen.
Let's have a crack at recovering these .chk files:
Chk-Back
Please download Chk-Back from the link below and save it to your Desktop.
Tom
Thanks for letting me know there's 10,000 files - I was about to start fixing them all manually!
One of your screenshots contained your serial key for XYPlorer so I have had that removed by a moderator before it gets stolen.
Let's have a crack at recovering these .chk files:
Chk-Back
Please download Chk-Back from the link below and save it to your Desktop.
- Extract the contents of chkback.exe.zip to your Desktop.
- Double-click on Chk-Back.exe and click Install when the window appears.
- When it finishes installing, Chk-Back will open.
- Click Browse and select the folder where the .chk files are located. Usually C:\found.000
- Click Start.
- Chk-Back will now process all of your files. Depending on the number of files that need recovering, this may take a while.
- When it finishes, click Save to file to make the log.
- Navigate to the folder where the .chk files were located and there should be a new subfolder called ChkBack Results.
- Inside this folder are the files that Chk-Back has recovered, feel free to move this to another location.
- Copy (Ctrl+C) and Paste (Ctrl+V) the contents of the log in the ChkBack Results folder, named ChkBack summary.txt, into your next post please.
Tom
#11
Posted 01 March 2013 - 09:36 PM
Hi tom
I did what you said, i got the ChkBack Results folder and i got back some of my files which is FANTASTIC the "ChkBack summary" .txt file is empty when i opened it i don't know why. But thanks a lot for you quick response and great help i appreciate it a lot.
Thank you
I did what you said, i got the ChkBack Results folder and i got back some of my files which is FANTASTIC the "ChkBack summary" .txt file is empty when i opened it i don't know why. But thanks a lot for you quick response and great help i appreciate it a lot.
Thank you
#12
Posted 02 March 2013 - 06:40 PM
Hi mido,
That's great news! How much data are you still missing? If you don't know, a rough guess will do.
Tom
That's great news! How much data are you still missing? If you don't know, a rough guess will do.
Tom
#13
Posted 02 March 2013 - 09:07 PM
Hi i got 2.68G out of the 11G but i will run the software again since i didnt know that the results where saved in my flash drive rather than my HD.
thank you
thank you
#14
Posted 03 March 2013 - 02:00 PM
Hi mido,
That's great news! Let me know how you get on with the next run and we'll move from there.
Tom
That's great news! Let me know how you get on with the next run and we'll move from there.
Tom
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users