I'm wondering if someone might be able to help me get rid of the WhiteSmoke toolbar. My system periodically slows down and programs stop responding.
Any assistance would be most appreciated.
Regards,
Matthew
*********************************
OTL logfile created on: 2/18/2013 10:19:54 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marty demaeyer\Downloads\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.84 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 35.83% Memory free
5.89 Gb Paging File | 3.52 Gb Available in Paging File | 59.74% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.43 Gb Total Space | 29.72 Gb Free Space | 13.30% Space Free | Partition Type: NTFS
Drive G: | 141.68 Gb Total Space | 141.51 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 142.90 Gb Free Space | 75.24% Space Free | Partition Type: NTFS
Computer Name: MARTYDEMAEYE-PC | User Name: marty demaeyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\marty demaeyer\Downloads\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SMR311) -- C:\Windows\SysNative\drivers\SMR311.SYS (Symantec Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (NETwNv64) -- C:\Windows\SysNative\DRIVERS\NETwNv64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (appliandMP) -- C:\Windows\SysNative\DRIVERS\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (appliand) -- C:\Windows\SysNative\DRIVERS\appliand.sys (Applian Technologies Inc.)
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\DRIVERS\revoflt.sys (VS Revo Group)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\DRIVERS\risdsn64.sys (REDC)
DRV:64bit: - (ElRawDisk) -- C:\Windows\SysNative\drivers\ElRawDsk.sys (EldoS Corporation)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimssn64.sys (REDC)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\DRIVERS\SFEP.sys (Sony Corporation)
DRV:64bit: - (Amusbprt) -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys (A4Tech Co.,Ltd.)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (Amfilter) -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys ((Standard mouse types))
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130218.017\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\VirusDefs\20130218.017\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130216.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sonystyle.ca/vaio
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/webhp?rlz=1W [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {30E57DEC-7593-46F5-8882-E48C663D3D64}
IE - HKCU\..\SearchScopes\{30E57DEC-7593-46F5-8882-E48C663D3D64}: "URL" = http://www.google.co...=UTF-8&oe=UTF-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.23
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://zinkwink.com/...wbho&keywords="
FF - prefs.js..network.proxy.type: 0
FF - user.js..keyword.URL: "http://zinkwink.com/...wbho&keywords="
FF - user.js..keyword.enabled: 1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\coFFPlgn\ [2013/02/18 16:57:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\IPSFFPlgn\ [2012/09/17 16:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/14 16:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/10 19:27:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/10 19:27:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 22:59:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/10 19:27:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/10 19:27:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/09 22:59:23 | 000,000,000 | ---D | M]
[2012/12/31 17:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marty demaeyer\AppData\Roaming\Mozilla\Extensions
[2013/02/15 18:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marty demaeyer\AppData\Roaming\Mozilla\Firefox\Profiles\3ehd5zg0.default\extensions
[2012/10/29 14:47:10 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\marty demaeyer\AppData\Roaming\Mozilla\Firefox\Profiles\3ehd5zg0.default\extensions\[email protected]
[2012/12/22 13:16:30 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\marty demaeyer\AppData\Roaming\Mozilla\Firefox\Profiles\3ehd5zg0.default\extensions\[email protected]
[2013/02/15 18:12:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\marty demaeyer\AppData\Roaming\Mozilla\Firefox\Profiles\3ehd5zg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/12 09:32:54 | 000,000,931 | ---- | M] () -- C:\Users\marty demaeyer\AppData\Roaming\Mozilla\Firefox\Profiles\3ehd5zg0.default\searchplugins\conduit.xml
[2011/05/16 18:26:30 | 000,002,469 | ---- | M] () -- C:\Users\marty demaeyer\AppData\Roaming\Mozilla\Firefox\Profiles\3ehd5zg0.default\searchplugins\safesearch.xml
[2013/02/10 19:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/22 13:16:30 | 000,234,999 | ---- | M] () (No name found) -- C:\USERS\MARTY DEMAEYER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3EHD5ZG0.DEFAULT\EXTENSIONS\[email protected]
[2012/10/29 14:47:10 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\USERS\MARTY DEMAEYER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3EHD5ZG0.DEFAULT\EXTENSIONS\[email protected]
[2013/02/10 19:27:38 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/11 00:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/03/11 00:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/03/11 00:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/03/11 00:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/03/11 00:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2012/12/14 16:43:27 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/03/11 00:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/10/11 18:25:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 18:25:42 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/02/18 01:33:04 | 000,444,981 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15309 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O15 - HKCU\..Trusted Domains: consolidatedhealth.ca ([gateway] https in Trusted sites)
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} http://content.syste...64_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B85FDA08-B5CF-41C4-887D-D6D2603F683C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/02/18 21:48:39 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\marty demaeyer\Desktop\dds.com
[2013/02/18 21:00:23 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/18 20:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/02/18 20:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/02/18 20:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/02/18 20:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/18 20:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/18 20:18:45 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/18 20:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/18 16:58:11 | 000,095,392 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/02/18 12:45:55 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{3ED0CD15-243E-4B81-B2EC-3000ECD5962F}
[2013/02/18 00:45:32 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{FF1888ED-C27C-4DD0-9932-9D845F5CFCC9}
[2013/02/18 00:32:27 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\Desktop\RK_Quarantine
[2013/02/17 22:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow WinSecret 2012
[2013/02/17 22:57:21 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Roaming\TweakNow WinSecret 2012
[2013/02/17 22:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow WinSecret 2012
[2013/02/17 22:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakNow PowerPack 2012
[2013/02/17 22:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack 2012
[2013/02/17 09:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/02/15 23:45:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/15 23:40:08 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/02/15 18:04:59 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{67985F14-7FE9-4F76-BC9F-1BA5C7243939}
[2013/02/13 19:11:47 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{D2507DBD-1FF3-4DC3-B328-B4E8645B404F}
[2013/02/13 07:11:31 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{2430BD36-C98E-4E09-B5FB-601D981F7BE0}
[2013/02/12 19:11:28 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{3FCCA66D-BA2C-4839-8328-0A5EC6D60240}
[2013/02/11 19:34:41 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{3B8D76AB-D245-47B1-9C91-9923E8FDE090}
[2013/02/11 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Roaming\Applian FLV and Media Player
[2013/02/11 07:34:25 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{0B378392-F65C-4967-A4FE-DE9A1035D515}
[2013/02/10 19:34:10 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{103AF3A6-20C7-4481-8948-8A38FA4036EA}
[2013/02/10 19:27:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/29 22:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/01/29 22:15:00 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Roaming\Media Player Classic
[2013/01/29 22:08:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2013/01/29 22:02:14 | 000,000,000 | ---D | C] -- C:\Click to Disc
[2013/01/29 21:49:38 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\Desktop\phone
[2013/01/29 21:46:06 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{9451E2E5-A4D2-44C0-9F62-BD5D57FE8270}
[2013/01/28 19:06:35 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{821F628E-DFC8-4ED0-923E-4BDA85678B25}
[2013/01/28 07:06:20 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{41B80B6B-EE37-4956-A0C0-D6B8A491ED97}
[2013/01/27 22:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/01/27 22:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/01/27 22:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/01/27 20:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDjView
[2013/01/27 19:06:01 | 000,000,000 | ---D | C] -- C:\Users\marty demaeyer\AppData\Local\{6A054E10-C308-4FF1-80E1-1641DF95D0AC}
========== Files - Modified Within 30 Days ==========
[2013/02/18 21:48:42 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\marty demaeyer\Desktop\dds.com
[2013/02/18 21:00:23 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/02/18 21:00:23 | 000,000,200 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2013/02/18 20:57:37 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 20:57:37 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 20:27:41 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/02/18 16:58:26 | 001,959,848 | ---- | M] () -- C:\Users\marty demaeyer\Desktop\Info20130218162751.xml
[2013/02/18 16:58:13 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR311.dat
[2013/02/18 16:58:11 | 000,095,392 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR311.SYS
[2013/02/18 16:57:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/18 16:31:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/02/18 16:31:43 | 000,004,608 | ---- | M] () -- C:\Users\marty demaeyer\Desktop\Metadata.dat
[2013/02/18 16:31:38 | 016,307,205 | ---- | M] () -- C:\Users\marty demaeyer\Desktop\Remediate2013021816275114111000000.dat
[2013/02/18 12:37:46 | 000,080,896 | ---- | M] () -- C:\Users\marty demaeyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/18 01:33:04 | 000,444,981 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/18 00:54:29 | 000,444,981 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130218-013304.backup
[2013/02/18 00:32:07 | 000,774,144 | ---- | M] () -- C:\Users\marty demaeyer\Desktop\RogueKillerX64.exe
[2013/02/18 00:22:39 | 000,000,252 | ---- | M] () -- C:\Users\marty demaeyer\Desktop\drives.rtf
[2013/02/17 14:16:37 | 000,000,680 | ---- | M] () -- C:\Users\marty demaeyer\AppData\Local\d3d9caps.dat
[2013/02/15 20:21:55 | 000,800,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/15 20:21:55 | 000,671,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/15 20:21:55 | 000,131,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/14 22:33:08 | 000,444,981 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130218-005429.backup
[2013/02/13 19:07:45 | 005,677,517 | ---- | M] () -- C:\Users\marty demaeyer\Desktop\8509139.pdf
[2013/02/12 19:16:09 | 005,442,320 | ---- | M] () -- C:\Users\marty demaeyer\Desktop\Time Series Analysis and Its Applications with R.pdf
[2013/02/12 19:05:50 | 000,401,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 19:03:49 | 002,952,103 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/29 22:22:19 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2013/01/27 19:32:18 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
========== Files Created - No Company Name ==========
[2013/02/18 21:00:23 | 000,000,200 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2013/02/18 20:27:41 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/02/18 16:58:12 | 000,000,020 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR311.dat
[2013/02/18 16:31:38 | 000,004,608 | ---- | C] () -- C:\Users\marty demaeyer\Desktop\Metadata.dat
[2013/02/18 16:30:57 | 016,307,205 | ---- | C] () -- C:\Users\marty demaeyer\Desktop\Remediate2013021816275114111000000.dat
[2013/02/18 16:30:02 | 001,959,848 | ---- | C] () -- C:\Users\marty demaeyer\Desktop\Info20130218162751.xml
[2013/02/18 00:32:07 | 000,774,144 | ---- | C] () -- C:\Users\marty demaeyer\Desktop\RogueKillerX64.exe
[2013/02/18 00:22:38 | 000,000,252 | ---- | C] () -- C:\Users\marty demaeyer\Desktop\drives.rtf
[2013/02/13 19:07:45 | 005,677,517 | ---- | C] () -- C:\Users\marty demaeyer\Desktop\8509139.pdf
[2013/02/12 19:16:03 | 005,442,320 | ---- | C] () -- C:\Users\marty demaeyer\Desktop\Time Series Analysis and Its Applications with R.pdf
[2013/01/29 22:22:19 | 000,001,236 | ---- | C] () -- C:\Users\Public\Desktop\Applian FLV and Media Player.lnk
[2012/11/08 18:11:46 | 000,001,057 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Roaming\vso_ts_preview.xml
[2012/10/14 02:03:40 | 006,535,061 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Local\census.cache
[2012/10/14 01:55:10 | 000,177,718 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Local\ars.cache
[2012/10/13 15:36:06 | 000,000,036 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Local\housecall.guid.cache
[2012/10/10 18:54:01 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/10/10 18:54:01 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/10/10 18:54:01 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/10/10 18:53:58 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/09 17:35:26 | 000,000,046 | ---- | C] () -- C:\Windows\PCCT.INI
[2012/10/08 03:49:15 | 000,000,487 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/18 09:57:01 | 000,795,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/07/30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/07/30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/07/30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/07/30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/03/16 20:51:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/16 20:51:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/16 20:51:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/16 20:51:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/16 20:51:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/09 19:27:24 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/12/17 06:47:00 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/12/05 20:40:59 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/05 19:33:45 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/21 18:58:04 | 000,000,380 | ---- | C] () -- C:\Users\marty demaeyer\Downloads - Shortcut.lnk
[2011/11/20 16:38:27 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011/11/20 15:27:47 | 000,029,216 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Roaming\UserTile.png
[2011/10/15 03:03:56 | 000,116,863 | ---- | C] () -- C:\Windows\hpqins00.dat
[2011/10/07 15:22:05 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2011/10/06 22:22:18 | 000,000,680 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Local\FolderPath.xml
[2011/09/06 09:46:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/21 01:24:39 | 2016,029,509 | ---- | C] () -- C:\Users\marty demaeyer\Pictures.rar
[2010/06/04 18:39:44 | 000,000,680 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Local\d3d9caps.dat
[2009/06/02 16:57:39 | 000,080,896 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/26 16:47:17 | 000,000,200 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Roaming\default.rss
[2009/05/26 11:07:32 | 000,000,890 | ---- | C] () -- C:\Users\marty demaeyer\AppData\Roaming\wklnhst.dat
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/26 13:20:50 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\AnvSoft
[2013/02/14 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Applian FLV and Media Player
[2012/12/30 06:24:24 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Aura4You
[2012/10/16 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Auslogics
[2012/10/16 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\BHOK IT Consulting
[2012/01/15 02:02:34 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\BlueSprig
[2012/04/05 16:26:26 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Canneverbe Limited
[2009/06/03 07:04:46 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/27 13:30:18 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\CometPlayer
[2012/12/18 08:46:21 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\CrashLog
[2012/10/16 18:16:29 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\DAEMON Tools Lite
[2011/12/05 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Digiarty
[2011/12/17 06:46:58 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\FixCleaner
[2012/10/16 18:21:28 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\FVD Suite
[2011/10/07 20:08:53 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Garritan
[2012/10/16 18:21:28 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\ICAClient
[2012/12/18 08:43:02 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\MAGIX
[2011/10/07 20:07:16 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\MakeMusic
[2012/01/15 02:12:24 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\MetaProducts
[2010/10/31 18:54:56 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\MorarChat
[2012/12/18 08:46:21 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\OnDemandDump
[2011/11/18 17:22:20 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Plogue
[2012/01/10 18:37:00 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Product_PT
[2012/10/08 06:14:06 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Replay Media Catcher 4
[2012/11/16 01:02:55 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Samsung
[2012/11/10 11:59:12 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\SystemRequirementsLab
[2010/07/24 19:07:14 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Teleca
[2010/10/04 10:42:12 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Template
[2012/01/08 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Thinstall
[2011/10/08 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Thunderbird
[2011/01/11 18:28:39 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\Tific
[2011/10/07 03:52:51 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\TigerPlayer
[2012/01/15 03:22:11 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\TuneUp Software
[2012/11/10 12:48:58 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\TweakNow PowerPack 2011
[2013/02/17 22:56:51 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\TweakNow PowerPack 2012
[2012/12/18 09:22:44 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\TweakNow RegCleaner 2012
[2013/02/17 22:57:21 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\TweakNow WinSecret 2012
[2012/01/15 01:52:07 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\URSoft
[2013/02/17 23:25:51 | 000,000,000 | ---D | M] -- C:\Users\marty demaeyer\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:E965A533
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD
< End of report >