Yes, that will be in a new topic later.My wife has a laptop with the same do-search hijacker
I think you said you're going to post a new topic on that
Thanks
Lester
OTL logfile created on: 12/11/2013 10:51:14 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.50 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.48% Memory free
7.19 Gb Paging File | 5.92 Gb Available in Paging File | 82.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 458.31 Gb Total Space | 289.69 Gb Free Space | 63.21% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 0.88 Gb Free Space | 11.87% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/01 17:46:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/10/08 07:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/14 21:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/03/14 21:59:30 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/14 16:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\Receiver.exe
PRC - [2012/12/14 16:18:42 | 000,203,248 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\Receiver\ConfigurationWizard.exe
PRC - [2012/12/14 14:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 14:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/06/02 17:50:34 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/02 17:50:32 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/07/31 19:37:34 | 000,815,104 | ---- | M] (brother) -- C:\Program Files\Brownie\BrStsWnd.exe
PRC - [2007/07/23 17:45:48 | 000,090,112 | ---- | M] (brother) -- C:\Program Files\Brownie\brpjp04a.exe
PRC - [2007/01/02 20:40:10 | 000,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/12/10 20:51:08 | 000,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
PRC - [2006/11/09 05:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2006/10/10 11:44:10 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
PRC - [2006/09/28 08:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2005/11/16 20:08:40 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/11 10:06:49 | 012,934,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\88d05fa23bac349df9f9c103823a0447\System.Windows.Forms.ni.dll
MOD - [2013/12/11 10:06:40 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ce94822b4039c75c92b6d68915566137\System.Drawing.ni.dll
MOD - [2013/12/11 10:06:37 | 000,976,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\922aa0fd32a61083434cb8db6282d032\System.Configuration.ni.dll
MOD - [2013/12/11 10:06:36 | 007,721,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fd3b696a1e6977d7ea9a66e685c632f9\System.Xml.ni.dll
MOD - [2013/12/11 10:06:11 | 010,098,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f117ed1e1f999d390d4e6862a419da98\System.ni.dll
MOD - [2013/12/11 10:06:01 | 015,434,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\52ff15867be096f88222a6c6a7e9e8b3\mscorlib.ni.dll
MOD - [2013/10/09 17:38:58 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/09 17:37:27 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/09 17:37:10 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f228cc72a6647716127cd44ca416e6dc\PresentationFramework.ni.dll
MOD - [2013/10/09 17:36:54 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2482534bee5c520cdfe9c8f7df6a92f\PresentationCore.ni.dll
MOD - [2013/10/09 17:35:21 | 003,325,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c16ade1485996fa4981edc7df436a15b\WindowsBase.ni.dll
MOD - [2013/08/14 15:01:21 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/14 15:00:11 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/14 15:00:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 14:33:42 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/14 14:33:19 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/14 14:33:02 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/14 14:32:21 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 06:34:27 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\f28238b56c8b6401a428aa549b28a89a\UIAutomationTypes.ni.dll
MOD - [2013/07/11 06:27:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af7b745f6a06b800c73f1556553fe331\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 06:26:39 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/05 10:26:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/08/05 10:26:12 | 000,131,072 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/08/05 10:26:06 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/08/05 10:26:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/08/05 10:26:04 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/08/05 10:26:04 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/08/05 10:26:00 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/08/05 10:25:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/03/30 02:02:38 | 000,151,589 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\bwfiles.dll
MOD - [2007/03/30 02:02:38 | 000,098,339 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\FrExt.dll
MOD - [2007/03/30 02:02:38 | 000,061,496 | ---- | M] () -- C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\clntutil.dll
MOD - [2007/03/30 02:02:37 | 000,135,168 | ---- | M] () -- C:\Program Files\HP Connections\6811507\Program\HPClientExt.dll
MOD - [2006/12/10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\crm\xmlparse.dll
========== Services (SafeList) ==========
SRV - [2013/12/10 22:50:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/14 06:25:07 | 000,227,936 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/08 07:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/15 00:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/06/02 17:50:34 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/28 01:00:14 | 000,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 000,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 22:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/09/11 18:02:44 | 000,544,256 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service)
SRV - [2006/09/11 18:01:04 | 000,167,936 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL)
SRV - [2006/09/11 17:56:32 | 000,075,264 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM)
SRV - [2006/09/11 17:56:20 | 000,188,416 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService)
SRV - [2006/09/03 12:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/01 01:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server)
SRV - [2006/05/10 11:13:52 | 000,029,696 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/12/03 13:27:33 | 001,098,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20131203.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/11/28 19:21:44 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/11/28 01:00:00 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131211.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/11/28 01:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/28 01:00:00 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/28 01:00:00 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20131211.001\NAVENG.SYS -- (NAVENG)
DRV - [2013/11/27 19:13:02 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20131210.001\IDSvix86.sys -- (IDSVix86)
DRV - [2013/09/26 22:18:30 | 000,935,512 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\SymEFA.sys -- (SymEFA)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\Ironx86.sys -- (SymIRON)
DRV - [2013/09/26 21:26:03 | 000,651,352 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\srtsp.sys -- (SRTSP)
DRV - [2013/09/25 22:27:59 | 000,383,576 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\symtdiv.sys -- (SYMTDIv)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\ccSetx86.sys -- (ccSet_NIS)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\SymDS.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\NIS\1501000.012\srtspx.sys -- (SRTSPX)
DRV - [2013/03/15 00:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/05 15:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/06/23 09:23:46 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/06/10 14:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/01/14 23:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/13 12:14:16 | 000,004,608 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5CC4072C-F0A3-4E1C-80D9-A3B5F4CF6F55}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6E2233FB-8590-41F1-9220-190DDC478E3C}
IE - HKCU\..\SearchScopes\{5CC4072C-F0A3-4E1C-80D9-A3B5F4CF6F55}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6E2233FB-8590-41F1-9220-190DDC478E3C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-atty
IE - HKCU\..\SearchScopes\{F36AD130-6164-4FE8-A96B-D6A01D23155E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\20\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2013/12/11 19:25:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013/11/28 19:31:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Owner\AppData\Local\GreatArcadeHits\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\
[2013/12/02 15:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SmileboxTray] "C:\Users\Owner\AppData\Roaming\Smilebox\SmileboxTray.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AC688F4-433D-4F0C-A79E-7A5BD7A1A37D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\clouds_1680x1050.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\clouds_1680x1050.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/30 01:59:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/11 22:38:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/11 22:38:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/11 22:34:37 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/12/11 10:02:15 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/03 17:49:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2013/12/03 17:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/03 17:47:48 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/03 17:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/03 17:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/02 16:22:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/02 15:39:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/02 13:52:35 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2013/12/01 23:49:10 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/01 17:46:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/01 07:59:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Smilebox
[2013/12/01 07:59:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Smilebox Creations
[2013/12/01 07:59:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2013/12/01 07:58:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Smilebox
[2013/11/30 10:22:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE
[2013/11/29 01:07:31 | 003,053,496 | ---- | C] (Symantec Corporation) -- C:\Users\Owner\Desktop\NPE.exe
[2013/11/28 19:28:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/11/20 21:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
========== Files - Modified Within 30 Days ==========
[2013/12/11 22:50:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/11 22:38:50 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/11 22:34:38 | 002,331,990 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1501000.012\Cat.DB
[2013/12/11 22:17:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\pcreg.job
[2013/12/11 21:58:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/12/11 21:23:42 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 21:23:42 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/11 19:23:57 | 000,000,272 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/12/11 19:23:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/11 19:23:31 | 3756,474,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/11 19:20:34 | 000,000,004 | ---- | M] () -- C:\Windows\msoffice.ini
[2013/12/11 12:04:09 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2013/12/11 10:05:42 | 000,651,508 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/11 10:05:42 | 000,123,958 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/11 09:44:40 | 000,900,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/10 16:56:44 | 001,226,802 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/12/04 22:55:37 | 000,002,587 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Office Word 2007.lnk
[2013/12/03 17:47:49 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/02 13:52:35 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2013/12/01 17:46:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/12/01 07:58:20 | 000,001,754 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2013/11/30 10:59:45 | 000,000,987 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/30 10:54:14 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer.lnk
[2013/11/29 01:07:34 | 003,053,496 | ---- | M] (Symantec Corporation) -- C:\Users\Owner\Desktop\NPE.exe
[2013/11/28 20:16:40 | 000,000,831 | ---- | M] () -- C:\Users\Owner\Desktop\Norton Installation Files.lnk
[2013/11/28 19:28:26 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/11/28 19:24:43 | 000,020,410 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1501000.012\VT20131125.019
[2013/11/28 19:21:44 | 000,142,936 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2013/11/28 19:21:44 | 000,008,194 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2013/11/28 19:21:44 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2013/11/24 10:36:50 | 000,001,950 | ---- | M] () -- C:\Users\Owner\Desktop\Windows Photo Gallery.lnk
[2013/11/24 09:25:31 | 000,001,803 | ---- | M] () -- C:\Users\Owner\Desktop\Windows DVD Maker.lnk
[2013/11/24 08:25:47 | 000,016,384 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/19 23:54:59 | 000,000,221 | ---- | M] () -- C:\Windows\NCLogConfig.ini
[2013/11/19 23:43:57 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
========== Files Created - No Company Name ==========
[2013/12/11 19:20:31 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
[2013/12/10 16:56:43 | 001,226,802 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/12/07 10:11:18 | 3756,474,368 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/03 17:47:49 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/01 07:58:20 | 000,001,760 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smilebox.lnk
[2013/12/01 07:58:20 | 000,001,754 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Smilebox.lnk
[2013/11/24 10:36:50 | 000,001,950 | ---- | C] () -- C:\Users\Owner\Desktop\Windows Photo Gallery.lnk
[2013/11/24 09:25:31 | 000,001,803 | ---- | C] () -- C:\Users\Owner\Desktop\Windows DVD Maker.lnk
[2013/11/19 23:54:59 | 000,000,221 | ---- | C] () -- C:\Windows\NCLogConfig.ini
[2013/11/13 08:20:29 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/09/06 15:09:32 | 000,000,285 | ---- | C] () -- C:\Windows\QTW.ini
[2013/04/07 17:50:06 | 000,000,024 | ---- | C] () -- C:\Users\Owner\Morrowind.ini
[2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2012/05/21 21:41:01 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/05/21 21:41:01 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/05/21 21:40:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/05/21 21:39:21 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08a.dat
[2012/05/21 21:39:17 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2012/05/21 21:39:17 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/05/21 21:39:17 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/05/21 21:36:44 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/05/20 07:47:28 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2012/05/20 07:47:28 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2012/05/20 07:47:11 | 000,009,853 | ---- | C] () -- C:\Windows\HL-2140.INI
[2012/05/20 07:47:11 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2012/05/20 07:46:52 | 000,000,435 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/05/20 07:46:52 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2140.DAT
[2012/05/20 07:44:41 | 000,000,272 | ---- | C] () -- C:\Windows\Brownie.ini
[2010/11/02 19:21:20 | 000,016,384 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 13:10:58 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2007/03/30 01:54:17 | 000,104,016 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe
========== ZeroAccess Check ==========
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/08/23 21:56:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Artogon
[2013/08/06 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EleFun Games
[2012/11/15 23:27:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\funkitron
[2013/08/30 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Funlinker
[2013/07/18 19:16:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
[2013/07/07 17:19:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Image Zone Express
[2013/09/18 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Jigsaws Galore
[2013/07/19 19:35:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAI
[2013/07/17 10:20:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2013/09/09 16:38:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Myst V End of Ages
[2013/12/02 14:06:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oberon Media
[2011/06/24 18:42:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Pogo Games
[2012/12/25 14:55:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Printer Info Cache
[2013/05/12 16:12:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ScanSoft
[2013/12/11 06:50:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smilebox
[2012/02/23 15:09:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2013/06/08 21:43:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Visan
[2012/07/25 19:06:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2010/09/27 20:04:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2013/09/05 19:43:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wizard's Spell
========== Purity Check ==========
< End of report >