Shogun

Honorary Members

View Profile See their activity

Posts
30
Joined
June 28, 2013
Last visited
July 13, 2013

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Shogun

Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

hehehe, alright. Thanks a lot for all the help anyway.
- July 13, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

I just tried and it didn't work :\
- July 12, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

It did not solve the issues.
- July 12, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\_locales\en folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\_locales folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\sl folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\lib\jquery.alerts\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\lib\jquery.alerts folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\lib folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\core folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\WEATHER\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\WEATHER\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\WEATHER folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\TWITTER\resources folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\TWITTER\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\TWITTER\img folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\TWITTER folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\view\style folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\view\script folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\view folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\resources folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\Css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH\buildSettings folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\SEARCH folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\RADIO_PLAYER folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\PRICE_GONG\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\PRICE_GONG\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\PRICE_GONG folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\Optimizer\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\Optimizer folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\NOTIFICATION\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\NOTIFICATION\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\NOTIFICATION\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\NOTIFICATION folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\MULTI_RSS\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\MULTI_RSS\img folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\MULTI_RSS\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\MULTI_RSS folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\HIGHLIGHTER folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\wa folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\menu\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\menu\img folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\menu\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\menu folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\gf\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\gf\img folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\gf\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\gf folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\gadgetFrame folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\dlg\ftd\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\dlg\ftd folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui\dlg folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ui folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\sp\spsd\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\sp\spsd folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\sp\spbd\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\sp\spbd folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\sp\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\sp folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\options\js\resources folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\options\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\options\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\options\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\options folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\msd folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\api folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ac\res folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ac\img folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ac\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\ac folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\aboutBox\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\aboutBox\images folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al\aboutBox folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb\al folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\tb folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\plugins folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\NewTabPages\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\NewTabPages\img folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\NewTabPages\html folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\NewTabPages\css folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\NewTabPages\API folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\NewTabPages folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search\html folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\Search folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\plugins folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\js\toolbarAPI folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\js\tabs\back folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\js\tabs folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\js\options folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\js\lib folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\js folder moved successfully. C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B50DCC8E-967D-5B39-6447-E16D9DB46A80}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B50DCC8E-967D-5B39-6447-E16D9DB46A80}\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. E:\User\Momo\Desktop\cmd.bat deleted successfully. E:\User\Momo\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Momo ->Temp folder emptied: 7665238 bytes ->Temporary Internet Files folder emptied: 19650391 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 13447874 bytes ->Google Chrome cache emptied: 253820907 bytes ->Flash cache emptied: 1161 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 59188915 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 27065187 bytes Total Files Cleaned = 363.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07122013_010118 Files\Folders moved on Reboot... C:\Users\Momo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Momo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
- July 12, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Do you think I should just format my PC or do you believe there's a way to solve it
- July 11, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

OTL logfile created on: 11/07/2013 1:38:47 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = E:\User\Momo\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.95 Gb Total Physical Memory | 3.23 Gb Available Physical Memory | 40.70% Memory free 15.89 Gb Paging File | 10.20 Gb Available in Paging File | 64.21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.79 Gb Total Space | 15.64 Gb Free Space | 13.99% Space Free | Partition Type: NTFS Drive E: | 465.66 Gb Total Space | 148.76 Gb Free Space | 31.95% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 649.73 Gb Free Space | 69.75% Space Free | Partition Type: NTFS Computer Name: MOMO-PC | User Name: Momo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013/07/10 11:33:12 | 023,870,304 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.236\deploy\League of Legends.exe PRC - [2013/07/10 11:32:32 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.31\deploy\LolClient.exe PRC - [2013/07/03 01:10:29 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/06/30 23:03:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe PRC - [2013/06/24 10:33:18 | 000,316,000 | ---- | M] (Hyperdesktop) -- C:\Users\MOMO\AppData\Roaming\Hyperdesktop\hyperdesktop.exe PRC - [2013/05/27 01:10:08 | 000,526,336 | ---- | M] (LOL Replay) -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/12/26 14:55:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/11/08 15:07:42 | 000,098,704 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe PRC - [2012/11/07 20:59:54 | 003,540,416 | ---- | M] (Tonec Inc.) -- E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe PRC - [2012/10/23 11:12:29 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe PRC - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/05/29 11:44:58 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.173\deploy\LoLLauncher.exe PRC - [2012/02/22 21:12:42 | 000,943,168 | ---- | M] (Druide informatique inc.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe PRC - [2011/10/31 15:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010/05/25 08:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- E:\User\Momo\Applications\IDM\Internet Download Manager\IEMonitor.exe PRC - [2010/05/20 16:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe ========== Modules (No Company Name) ========== MOD - [2013/07/10 17:10:09 | 013,599,624 | ---- | M] () -- C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\PepperFlash\11.8.800.97\pepflashplayer.dll MOD - [2013/07/10 13:21:29 | 002,403,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\36c35017e458ebf9d91e7eceae4a3989\System.Web.Extensions.ni.dll MOD - [2013/07/10 13:21:28 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\6e4f4fc116fe8faea929e840d74f8011\System.ServiceModel.Web.ni.dll MOD - [2013/07/10 13:21:28 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\15bb59e6d778cbc643193aca1d2a9e0c\System.Web.Abstractions.ni.dll MOD - [2013/07/10 13:20:05 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll MOD - [2013/07/10 13:19:35 | 017,477,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\f00a8436d10d44f1829dea5f618b7f69\System.ServiceModel.ni.dll MOD - [2013/07/10 11:34:33 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d84a4af2acd0a1489fb81d169a2ea00a\SMDiagnostics.ni.dll MOD - [2013/07/10 11:34:32 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c476801f82f0b0cff48afcafce7e919d\System.Runtime.Serialization.ni.dll MOD - [2013/07/10 11:34:28 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2c5c86bb5156ff508ca8045aff50a482\System.Core.ni.dll MOD - [2013/07/10 11:34:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll MOD - [2013/07/10 11:34:16 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\dcc781ebbddf98a9cf6dd4f3b17f1063\System.Web.ni.dll MOD - [2013/07/10 11:34:03 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll MOD - [2013/07/10 11:33:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013/07/10 11:33:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013/07/10 11:33:46 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll MOD - [2013/07/10 11:33:46 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\8f4a3d09bd38a742ccfe4a20a126fff5\UIAutomationProvider.ni.dll MOD - [2013/07/10 11:33:39 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll MOD - [2013/07/10 11:33:35 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013/07/10 11:33:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013/07/10 11:33:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013/07/10 11:33:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013/07/10 11:33:13 | 000,072,192 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.236\deploy\riotlauncher.dll MOD - [2013/07/10 11:33:12 | 023,870,304 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.236\deploy\League of Legends.exe MOD - [2013/07/10 11:32:32 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.31\deploy\LolClient.exe MOD - [2013/07/03 01:10:26 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppgooglenaclpluginchrome.dll MOD - [2013/07/03 01:10:23 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll MOD - [2013/07/03 01:09:27 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\libglesv2.dll MOD - [2013/07/03 01:09:26 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\libegl.dll MOD - [2013/07/03 01:09:23 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ffmpegsumo.dll MOD - [2013/05/27 01:10:04 | 000,369,152 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLUtils.dll MOD - [2013/05/27 01:05:04 | 000,156,160 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\Air.dll MOD - [2013/05/27 00:10:52 | 000,167,424 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\Recorder.dll MOD - [2013/05/27 00:10:48 | 000,052,224 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\Launcher.dll MOD - [2013/04/30 10:11:00 | 000,937,984 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.236\deploy\rads.dll MOD - [2013/02/13 03:13:00 | 000,411,648 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\Compression.dll MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/11/08 00:42:41 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2012/10/23 11:12:29 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe MOD - [2012/05/29 11:44:58 | 002,693,008 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.173\deploy\LoLLauncher.exe MOD - [2011/11/18 16:23:20 | 000,202,320 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qjpeg4.dll MOD - [2011/11/18 16:23:14 | 000,032,336 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qgif4.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/02/21 08:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV:64bit: - [2011/06/09 14:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/06/15 19:35:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/03 16:54:06 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/22 10:24:02 | 000,120,592 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/12/26 14:55:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/12/03 16:42:13 | 004,922,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009/11/06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk) DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/12/19 08:42:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys) DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/11 16:10:20 | 000,040,232 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsadb.sys -- (androidusb) DRV:64bit: - [2012/11/07 19:33:50 | 000,059,136 | ---- | M] (Radialpoint, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rp_pkt64.sys -- (RPPKT) DRV:64bit: - [2012/11/07 04:25:15 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012/11/07 04:25:15 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012/11/07 04:25:14 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012/09/27 14:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/09/01 19:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/09/01 19:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/16 01:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2009/11/23 21:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/23 21:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/11/18 08:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {3A9C6299-BFE1-4D4B-BB80-15BE29FB52AA} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 5B 15 FC BF BC CD 01 [binary data] IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes,DefaultScope = {3780ADFF-724B-41A5-8C20-EEE9F79B0FC6} IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes\{3780ADFF-724B-41A5-8C20-EEE9F79B0FC6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: E:\User\Momo\Applications\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: E:\User\Momo\Applications\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Momo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Momo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/10 11:30:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: F:\Mozilla\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: F:\Mozilla\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/06/04 01:17:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Momo\AppData\Roaming\IDM\idmmzcc5 [2012/11/08 00:31:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: F:\Mozilla\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: F:\Mozilla\plugins FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Momo\AppData\Roaming\IDM\idmmzcc5 [2012/11/08 00:31:04 | 000,000,000 | ---D | M] [2013/06/15 19:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Extensions [2013/07/08 14:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions [2013/07/08 14:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.ca/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.71\pdf.dll CHR - plugin: McAfee SiteAdvisor (Disabled) = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\McChPlg.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Disabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Happy Cloud Plugin (Enabled) = C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Momo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: AdobeExManDetect (Enabled) = E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll CHR - plugin: VLC Web Plugin (Enabled) = E:\User\Momo\Applications\VLC\npvlc.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - Extension: Google Docs = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Somoto V.1 = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo\10.16.7.524_0\ CHR - Extension: SiteAdvisor = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\ CHR - Extension: AdBlock = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\ CHR - Extension: Wolfram|Alpha (Official) = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\ CHR - Extension: Forum Enhancer Kit = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejafjpfgdljeoclgemlojoeobgaaphm\0.945_0\ CHR - Extension: IDM Integration = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.23_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\ CHR - Extension: Skype Click to Call = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\ CHR - Extension: Starcraft Zeratul (1920x1080) = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiliimjcohmpahgcbgapaaomloheicd\1.0.1_0\ CHR - Extension: Contract Killer = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi\1.1.3_0\ CHR - Extension: Gmail = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/06/30 13:32:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (no name) - {B50DCC8E-967D-5B39-6447-E16D9DB46A80} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.) O4 - HKLM..\Run: [agentantidote64.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe (Druide informatique inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" File not found O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [Facebook Update] C:\Users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [Hyperdesktop] C:\Users\MOMO\AppData\Roaming\Hyperdesktop\hyperdesktop.exe (Hyperdesktop) O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [iDMan] E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe (Tonec Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BD7B32-C893-4568-ABC4-B1FF79520193}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5377C36-6D2E-470B-B00C-A9F13F6A5A10}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/10 21:06:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/07/09 18:56:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/07/08 15:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/07/08 15:19:03 | 004,396,440 | ---- | C] (Piriform Ltd) -- E:\User\Momo\Desktop\ccsetup403.exe [2013/07/07 19:31:35 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale [2013/07/07 19:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\White Day [2013/07/03 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/07/02 21:34:15 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\PMB Files [2013/07/02 21:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013/07/01 08:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/07/01 08:58:36 | 002,347,384 | ---- | C] (ESET) -- E:\User\Momo\Desktop\esetsmartinstaller_enu.exe [2013/07/01 00:27:39 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Unity [2013/07/01 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Unity [2013/07/01 00:07:03 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud [2013/07/01 00:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud [2013/06/30 23:03:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe [2013/06/30 16:13:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/30 13:33:21 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/30 13:27:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/30 13:27:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/30 13:27:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/30 13:27:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/30 13:27:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/30 13:26:49 | 005,084,517 | R--- | C] (Swearware) -- E:\User\Momo\Desktop\ComboFix.exe [2013/06/29 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\WSHelper [2013/06/29 12:33:11 | 000,000,000 | ---D | C] -- C:\Users\Momo\Doctor Web [2013/06/29 10:48:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- E:\User\Momo\Desktop\tdsskiller.exe [2013/06/29 10:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/06/29 10:32:55 | 000,000,000 | ---D | C] -- C:\JRT [2013/06/29 10:32:09 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- E:\User\Momo\Desktop\JRT.exe [2013/06/29 02:16:30 | 000,509,440 | ---- | C] (Tech Support Guy System) -- E:\User\Momo\Desktop\SysInfo.exe [2013/06/28 22:06:22 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\New folder (2) [2013/06/28 12:39:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- E:\User\Momo\Desktop\HijackThis.exe [2013/06/25 16:44:22 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\McAfee [2013/06/25 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/06/17 01:17:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/06/16 23:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013/06/16 23:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/06/16 23:19:54 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft [2013/06/16 23:19:28 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\.minecraft [2013/06/15 19:25:29 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Macromedia [2013/06/15 19:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2 E:\User\Momo\Desktop\*.tmp files -> E:\User\Momo\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/11 13:30:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/11 13:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/11 12:58:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000UA.job [2013/07/11 12:08:10 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/11 12:08:10 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/11 12:05:32 | 000,781,122 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/11 12:05:32 | 000,665,586 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/11 12:05:32 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/11 12:01:21 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/11 12:01:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/11 12:01:00 | 2103,492,607 | -HS- | M] () -- C:\hiberfil.sys [2013/07/11 00:58:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000Core.job [2013/07/10 17:05:57 | 000,243,697 | ---- | M] () -- E:\User\Momo\Desktop\FidoBill-FactureFido.pdf [2013/07/10 11:30:32 | 005,038,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/07/10 01:49:30 | 000,084,269 | ---- | M] () -- E:\User\Momo\Desktop\L02QvfB.png [2013/07/10 00:32:01 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/07/09 18:52:38 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/07/08 15:23:21 | 000,180,452 | ---- | M] () -- E:\User\Momo\Documents\cc_20130708_152302.reg [2013/07/08 15:19:31 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/08 15:18:52 | 004,396,440 | ---- | M] (Piriform Ltd) -- E:\User\Momo\Desktop\ccsetup403.exe [2013/07/07 22:05:53 | 000,011,923 | ---- | M] () -- E:\User\Momo\Desktop\images.jpg [2013/07/07 19:29:58 | 000,000,730 | ---- | M] () -- C:\Users\Public\Desktop\White Day.lnk [2013/07/07 18:12:41 | 000,553,353 | ---- | M] () -- E:\User\Momo\Desktop\clap.gif [2013/07/07 12:50:11 | 000,001,541 | ---- | M] () -- E:\User\Momo\Desktop\ .lnk [2013/07/05 11:34:02 | 123,720,736 | ---- | M] () -- E:\User\Momo\Desktop\drweb-cureit.exe [2013/07/03 16:50:48 | 174,479,384 | ---- | M] () -- E:\User\Momo\Desktop\setup_11.0.0.1245.x01_2013_07_03_22_13.exe [2013/07/01 08:58:36 | 002,347,384 | ---- | M] (ESET) -- E:\User\Momo\Desktop\esetsmartinstaller_enu.exe [2013/07/01 01:21:13 | 000,115,356 | ---- | M] () -- E:\User\Momo\Desktop\1372645461434.jpg [2013/06/30 23:06:17 | 000,890,988 | ---- | M] () -- E:\User\Momo\Desktop\SecurityCheck.exe [2013/06/30 23:03:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe [2013/06/30 13:32:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/06/30 13:26:49 | 005,084,517 | R--- | M] (Swearware) -- E:\User\Momo\Desktop\ComboFix.exe [2013/06/29 10:52:02 | 000,912,384 | ---- | M] () -- E:\User\Momo\Desktop\RogueKiller.exe [2013/06/29 10:48:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- E:\User\Momo\Desktop\tdsskiller.exe [2013/06/29 10:41:42 | 000,000,085 | ---- | M] () -- E:\User\Momo\Desktop\TDSSKiller.url [2013/06/29 10:32:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- E:\User\Momo\Desktop\JRT.exe [2013/06/29 02:16:28 | 000,509,440 | ---- | M] (Tech Support Guy System) -- E:\User\Momo\Desktop\SysInfo.exe [2013/06/29 01:14:00 | 000,377,856 | ---- | M] () -- E:\User\Momo\Desktop\iwk3s2yn.exe [2013/06/28 11:58:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- E:\User\Momo\Desktop\HijackThis.exe [2013/06/28 10:03:47 | 000,001,287 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013/06/28 10:03:47 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2013/06/28 10:02:33 | 001,582,608 | ---- | M] () -- E:\User\Momo\Desktop\LOLReplay-0.8.2.1.exe [2013/06/27 23:38:20 | 000,089,393 | ---- | M] () -- E:\User\Momo\Desktop\560181_597638953581172_2128317259_n.jpg [2013/06/24 10:33:31 | 000,000,817 | ---- | M] () -- E:\User\Momo\Desktop\Hyperdesktop.lnk [2013/06/17 01:04:59 | 000,680,062 | ---- | M] () -- E:\User\Momo\Desktop\1371444594923.jpg [2 E:\User\Momo\Desktop\*.tmp files -> E:\User\Momo\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/10 17:05:56 | 000,243,697 | ---- | C] () -- E:\User\Momo\Desktop\FidoBill-FactureFido.pdf [2013/07/10 01:49:30 | 000,084,269 | ---- | C] () -- E:\User\Momo\Desktop\L02QvfB.png [2013/07/09 18:52:38 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013/07/09 09:01:17 | 005,038,256 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/07/08 15:25:39 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/07/08 15:25:16 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/08 15:25:16 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/08 15:23:07 | 000,180,452 | ---- | C] () -- E:\User\Momo\Documents\cc_20130708_152302.reg [2013/07/08 15:19:31 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/07 22:05:53 | 000,011,923 | ---- | C] () -- E:\User\Momo\Desktop\images.jpg [2013/07/07 19:29:58 | 000,000,730 | ---- | C] () -- C:\Users\Public\Desktop\White Day.lnk [2013/07/07 18:12:41 | 000,553,353 | ---- | C] () -- E:\User\Momo\Desktop\clap.gif [2013/07/07 12:50:11 | 000,001,541 | ---- | C] () -- E:\User\Momo\Desktop\ .lnk [2013/07/03 16:50:47 | 174,479,384 | ---- | C] () -- E:\User\Momo\Desktop\setup_11.0.0.1245.x01_2013_07_03_22_13.exe [2013/07/01 01:21:13 | 000,115,356 | ---- | C] () -- E:\User\Momo\Desktop\1372645461434.jpg [2013/06/30 23:06:17 | 000,890,988 | ---- | C] () -- E:\User\Momo\Desktop\SecurityCheck.exe [2013/06/30 13:27:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/30 13:27:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/30 13:27:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/30 13:27:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/30 13:27:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/29 12:32:44 | 123,720,736 | ---- | C] () -- E:\User\Momo\Desktop\drweb-cureit.exe [2013/06/29 10:52:02 | 000,912,384 | ---- | C] () -- E:\User\Momo\Desktop\RogueKiller.exe [2013/06/29 10:41:42 | 000,000,085 | ---- | C] () -- E:\User\Momo\Desktop\TDSSKiller.url [2013/06/29 01:14:12 | 000,377,856 | ---- | C] () -- E:\User\Momo\Desktop\iwk3s2yn.exe [2013/06/28 12:39:11 | 001,582,608 | ---- | C] () -- E:\User\Momo\Desktop\LOLReplay-0.8.2.1.exe [2013/06/27 23:38:20 | 000,089,393 | ---- | C] () -- E:\User\Momo\Desktop\560181_597638953581172_2128317259_n.jpg [2013/06/24 10:33:31 | 000,000,817 | ---- | C] () -- E:\User\Momo\Desktop\Hyperdesktop.lnk [2013/06/17 01:04:59 | 000,680,062 | ---- | C] () -- E:\User\Momo\Desktop\1371444594923.jpg [2013/06/15 19:24:18 | 000,000,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/06/01 01:04:07 | 000,000,132 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Adobe GIF Format CS6 Prefs [2013/05/04 19:46:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2013/04/10 16:28:45 | 000,000,088 | ---- | C] () -- C:\Windows\Antidote7.ini [2013/02/23 15:55:17 | 000,000,132 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Adobe PNG Format CS6 Prefs [2013/01/19 14:45:31 | 000,007,168 | ---- | C] () -- C:\Users\Momo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/16 00:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2013/01/06 19:24:03 | 000,000,271 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012/12/29 17:04:53 | 000,000,079 | ---- | C] () -- C:\Windows\XP200.ini [2012/11/29 03:30:39 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 03:30:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/25 11:20:56 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012/11/22 13:33:49 | 000,007,600 | ---- | C] () -- C:\Users\Momo\AppData\Local\resmon.resmoncfg [2012/11/07 04:30:59 | 000,766,590 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/07 10:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012/01/07 10:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll [2012/01/07 10:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll [2012/01/07 10:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012/01/07 10:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012/01/07 10:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll [2011/12/19 02:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/12/19 02:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/06/29 17:29:16 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\.minecraft [2012/11/12 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\AnvSoft [2013/06/04 01:10:47 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Bell [2013/01/02 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Cool Record Edit Pro [2013/07/11 02:37:09 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\DMCache [2013/06/25 23:29:32 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Dropbox [2013/04/10 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Druide [2012/12/30 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Epson [2013/01/07 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Evaer [2012/12/25 15:42:42 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Free Sound Recorder [2012/12/28 01:41:37 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Hyperdesktop [2013/07/11 01:16:20 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\IDM [2012/12/30 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Leader Technologies [2012/12/29 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Leadertech [2012/11/07 04:14:48 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\LolClient [2013/04/04 23:19:55 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\MediaMonkey [2012/12/11 21:58:46 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\MP3SkypeRecorder [2012/12/20 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Origin [2013/04/01 02:46:40 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\PDAppFlex [2012/11/12 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Publish Providers [2013/06/06 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\RenPy [2013/05/04 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Screaming Bee [2012/11/12 01:46:30 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Sony [2012/11/14 00:54:38 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Sony Creative Software Inc [2013/04/17 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013/03/30 16:49:19 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\TS3Client [2013/07/01 00:27:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Unity [2012/12/18 23:36:57 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Windows Live Writer [2013/02/28 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Wondershare ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report >
- July 11, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

yes I have. It didn't work either.
- July 11, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

The problem is on every browser. Chrome, Mozilla and Internet Explorer
- July 11, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

That has already been done as well :\
- July 9, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

I have tried reseting and the issue still occurs.
- July 8, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Still happening :\ The Chrome freezing seems to have stopped, but I would need a bit more time to confirm it. Stream videos and being redirected to "cookie" still happen.
- July 8, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== HKEY_USERS\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\Plugins folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\modules folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\META-INF folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\lib folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults\preferences folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\defaults folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\skin folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\sl folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\lib folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\core folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\WEATHER folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\resources folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER\img folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TWITTER folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_POPUP folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\TESTER_BCAPI folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\style folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view\script folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\view folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\resources folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\Css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH\buildSettings folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\SEARCH folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\RADIO_PLAYER folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\images folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\PRICE_GONG folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\Optimizer folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\images folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\NOTIFICATION folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\img folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\MULTI_RSS folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\HIGHLIGHTER folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa\404 folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\wa folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\img folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\menu folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\img folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gf folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\gadgetFrame folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd\images folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg\ftd folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui\dlg folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ui folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\searchProtector folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js\resources folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\images folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\options folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\myStuffDialogs folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js\resources folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\features folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\api folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\res folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\img folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac\css folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\ac folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\js folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox\images folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al\aboutBox folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb\al folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content\tb folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468\content folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome\CT3220468 folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\chrome folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} folder moved successfully. C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi moved successfully. C:\Users\Momo\AppData\Roaming\uTorrent\share folder moved successfully. C:\Users\Momo\AppData\Roaming\uTorrent\ie folder moved successfully. C:\Users\Momo\AppData\Roaming\uTorrent\dlimagecache folder moved successfully. C:\Users\Momo\AppData\Roaming\uTorrent\Cache folder moved successfully. C:\Users\Momo\AppData\Roaming\uTorrent\apps folder moved successfully. C:\Users\Momo\AppData\Roaming\uTorrent folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. E:\User\Momo\Desktop\cmd.bat deleted successfully. E:\User\Momo\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 57616 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Momo ->Temp folder emptied: 7814471 bytes ->Temporary Internet Files folder emptied: 5368363 bytes ->Java cache emptied: 200944 bytes ->FireFox cache emptied: 7287469 bytes ->Google Chrome cache emptied: 256531606 bytes ->Flash cache emptied: 68402 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 3999 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6614 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50528 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 265.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 07082013_141332 Files\Folders moved on Reboot... C:\Users\Momo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Momo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
- July 8, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

I can't seem to be able to find Extras.txt ...
- July 7, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

OTL logfile created on: 07/07/2013 5:31:28 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = E:\User\Momo\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.95 Gb Total Physical Memory | 4.21 Gb Available Physical Memory | 53.02% Memory free 15.89 Gb Paging File | 11.65 Gb Available in Paging File | 73.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.79 Gb Total Space | 14.48 Gb Free Space | 12.95% Space Free | Partition Type: NTFS Drive E: | 465.66 Gb Total Space | 164.38 Gb Free Space | 35.30% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 650.72 Gb Free Space | 69.86% Space Free | Partition Type: NTFS Computer Name: MOMO-PC | User Name: Momo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013/06/30 23:03:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe PRC - [2013/06/24 10:33:18 | 000,316,000 | ---- | M] (Hyperdesktop) -- C:\Users\MOMO\AppData\Roaming\Hyperdesktop\hyperdesktop.exe PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013/05/27 01:10:08 | 000,526,336 | ---- | M] (LOL Replay) -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/12/26 14:55:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/11/08 15:07:42 | 000,098,704 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe PRC - [2012/11/07 20:59:54 | 003,540,416 | ---- | M] (Tonec Inc.) -- E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe PRC - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/02/22 21:12:42 | 000,943,168 | ---- | M] (Druide informatique inc.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe PRC - [2011/10/31 15:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2010/05/25 08:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- E:\User\Momo\Applications\IDM\Internet Download Manager\IEMonitor.exe PRC - [2010/05/20 16:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe ========== Modules (No Company Name) ========== MOD - [2013/06/15 19:35:22 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll MOD - [2013/05/27 01:10:04 | 000,369,152 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLUtils.dll MOD - [2013/05/16 11:30:12 | 002,404,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a40a2322bae0b10c6e1e66947321bbd1\System.Web.Extensions.ni.dll MOD - [2013/05/16 11:29:29 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c1c94fc55d606efee0d5f07ee441cb7\System.ServiceModel.ni.dll MOD - [2013/05/16 11:29:17 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013/05/16 10:31:47 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013/05/16 10:31:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/16 10:31:34 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013/05/16 10:31:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/16 10:31:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/03/16 21:22:59 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll MOD - [2013/03/16 21:22:59 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\7a64243fd351a567a3ac02755837076e\System.Web.Abstractions.ni.dll MOD - [2013/03/16 21:22:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/03/16 21:21:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/03/16 21:21:14 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll MOD - [2013/03/16 21:21:13 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll MOD - [2013/03/16 21:20:45 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/03/16 21:20:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/03/16 21:20:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/03/16 21:20:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/03/16 21:20:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013/02/13 03:13:00 | 000,411,648 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\Compression.dll MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/11/18 16:23:20 | 000,202,320 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qjpeg4.dll MOD - [2011/11/18 16:23:14 | 000,177,232 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\accessible\qtaccessiblewidgets4.dll MOD - [2011/11/18 16:23:14 | 000,032,336 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qgif4.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV:64bit: - [2013/06/15 14:23:56 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/02/21 08:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV:64bit: - [2011/06/09 14:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/06/15 19:35:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/03 16:54:06 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/12/26 14:55:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/12/04 10:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2012/12/03 16:42:13 | 004,922,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009/11/06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk) DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/12/19 08:42:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys) DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/11/11 16:10:20 | 000,040,232 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsadb.sys -- (androidusb) DRV:64bit: - [2012/11/07 19:33:50 | 000,059,136 | ---- | M] (Radialpoint, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rp_pkt64.sys -- (RPPKT) DRV:64bit: - [2012/11/07 04:25:15 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012/11/07 04:25:15 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012/11/07 04:25:14 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012/09/27 14:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/09/01 19:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/09/01 19:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/16 01:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2009/11/23 21:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/23 21:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/11/18 08:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {3A9C6299-BFE1-4D4B-BB80-15BE29FB52AA} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 5B 15 FC BF BC CD 01 [binary data] IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes,DefaultScope = {3780ADFF-724B-41A5-8C20-EEE9F79B0FC6} IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\..\SearchScopes\{3780ADFF-724B-41A5-8C20-EEE9F79B0FC6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: E:\User\Momo\Applications\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Momo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Momo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/04 01:17:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: F:\Mozilla\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: F:\Mozilla\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/06/04 01:17:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Momo\AppData\Roaming\IDM\idmmzcc5 [2012/11/08 00:31:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: F:\Mozilla\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: F:\Mozilla\plugins FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Momo\AppData\Roaming\IDM\idmmzcc5 [2012/11/08 00:31:04 | 000,000,000 | ---D | M] [2013/06/15 19:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Extensions [2012/11/07 04:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions [2012/11/07 04:26:36 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013/05/31 13:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions [2012/12/05 17:27:02 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.ca/ CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: AdobeExManDetect (Enabled) = E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll CHR - plugin: VLC Web Plugin (Enabled) = E:\User\Momo\Applications\VLC\npvlc.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - Extension: Google Drive = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: SiteAdvisor = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: AdBlock = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\ CHR - Extension: Wolfram|Alpha (Official) = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\ CHR - Extension: Forum Enhancer Kit = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejafjpfgdljeoclgemlojoeobgaaphm\0.945_0\ CHR - Extension: IDM Integration = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\ CHR - Extension: Skype Click to Call = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\ CHR - Extension: Starcraft Zeratul (1920x1080) = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiliimjcohmpahgcbgapaaomloheicd\1.0.1_0\ CHR - Extension: Contract Killer = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi\1.1.3_0\ CHR - Extension: Gmail = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/06/30 13:32:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Zoomex) - {B50DCC8E-967D-5B39-6447-E16D9DB46A80} - C:\ProgramData\Zoomex\5103e418938e6.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.) O4 - HKLM..\Run: [agentantidote64.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe (Druide informatique inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" File not found O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [Facebook Update] C:\Users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [Hyperdesktop] C:\Users\MOMO\AppData\Roaming\Hyperdesktop\hyperdesktop.exe (Hyperdesktop) O4 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000..\Run: [iDMan] E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe (Tonec Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2117279006-2250545515-668574822-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BD7B32-C893-4568-ABC4-B1FF79520193}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5377C36-6D2E-470B-B00C-A9F13F6A5A10}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/03 16:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/07/02 21:34:15 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\PMB Files [2013/07/02 21:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013/07/01 08:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/07/01 08:58:36 | 002,347,384 | ---- | C] (ESET) -- E:\User\Momo\Desktop\esetsmartinstaller_enu.exe [2013/07/01 00:27:39 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Unity [2013/07/01 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Unity [2013/07/01 00:07:03 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud [2013/07/01 00:03:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud [2013/06/30 23:03:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe [2013/06/30 16:13:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/30 13:33:21 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/30 13:27:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/30 13:27:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/30 13:27:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/30 13:27:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/30 13:27:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/30 13:26:49 | 005,084,517 | R--- | C] (Swearware) -- E:\User\Momo\Desktop\ComboFix.exe [2013/06/29 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\WSHelper [2013/06/29 12:33:11 | 000,000,000 | ---D | C] -- C:\Users\Momo\Doctor Web [2013/06/29 10:52:23 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\RK_Quarantine [2013/06/29 10:48:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- E:\User\Momo\Desktop\tdsskiller.exe [2013/06/29 10:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/06/29 10:32:55 | 000,000,000 | ---D | C] -- C:\JRT [2013/06/29 10:32:09 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- E:\User\Momo\Desktop\JRT.exe [2013/06/29 10:26:10 | 000,791,393 | ---- | C] (Lars Hederer ) -- E:\User\Momo\Desktop\erunt-setup.exe [2013/06/29 10:25:31 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\Old Firefox Data [2013/06/29 02:16:30 | 000,509,440 | ---- | C] (Tech Support Guy System) -- E:\User\Momo\Desktop\SysInfo.exe [2013/06/28 22:06:22 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\New folder (2) [2013/06/28 13:18:54 | 000,688,992 | R--- | C] (Swearware) -- E:\User\Momo\Desktop\dds.com [2013/06/28 12:39:03 | 000,578,640 | ---- | C] (McAfee, Inc.) -- E:\User\Momo\Desktop\MVTInstaller.exe [2013/06/28 12:39:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- E:\User\Momo\Desktop\HijackThis.exe [2013/06/28 00:11:04 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\Mad Father [2013/06/25 16:44:22 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\McAfee [2013/06/25 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/06/17 01:17:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/06/16 23:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013/06/16 23:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/06/16 23:19:54 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft [2013/06/16 23:19:28 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\.minecraft [2013/06/15 19:25:29 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Macromedia [2013/06/15 19:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013/06/10 09:51:32 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\Witches [2013/06/08 01:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2 E:\User\Momo\Desktop\*.tmp files -> E:\User\Momo\Desktop\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/07 17:24:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce7936c6d8e574.job [2013/07/07 17:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/07 15:58:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000UA.job [2013/07/07 12:50:11 | 000,001,541 | ---- | M] () -- E:\User\Momo\Desktop\GameLauncher - Shortcut.lnk [2013/07/07 12:17:03 | 000,166,927 | ---- | M] () -- E:\User\Momo\Desktop\helping-hands.jpg [2013/07/07 10:54:52 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/07 10:54:52 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/07 10:53:41 | 000,781,122 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/07 10:53:41 | 000,665,586 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/07 10:53:41 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/07 10:52:33 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2013/07/07 10:47:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/07 10:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/07 10:47:42 | 2103,492,607 | -HS- | M] () -- C:\hiberfil.sys [2013/07/07 00:58:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000Core.job [2013/07/05 11:34:02 | 123,720,736 | ---- | M] () -- E:\User\Momo\Desktop\drweb-cureit.exe [2013/07/05 01:33:39 | 000,063,723 | ---- | M] () -- E:\User\Momo\Desktop\1012331_10151701357677302_442234251_n.jpg [2013/07/04 09:28:58 | 000,002,634 | ---- | M] () -- E:\User\Momo\Desktop\Winmgmt.reg [2013/07/04 01:24:00 | 000,452,862 | ---- | M] () -- E:\User\Momo\Desktop\42096-hi-Bugs_Bunny.jpg [2013/07/04 01:22:49 | 000,051,353 | ---- | M] () -- E:\User\Momo\Desktop\1017160_10152037259963989_489691536_n.jpg [2013/07/03 17:46:51 | 000,004,561 | ---- | M] () -- E:\User\Momo\Desktop\login [2013/07/03 16:50:48 | 174,479,384 | ---- | M] () -- E:\User\Momo\Desktop\setup_11.0.0.1245.x01_2013_07_03_22_13.exe [2013/07/01 08:58:36 | 002,347,384 | ---- | M] (ESET) -- E:\User\Momo\Desktop\esetsmartinstaller_enu.exe [2013/07/01 01:21:13 | 000,115,356 | ---- | M] () -- E:\User\Momo\Desktop\1372645461434.jpg [2013/06/30 23:06:17 | 000,890,988 | ---- | M] () -- E:\User\Momo\Desktop\SecurityCheck.exe [2013/06/30 23:03:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe [2013/06/30 14:47:18 | 000,000,985 | ---- | M] () -- E:\User\Momo\Desktop\Game.exe - Shortcut.lnk [2013/06/30 13:32:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/06/30 13:26:49 | 005,084,517 | R--- | M] (Swearware) -- E:\User\Momo\Desktop\ComboFix.exe [2013/06/29 22:31:52 | 000,022,177 | ---- | M] () -- E:\User\Momo\Desktop\Grumpy-Cat.jpg [2013/06/29 10:52:02 | 000,912,384 | ---- | M] () -- E:\User\Momo\Desktop\RogueKiller.exe [2013/06/29 10:48:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- E:\User\Momo\Desktop\tdsskiller.exe [2013/06/29 10:41:42 | 000,000,085 | ---- | M] () -- E:\User\Momo\Desktop\TDSSKiller.url [2013/06/29 10:32:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- E:\User\Momo\Desktop\JRT.exe [2013/06/29 10:25:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- E:\User\Momo\Desktop\erunt-setup.exe [2013/06/29 02:16:28 | 000,509,440 | ---- | M] (Tech Support Guy System) -- E:\User\Momo\Desktop\SysInfo.exe [2013/06/29 01:16:05 | 000,377,856 | ---- | M] () -- E:\User\Momo\Desktop\zgb0sdjh.exe [2013/06/29 01:14:00 | 000,377,856 | ---- | M] () -- E:\User\Momo\Desktop\iwk3s2yn.exe [2013/06/28 23:47:26 | 000,091,010 | ---- | M] () -- E:\User\Momo\Desktop\iNagato.jpg [2013/06/28 23:47:18 | 003,489,426 | ---- | M] () -- E:\User\Momo\Desktop\iNagato.psd [2013/06/28 23:36:40 | 000,319,914 | ---- | M] () -- E:\User\Momo\Desktop\deva-pain-pein-master-32420641-716-716.png [2013/06/28 23:36:12 | 000,043,849 | ---- | M] () -- E:\User\Momo\Desktop\1000532_10151760187203933_1654773174_n.jpg [2013/06/28 13:19:07 | 000,688,992 | R--- | M] (Swearware) -- E:\User\Momo\Desktop\dds.com [2013/06/28 11:58:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- E:\User\Momo\Desktop\HijackThis.exe [2013/06/28 10:03:47 | 000,001,287 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013/06/28 10:03:47 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2013/06/28 10:02:33 | 001,582,608 | ---- | M] () -- E:\User\Momo\Desktop\LOLReplay-0.8.2.1.exe [2013/06/27 23:46:23 | 000,043,536 | ---- | M] () -- E:\User\Momo\Desktop\cath.png [2013/06/27 23:38:20 | 000,089,393 | ---- | M] () -- E:\User\Momo\Desktop\560181_597638953581172_2128317259_n.jpg [2013/06/26 19:28:12 | 000,051,436 | ---- | M] () -- E:\User\Momo\Desktop\FOURTH TO SEVENTH JULY.jpg [2013/06/25 16:43:19 | 000,578,640 | ---- | M] (McAfee, Inc.) -- E:\User\Momo\Desktop\MVTInstaller.exe [2013/06/24 10:33:31 | 000,000,817 | ---- | M] () -- E:\User\Momo\Desktop\Hyperdesktop.lnk [2013/06/17 01:05:47 | 000,858,138 | ---- | M] () -- E:\User\Momo\Desktop\HAHAHA.jpg [2013/06/17 01:04:59 | 000,680,062 | ---- | M] () -- E:\User\Momo\Desktop\1371444594923.jpg [2013/06/10 21:37:57 | 000,335,618 | ---- | M] () -- E:\User\Momo\Desktop\supports.jpg [2 E:\User\Momo\Desktop\*.tmp files -> E:\User\Momo\Desktop\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/07 12:50:11 | 000,001,541 | ---- | C] () -- E:\User\Momo\Desktop\GameLauncher - Shortcut.lnk [2013/07/07 12:17:03 | 000,166,927 | ---- | C] () -- E:\User\Momo\Desktop\helping-hands.jpg [2013/07/05 01:33:39 | 000,063,723 | ---- | C] () -- E:\User\Momo\Desktop\1012331_10151701357677302_442234251_n.jpg [2013/07/05 00:19:01 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1ce7936c6d8e574.job [2013/07/04 09:29:03 | 000,002,634 | ---- | C] () -- E:\User\Momo\Desktop\Winmgmt.reg [2013/07/04 09:25:59 | 000,002,110 | ---- | C] () -- E:\User\Momo\Desktop\reg_fix_w7.reg [2013/07/04 09:25:55 | 000,002,755 | ---- | C] () -- E:\User\Momo\Desktop\txt_fix_w7.reg [2013/07/04 09:25:50 | 000,002,756 | ---- | C] () -- E:\User\Momo\Desktop\html_fix_w7.reg [2013/07/04 01:24:00 | 000,452,862 | ---- | C] () -- E:\User\Momo\Desktop\42096-hi-Bugs_Bunny.jpg [2013/07/04 01:22:49 | 000,051,353 | ---- | C] () -- E:\User\Momo\Desktop\1017160_10152037259963989_489691536_n.jpg [2013/07/03 17:46:51 | 000,004,561 | ---- | C] () -- E:\User\Momo\Desktop\login [2013/07/03 16:50:47 | 174,479,384 | ---- | C] () -- E:\User\Momo\Desktop\setup_11.0.0.1245.x01_2013_07_03_22_13.exe [2013/07/01 01:21:13 | 000,115,356 | ---- | C] () -- E:\User\Momo\Desktop\1372645461434.jpg [2013/06/30 23:06:17 | 000,890,988 | ---- | C] () -- E:\User\Momo\Desktop\SecurityCheck.exe [2013/06/30 14:47:18 | 000,000,985 | ---- | C] () -- E:\User\Momo\Desktop\Game.exe - Shortcut.lnk [2013/06/30 13:27:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/30 13:27:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/30 13:27:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/30 13:27:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/30 13:27:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/29 22:31:52 | 000,022,177 | ---- | C] () -- E:\User\Momo\Desktop\Grumpy-Cat.jpg [2013/06/29 12:32:44 | 123,720,736 | ---- | C] () -- E:\User\Momo\Desktop\drweb-cureit.exe [2013/06/29 10:52:02 | 000,912,384 | ---- | C] () -- E:\User\Momo\Desktop\RogueKiller.exe [2013/06/29 10:41:42 | 000,000,085 | ---- | C] () -- E:\User\Momo\Desktop\TDSSKiller.url [2013/06/29 01:16:18 | 000,377,856 | ---- | C] () -- E:\User\Momo\Desktop\zgb0sdjh.exe [2013/06/29 01:14:12 | 000,377,856 | ---- | C] () -- E:\User\Momo\Desktop\iwk3s2yn.exe [2013/06/28 23:47:24 | 000,091,010 | ---- | C] () -- E:\User\Momo\Desktop\iNagato.jpg [2013/06/28 23:47:14 | 003,489,426 | ---- | C] () -- E:\User\Momo\Desktop\iNagato.psd [2013/06/28 23:36:40 | 000,319,914 | ---- | C] () -- E:\User\Momo\Desktop\deva-pain-pein-master-32420641-716-716.png [2013/06/28 23:36:12 | 000,043,849 | ---- | C] () -- E:\User\Momo\Desktop\1000532_10151760187203933_1654773174_n.jpg [2013/06/28 12:39:11 | 001,582,608 | ---- | C] () -- E:\User\Momo\Desktop\LOLReplay-0.8.2.1.exe [2013/06/27 23:46:23 | 000,043,536 | ---- | C] () -- E:\User\Momo\Desktop\cath.png [2013/06/27 23:38:20 | 000,089,393 | ---- | C] () -- E:\User\Momo\Desktop\560181_597638953581172_2128317259_n.jpg [2013/06/26 19:28:12 | 000,051,436 | ---- | C] () -- E:\User\Momo\Desktop\FOURTH TO SEVENTH JULY.jpg [2013/06/24 10:33:31 | 000,000,817 | ---- | C] () -- E:\User\Momo\Desktop\Hyperdesktop.lnk [2013/06/22 00:25:08 | 000,002,259 | ---- | C] () -- E:\User\Momo\Desktop\Wondershare MobileGo for Android.lnk [2013/06/17 01:05:47 | 000,858,138 | ---- | C] () -- E:\User\Momo\Desktop\HAHAHA.jpg [2013/06/17 01:04:59 | 000,680,062 | ---- | C] () -- E:\User\Momo\Desktop\1371444594923.jpg [2013/06/15 19:24:18 | 000,000,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/06/10 21:37:57 | 000,335,618 | ---- | C] () -- E:\User\Momo\Desktop\supports.jpg [2013/06/01 01:04:07 | 000,000,132 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Adobe GIF Format CS6 Prefs [2013/05/04 19:46:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2013/04/10 16:28:45 | 000,000,088 | ---- | C] () -- C:\Windows\Antidote7.ini [2013/02/23 15:55:17 | 000,000,132 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Adobe PNG Format CS6 Prefs [2013/01/19 14:45:31 | 000,007,168 | ---- | C] () -- C:\Users\Momo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/16 00:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2013/01/06 19:24:03 | 000,000,271 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012/12/29 17:04:53 | 000,000,079 | ---- | C] () -- C:\Windows\XP200.ini [2012/11/29 03:30:39 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 03:30:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/25 11:20:56 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012/11/22 13:33:49 | 000,007,600 | ---- | C] () -- C:\Users\Momo\AppData\Local\resmon.resmoncfg [2012/11/07 04:30:59 | 000,766,590 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/07 10:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012/01/07 10:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll [2012/01/07 10:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll [2012/01/07 10:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012/01/07 10:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012/01/07 10:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll [2011/12/19 02:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/12/19 02:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/06/29 17:29:16 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\.minecraft [2012/11/12 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\AnvSoft [2013/06/04 01:10:47 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Bell [2013/01/02 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Cool Record Edit Pro [2013/07/07 10:46:41 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\DMCache [2013/06/25 23:29:32 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Dropbox [2013/04/10 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Druide [2012/12/30 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Epson [2013/01/07 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Evaer [2012/12/25 15:42:42 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Free Sound Recorder [2012/12/28 01:41:37 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Hyperdesktop [2013/05/20 00:48:56 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\IDM [2012/12/30 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Leader Technologies [2012/12/29 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Leadertech [2012/11/07 04:14:48 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\LolClient [2013/04/04 23:19:55 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\MediaMonkey [2012/12/11 21:58:46 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\MP3SkypeRecorder [2012/12/20 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Origin [2013/04/01 02:46:40 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\PDAppFlex [2012/11/12 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Publish Providers [2013/06/06 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\RenPy [2013/05/04 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Screaming Bee [2012/11/12 01:46:30 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Sony [2012/11/14 00:54:38 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Sony Creative Software Inc [2013/04/17 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013/03/30 16:49:19 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\TS3Client [2013/07/01 00:27:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Unity [2013/06/28 13:26:49 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\uTorrent [2012/12/18 23:36:57 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Windows Live Writer [2013/02/28 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Wondershare ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report >
- July 7, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Also, since these data are from last week, let me know if I should run another test .
- July 6, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Haha, no. that's fine, that wasn't what I meant. Like I know that malwarebytes is the best antimalware, and I just feel safer being on their website than one of an antimalware that's not as popular or maybe as good. I am aware you're a volunteer and I thank you for your assistance.
- July 6, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

OTL logfile created on: 30/06/2013 11:09:25 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\User\Momo\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.95 Gb Total Physical Memory | 5.10 Gb Available Physical Memory | 64.18% Memory free 15.89 Gb Paging File | 13.10 Gb Available in Paging File | 82.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111.79 Gb Total Space | 17.47 Gb Free Space | 15.63% Space Free | Partition Type: NTFS Drive E: | 465.66 Gb Total Space | 207.66 Gb Free Space | 44.59% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 651.17 Gb Free Space | 69.90% Space Free | Partition Type: NTFS Computer Name: MOMO-PC | User Name: Momo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/30 23:03:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe PRC - [2013/05/27 01:10:08 | 000,526,336 | ---- | M] (LOL Replay) -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/12/26 14:55:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012/11/08 15:07:42 | 000,098,704 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe PRC - [2012/11/07 20:59:54 | 003,540,416 | ---- | M] (Tonec Inc.) -- E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe PRC - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012/02/22 21:12:42 | 000,943,168 | ---- | M] (Druide informatique inc.) -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe PRC - [2011/10/31 15:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe ========== Modules (No Company Name) ========== MOD - [2013/05/27 01:10:04 | 000,369,152 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\LOLUtils.dll MOD - [2013/05/16 11:30:12 | 002,404,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\a40a2322bae0b10c6e1e66947321bbd1\System.Web.Extensions.ni.dll MOD - [2013/05/16 11:29:29 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1c1c94fc55d606efee0d5f07ee441cb7\System.ServiceModel.ni.dll MOD - [2013/05/16 11:29:17 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll MOD - [2013/05/16 10:31:47 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll MOD - [2013/05/16 10:31:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/16 10:31:34 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll MOD - [2013/05/16 10:31:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013/05/16 10:31:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/03/16 21:22:59 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll MOD - [2013/03/16 21:22:59 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\7a64243fd351a567a3ac02755837076e\System.Web.Abstractions.ni.dll MOD - [2013/03/16 21:22:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013/03/16 21:22:13 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll MOD - [2013/03/16 21:21:35 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013/03/16 21:21:14 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll MOD - [2013/03/16 21:21:13 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll MOD - [2013/03/16 21:20:45 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll MOD - [2013/03/16 21:20:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/03/16 21:20:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/03/16 21:20:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/03/16 21:20:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013/03/16 21:20:17 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll MOD - [2013/02/13 03:13:00 | 000,411,648 | ---- | M] () -- E:\User\Momo\Applications\League of Legends Replay\LOLReplay\Compression.dll MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012/11/08 00:42:41 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2011/11/18 16:23:20 | 000,202,320 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qjpeg4.dll MOD - [2011/11/18 16:23:14 | 000,032,336 | ---- | M] () -- C:\Program Files (x86)\Druide\Antidote 7\Programmes32\LibrairiesQt\imageformats\qgif4.dll MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ========== Services (SafeList) ========== SRV:64bit: - [2013/04/03 13:34:46 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013/04/03 13:32:06 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2013/03/05 11:43:26 | 000,221,296 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2013/03/01 09:08:02 | 000,388,680 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2013/02/28 09:46:18 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/02/21 08:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV:64bit: - [2011/06/09 14:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation) SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013/06/15 19:35:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/03 16:54:06 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/05/11 18:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/12/26 14:55:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012/12/04 10:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service) SRV - [2012/12/03 16:42:13 | 004,922,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012/09/01 19:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/11/06 13:24:54 | 000,282,728 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService) SRV - [2009/11/06 13:13:20 | 000,276,584 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013/04/03 13:37:38 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013/04/03 13:34:58 | 000,342,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013/04/03 13:33:06 | 000,772,944 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013/04/03 13:32:14 | 000,516,608 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013/04/03 13:31:36 | 000,309,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013/04/03 13:31:14 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2013/02/18 07:46:56 | 000,095,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk) DRV:64bit: - [2013/02/18 07:46:50 | 000,337,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/12/19 08:42:10 | 000,006,144 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t_mouse.sys -- (t_mouse.sys) DRV:64bit: - [2012/11/11 16:10:20 | 000,040,232 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsadb.sys -- (androidusb) DRV:64bit: - [2012/11/07 19:33:50 | 000,059,136 | ---- | M] (Radialpoint, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rp_pkt64.sys -- (RPPKT) DRV:64bit: - [2012/11/07 04:25:15 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012/11/07 04:25:15 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012/11/07 04:25:14 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/09/27 14:07:26 | 000,160,992 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/09/12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/09/01 19:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012/09/01 19:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2012/08/23 10:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/16 01:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/11/25 00:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/05/20 16:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000) DRV:64bit: - [2009/11/23 21:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009/11/23 21:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009/11/18 08:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009/09/15 13:59:30 | 000,042,088 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvoclk64.sys -- (nvoclk64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {3A9C6299-BFE1-4D4B-BB80-15BE29FB52AA} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 5B 15 FC BF BC CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {3780ADFF-724B-41A5-8C20-EEE9F79B0FC6} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{3780ADFF-724B-41A5-8C20-EEE9F79B0FC6}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: F:\Java\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: E:\User\Momo\Applications\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Momo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/04 01:17:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: F:\Mozilla\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: F:\Mozilla\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/06/04 01:17:28 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Momo\AppData\Roaming\IDM\idmmzcc5 [2012/11/08 00:31:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Momo\AppData\Roaming\IDM\idmmzcc5 [2012/11/08 00:31:04 | 000,000,000 | ---D | M] [2013/06/15 19:24:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Extensions [2012/11/07 04:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions [2012/11/07 04:26:36 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} [2013/05/31 13:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions [2012/12/05 17:27:02 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\MOMO\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.ca/ CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Momo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: AdobeExManDetect (Enabled) = E:\User\Momo\Applications\Photoshop\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll CHR - plugin: VLC Web Plugin (Enabled) = E:\User\Momo\Applications\VLC\npvlc.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - Extension: Google Drive = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: SiteAdvisor = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: AdBlock = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0\ CHR - Extension: Wolfram|Alpha (Official) = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\ CHR - Extension: Forum Enhancer Kit = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejafjpfgdljeoclgemlojoeobgaaphm\0.945_0\ CHR - Extension: IDM Integration = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\ CHR - Extension: Auto Replay for YouTube = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.26_0\ CHR - Extension: Skype Click to Call = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\ CHR - Extension: Starcraft Zeratul (1920x1080) = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiliimjcohmpahgcbgapaaomloheicd\1.0.1_0\ CHR - Extension: Contract Killer = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\meklndaflopgghbomkdpofehonfclipi\1.1.3_0\ CHR - Extension: Gmail = C:\Users\MOMO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/06/30 13:32:05 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\User\Momo\Applications\IDM\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Java\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Zoomex) - {B50DCC8E-967D-5B39-6447-E16D9DB46A80} - C:\ProgramData\Zoomex\5103e418938e6.dll File not found O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Java\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [agentantidote.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe (Druide informatique inc.) O4 - HKLM..\Run: [agentantidote64.exe] C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe (Druide informatique inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-200 Series" File not found O4 - HKCU..\Run: [Facebook Update] C:\Users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Hyperdesktop] C:\Users\MOMO\AppData\Roaming\Hyperdesktop\hyperdesktop.exe (Hyperdesktop) O4 - HKCU..\Run: [iDMan] E:\User\Momo\Applications\IDM\Internet Download Manager\IDMan.exe (Tonec Inc.) O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\Windows\SysWOW64\MPG4ds32.ax (Microcrap Corporation) O4 - Startup: C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = E:\User\Momo\Applications\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm () O8:64bit: - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download all links with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download with IDM - E:\User\Momo\Applications\IDM\Internet Download Manager\IEExt.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Reg Error: Key error.) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (Reg Error: Key error.) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BD7B32-C893-4568-ABC4-B1FF79520193}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5377C36-6D2E-470B-B00C-A9F13F6A5A10}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/06/30 23:03:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe [2013/06/30 16:13:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/06/30 13:33:21 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/06/30 13:27:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/06/30 13:27:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/06/30 13:27:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/06/30 13:27:39 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/06/30 13:27:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/06/30 13:26:49 | 005,084,517 | R--- | C] (Swearware) -- E:\User\Momo\Desktop\ComboFix.exe [2013/06/29 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\WSHelper [2013/06/29 12:33:11 | 000,000,000 | ---D | C] -- C:\Users\Momo\Doctor Web [2013/06/29 12:17:51 | 087,316,752 | ---- | C] (Microsoft Corporation) -- E:\User\Momo\Desktop\msert.exe [2013/06/29 10:52:23 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\RK_Quarantine [2013/06/29 10:48:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- E:\User\Momo\Desktop\tdsskiller.exe [2013/06/29 10:34:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/06/29 10:32:55 | 000,000,000 | ---D | C] -- C:\JRT [2013/06/29 10:32:09 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- E:\User\Momo\Desktop\JRT.exe [2013/06/29 10:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013/06/29 10:26:10 | 000,791,393 | ---- | C] (Lars Hederer ) -- E:\User\Momo\Desktop\erunt-setup.exe [2013/06/29 10:25:31 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\Old Firefox Data [2013/06/29 02:16:30 | 000,509,440 | ---- | C] (Tech Support Guy System) -- E:\User\Momo\Desktop\SysInfo.exe [2013/06/28 22:06:22 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\New folder (2) [2013/06/28 13:18:54 | 000,688,992 | R--- | C] (Swearware) -- E:\User\Momo\Desktop\dds.com [2013/06/28 12:39:03 | 000,578,640 | ---- | C] (McAfee, Inc.) -- E:\User\Momo\Desktop\MVTInstaller.exe [2013/06/28 12:39:01 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- E:\User\Momo\Desktop\HijackThis.exe [2013/06/28 00:11:04 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\Mad Father [2013/06/25 16:44:22 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\McAfee [2013/06/25 16:41:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/06/17 15:54:09 | 001,092,512 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/06/17 15:54:09 | 000,971,680 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013/06/17 15:54:09 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013/06/17 15:54:07 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013/06/17 15:54:07 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013/06/17 15:54:07 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013/06/17 01:17:26 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013/06/16 23:46:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013/06/16 23:46:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/06/16 23:46:24 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/06/16 23:46:24 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/06/16 23:46:22 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/06/16 23:46:22 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/06/16 23:46:20 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/06/16 23:19:54 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft [2013/06/16 23:19:28 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\.minecraft [2013/06/15 19:25:29 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Macromedia [2013/06/15 19:24:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/06/12 15:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dumps [2013/06/11 22:01:13 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/06/11 22:01:12 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/06/11 22:01:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013/06/11 22:01:07 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013/06/11 22:00:58 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/06/11 21:53:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/11 21:53:44 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/11 21:50:13 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/06/11 21:50:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/06/11 21:50:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013/06/11 21:50:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/06/11 21:50:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/06/11 21:50:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/06/11 21:50:13 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/06/11 21:50:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/06/11 21:50:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/06/11 21:50:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/06/11 21:50:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/06/11 21:50:12 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/06/11 21:50:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/06/11 21:48:56 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/06/11 21:48:56 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/06/11 21:48:49 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/06/11 21:48:49 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/06/11 21:48:49 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/06/11 21:48:48 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/06/11 21:48:48 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013/06/11 21:48:48 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013/06/10 09:51:32 | 000,000,000 | ---D | C] -- E:\User\Momo\Desktop\Witches [2013/06/08 01:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/06/08 01:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/06/06 19:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¡¶300Ó¢ÐÛ¡· [2013/06/06 13:53:29 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\FLT [2013/06/05 23:46:27 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\ElevatedDiagnostics [2013/06/05 23:37:46 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Malwarebytes [2013/06/05 23:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/06/05 23:37:39 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/06/05 23:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/06/05 23:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/06/05 18:38:52 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hentai Sim Brothel Rebirth [2013/06/05 10:11:08 | 000,000,000 | R--D | C] -- E:\User\Momo\Documents\Scanned Documents [2013/06/05 10:11:08 | 000,000,000 | ---D | C] -- E:\User\Momo\Documents\Fax [2013/06/05 01:20:25 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Roaming\RenPy [2013/06/04 01:17:29 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2013/06/04 01:17:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com [2013/06/04 01:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee [2013/06/04 01:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com [2013/06/04 01:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee [2013/06/04 01:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee [2013/06/04 01:03:36 | 000,182,752 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe [2013/06/04 01:03:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2013/06/04 01:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/06/04 01:02:31 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\Mozilla [2013/06/04 01:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/06/02 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\Momo\AppData\Local\NVIDIA Corporation [2013/06/01 15:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2 E:\User\Momo\Desktop\*.tmp files -> E:\User\Momo\Desktop\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/30 23:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/30 23:06:17 | 000,890,988 | ---- | M] () -- E:\User\Momo\Desktop\SecurityCheck.exe [2013/06/30 23:03:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\User\Momo\Desktop\OTL.exe [2013/06/30 22:18:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/06/30 21:58:15 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000UA.job [2013/06/30 21:18:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/06/30 20:32:02 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2013/06/30 14:47:18 | 000,000,985 | ---- | M] () -- E:\User\Momo\Desktop\Game.exe - Shortcut.lnk [2013/06/30 13:32:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/06/30 13:26:49 | 005,084,517 | R--- | M] (Swearware) -- E:\User\Momo\Desktop\ComboFix.exe [2013/06/30 09:51:55 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/30 09:51:55 | 000,024,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/30 09:49:43 | 000,781,122 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/06/30 09:49:43 | 000,665,586 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/06/30 09:49:43 | 000,125,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/06/30 09:44:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/30 09:44:44 | 2103,492,607 | -HS- | M] () -- C:\hiberfil.sys [2013/06/29 22:31:52 | 000,022,177 | ---- | M] () -- E:\User\Momo\Desktop\Grumpy-Cat.jpg [2013/06/29 12:32:44 | 123,015,224 | ---- | M] () -- E:\User\Momo\Desktop\drweb-cureit.exe [2013/06/29 12:17:51 | 087,316,752 | ---- | M] (Microsoft Corporation) -- E:\User\Momo\Desktop\msert.exe [2013/06/29 10:52:02 | 000,912,384 | ---- | M] () -- E:\User\Momo\Desktop\RogueKiller.exe [2013/06/29 10:48:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- E:\User\Momo\Desktop\tdsskiller.exe [2013/06/29 10:41:42 | 000,000,085 | ---- | M] () -- E:\User\Momo\Desktop\TDSSKiller.url [2013/06/29 10:32:09 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- E:\User\Momo\Desktop\JRT.exe [2013/06/29 10:27:34 | 000,000,927 | ---- | M] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2013/06/29 10:25:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- E:\User\Momo\Desktop\erunt-setup.exe [2013/06/29 02:16:28 | 000,509,440 | ---- | M] (Tech Support Guy System) -- E:\User\Momo\Desktop\SysInfo.exe [2013/06/29 01:16:05 | 000,377,856 | ---- | M] () -- E:\User\Momo\Desktop\zgb0sdjh.exe [2013/06/29 01:14:00 | 000,377,856 | ---- | M] () -- E:\User\Momo\Desktop\iwk3s2yn.exe [2013/06/29 00:58:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000Core.job [2013/06/28 23:47:26 | 000,091,010 | ---- | M] () -- E:\User\Momo\Desktop\iNagato.jpg [2013/06/28 23:47:18 | 003,489,426 | ---- | M] () -- E:\User\Momo\Desktop\iNagato.psd [2013/06/28 23:36:40 | 000,319,914 | ---- | M] () -- E:\User\Momo\Desktop\deva-pain-pein-master-32420641-716-716.png [2013/06/28 23:36:12 | 000,043,849 | ---- | M] () -- E:\User\Momo\Desktop\1000532_10151760187203933_1654773174_n.jpg [2013/06/28 13:19:07 | 000,688,992 | R--- | M] (Swearware) -- E:\User\Momo\Desktop\dds.com [2013/06/28 11:58:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- E:\User\Momo\Desktop\HijackThis.exe [2013/06/28 10:03:47 | 000,001,287 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013/06/28 10:03:47 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2013/06/28 10:02:33 | 001,582,608 | ---- | M] () -- E:\User\Momo\Desktop\LOLReplay-0.8.2.1.exe [2013/06/27 23:46:23 | 000,043,536 | ---- | M] () -- E:\User\Momo\Desktop\cath.png [2013/06/27 23:38:20 | 000,089,393 | ---- | M] () -- E:\User\Momo\Desktop\560181_597638953581172_2128317259_n.jpg [2013/06/26 19:28:12 | 000,051,436 | ---- | M] () -- E:\User\Momo\Desktop\FOURTH TO SEVENTH JULY.jpg [2013/06/25 16:43:19 | 000,578,640 | ---- | M] (McAfee, Inc.) -- E:\User\Momo\Desktop\MVTInstaller.exe [2013/06/24 10:33:31 | 000,000,817 | ---- | M] () -- E:\User\Momo\Desktop\Hyperdesktop.lnk [2013/06/17 15:54:05 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013/06/17 15:54:05 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013/06/17 15:54:05 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013/06/17 15:54:05 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013/06/17 15:54:05 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013/06/17 15:54:05 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013/06/17 15:54:05 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013/06/17 15:54:05 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013/06/17 01:05:47 | 000,858,138 | ---- | M] () -- E:\User\Momo\Desktop\HAHAHA.jpg [2013/06/17 01:04:59 | 000,680,062 | ---- | M] () -- E:\User\Momo\Desktop\1371444594923.jpg [2013/06/16 23:46:20 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013/06/16 23:46:20 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013/06/16 23:46:20 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013/06/15 19:35:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/15 19:35:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/06/10 21:37:57 | 000,335,618 | ---- | M] () -- E:\User\Momo\Desktop\supports.jpg [2013/06/08 10:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/06/05 23:37:40 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/03 16:42:14 | 000,510,481 | ---- | M] () -- E:\User\Momo\Desktop\DEFAULT.jpg [2013/06/01 03:52:07 | 000,921,624 | ---- | M] () -- C:\img2-001.raw [2013/06/01 01:05:55 | 000,000,132 | ---- | M] () -- C:\Users\Momo\AppData\Roaming\Adobe GIF Format CS6 Prefs [2 E:\User\Momo\Desktop\*.tmp files -> E:\User\Momo\Desktop\*.tmp -> ] [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/30 23:06:17 | 000,890,988 | ---- | C] () -- E:\User\Momo\Desktop\SecurityCheck.exe [2013/06/30 14:47:18 | 000,000,985 | ---- | C] () -- E:\User\Momo\Desktop\Game.exe - Shortcut.lnk [2013/06/30 13:27:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/06/30 13:27:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/06/30 13:27:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/06/30 13:27:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/06/30 13:27:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/06/29 22:31:52 | 000,022,177 | ---- | C] () -- E:\User\Momo\Desktop\Grumpy-Cat.jpg [2013/06/29 12:32:44 | 123,015,224 | ---- | C] () -- E:\User\Momo\Desktop\drweb-cureit.exe [2013/06/29 10:52:02 | 000,912,384 | ---- | C] () -- E:\User\Momo\Desktop\RogueKiller.exe [2013/06/29 10:41:42 | 000,000,085 | ---- | C] () -- E:\User\Momo\Desktop\TDSSKiller.url [2013/06/29 10:27:34 | 000,000,927 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2013/06/29 01:16:18 | 000,377,856 | ---- | C] () -- E:\User\Momo\Desktop\zgb0sdjh.exe [2013/06/29 01:14:12 | 000,377,856 | ---- | C] () -- E:\User\Momo\Desktop\iwk3s2yn.exe [2013/06/28 23:47:24 | 000,091,010 | ---- | C] () -- E:\User\Momo\Desktop\iNagato.jpg [2013/06/28 23:47:14 | 003,489,426 | ---- | C] () -- E:\User\Momo\Desktop\iNagato.psd [2013/06/28 23:36:40 | 000,319,914 | ---- | C] () -- E:\User\Momo\Desktop\deva-pain-pein-master-32420641-716-716.png [2013/06/28 23:36:12 | 000,043,849 | ---- | C] () -- E:\User\Momo\Desktop\1000532_10151760187203933_1654773174_n.jpg [2013/06/28 12:39:11 | 001,582,608 | ---- | C] () -- E:\User\Momo\Desktop\LOLReplay-0.8.2.1.exe [2013/06/27 23:46:23 | 000,043,536 | ---- | C] () -- E:\User\Momo\Desktop\cath.png [2013/06/27 23:38:20 | 000,089,393 | ---- | C] () -- E:\User\Momo\Desktop\560181_597638953581172_2128317259_n.jpg [2013/06/26 19:28:12 | 000,051,436 | ---- | C] () -- E:\User\Momo\Desktop\FOURTH TO SEVENTH JULY.jpg [2013/06/24 10:33:31 | 000,000,817 | ---- | C] () -- E:\User\Momo\Desktop\Hyperdesktop.lnk [2013/06/22 00:25:08 | 000,002,259 | ---- | C] () -- E:\User\Momo\Desktop\Wondershare MobileGo for Android.lnk [2013/06/17 01:05:47 | 000,858,138 | ---- | C] () -- E:\User\Momo\Desktop\HAHAHA.jpg [2013/06/17 01:04:59 | 000,680,062 | ---- | C] () -- E:\User\Momo\Desktop\1371444594923.jpg [2013/06/15 19:24:18 | 000,000,611 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/06/10 21:37:57 | 000,335,618 | ---- | C] () -- E:\User\Momo\Desktop\supports.jpg [2013/06/05 23:37:40 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/06/04 01:17:49 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk [2013/06/04 01:17:28 | 000,002,951 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf [2013/06/04 01:17:28 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf [2013/06/03 16:42:14 | 000,510,481 | ---- | C] () -- E:\User\Momo\Desktop\DEFAULT.jpg [2013/06/01 01:04:07 | 000,000,132 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Adobe GIF Format CS6 Prefs [2013/05/04 19:46:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat [2013/04/10 16:28:45 | 000,000,088 | ---- | C] () -- C:\Windows\Antidote7.ini [2013/02/23 15:55:17 | 000,000,132 | ---- | C] () -- C:\Users\Momo\AppData\Roaming\Adobe PNG Format CS6 Prefs [2013/01/19 14:45:31 | 000,007,168 | ---- | C] () -- C:\Users\Momo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/16 00:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2013/01/06 19:24:03 | 000,000,271 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012/12/29 17:04:53 | 000,000,079 | ---- | C] () -- C:\Windows\XP200.ini [2012/11/29 03:30:39 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012/11/29 03:30:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012/11/25 11:20:56 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012/11/22 13:33:49 | 000,007,600 | ---- | C] () -- C:\Users\Momo\AppData\Local\resmon.resmoncfg [2012/11/07 04:30:59 | 000,766,590 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/07 10:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll [2012/01/07 10:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll [2012/01/07 10:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll [2012/01/07 10:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll [2012/01/07 10:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll [2012/01/07 10:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll [2011/12/19 02:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011/12/19 02:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/06/29 17:29:16 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\.minecraft [2012/11/12 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\AnvSoft [2013/06/04 01:10:47 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Bell [2013/01/02 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Cool Record Edit Pro [2013/06/30 22:56:18 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\DMCache [2013/06/25 23:29:32 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Dropbox [2013/04/10 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Druide [2012/12/30 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Epson [2013/01/07 19:07:40 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Evaer [2012/12/25 15:42:42 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Free Sound Recorder [2012/12/28 01:41:37 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Hyperdesktop [2013/05/20 00:48:56 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\IDM [2012/12/30 09:27:10 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Leader Technologies [2012/12/29 17:36:29 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Leadertech [2012/11/07 04:14:48 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\LolClient [2013/04/04 23:19:55 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\MediaMonkey [2012/12/11 21:58:46 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\MP3SkypeRecorder [2012/12/20 22:06:20 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Origin [2013/04/01 02:46:40 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\PDAppFlex [2012/11/12 01:54:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Publish Providers [2013/06/06 16:47:39 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\RenPy [2013/05/04 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Screaming Bee [2012/11/12 01:46:30 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Sony [2012/11/14 00:54:38 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Sony Creative Software Inc [2013/04/17 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013/03/30 16:49:19 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\TS3Client [2013/06/28 13:26:49 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\uTorrent [2012/12/18 23:36:57 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Windows Live Writer [2013/02/28 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Momo\AppData\Roaming\Wondershare ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report >
- July 6, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

I was already told to do both these tests previously, then I was able to get a "better" support from malware so I focused on this, and told the the other website that I'd just rather get it from here as I think Malwarebytes' more trustable..This test is dated of about a week old. OTL Extras logfile created on: 30/06/2013 11:09:25 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = E:\User\Momo\Desktop64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16614)Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 7.95 Gb Total Physical Memory | 5.10 Gb Available Physical Memory | 64.18% Memory free15.89 Gb Paging File | 13.10 Gb Available in Paging File | 82.45% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 111.79 Gb Total Space | 17.47 Gb Free Space | 15.63% Space Free | Partition Type: NTFSDrive E: | 465.66 Gb Total Space | 207.66 Gb Free Space | 44.59% Space Free | Partition Type: NTFSDrive F: | 931.51 Gb Total Space | 651.17 Gb Free Space | 69.90% Space Free | Partition Type: NTFS Computer Name: MOMO-PC | User Name: Momo | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "E:\User\Momo\Applications\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [bridge] -- E:\User\Momo\Applications\Photoshop\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "E:\User\Momo\Applications\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "E:\User\Momo\Applications\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [bridge] -- E:\User\Momo\Applications\Photoshop\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "E:\User\Momo\Applications\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0ED20DB8-ACAF-47C2-BC4A-3E5016ADA5AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3589ED12-9CCB-4613-8696-1CA47F919B18}" = lport=445 | protocol=6 | dir=in | app=system | "{4FF38923-2A41-46CD-AEA6-5444628A3CD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5B72F25F-1C11-460F-9081-2FF28C6D4544}" = rport=139 | protocol=6 | dir=out | app=system | "{6F66DD7E-20FD-4E93-BA8F-051F02C4AFB5}" = lport=138 | protocol=17 | dir=in | app=system | "{B8042684-B162-4F15-AE1A-F43D2B755AB2}" = rport=137 | protocol=17 | dir=out | app=system | "{CFA29094-140A-49E1-A01B-CCB88B4CE339}" = lport=139 | protocol=6 | dir=in | app=system | "{D1D6779D-ED1D-4282-846B-DB06095A06FD}" = rport=138 | protocol=17 | dir=out | app=system | "{D1E88853-E5F0-452D-B9A7-209EC210CE15}" = rport=445 | protocol=6 | dir=out | app=system | "{F6F67ECB-1634-490E-B46B-BB0647966796}" = lport=137 | protocol=17 | dir=in | app=system | "{F7F12776-F658-4B8E-8D63-BF0B14982786}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FB2C8F02-4D14-454E-B3AD-6BC4814EA4EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{097DF2DA-EA89-4D92-92DF-8A05B29B7FC9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0CB3EE89-697E-47EC-98A6-1D098D3DF37E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2FCA2436-7C1C-4EAC-8B54-F4AB7E0AB5E4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{32B9632A-C5E8-4B19-A9D4-EC64A45B7286}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{3F586533-33E7-4656-B477-EAE68F2A9F82}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{607CE30D-FF11-4B46-BA32-BAAB8274C0DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{70DEDC60-1F26-4F2D-920B-A9177BBF2223}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{812883BC-6457-4947-A038-AA0BD245EAC1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{894A6006-9F3E-452E-9D71-B5BFAD020A85}" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe | "{8BE9DD34-E528-473E-9670-CBC389F60948}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "{A5AB9347-C598-40D4-B034-F63D6754C00D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{AC3A1EAC-957C-4692-8B3D-A50BB14ACB8A}" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe | "{E141B189-24A4-41EB-ABA0-37581AA38D0F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E2D3CDB8-5E34-4D38-B2B3-E5C1528C2191}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{F0294A97-68AC-4198-A6CF-ADB76896D8FE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{030401E7-DC2D-48C9-92EA-FE736A89FE6B}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe | "TCP Query User{A20B350B-8360-4F71-BB8B-7AAC69113B16}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{EDDE8F2C-DCF5-44B6-BC04-FB1714C7FB83}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{0B62323B-0E5F-4990-A11E-4A10E1B32B44}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "UDP Query User{EAB6D912-2971-47D0-8598-CC050FFF33B0}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe | "UDP Query User{F7539E69-D466-4AC7-9BCF-A8DD57AA19B5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation"{A7500970-FE98-11E1-B560-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)"{AB085680-FE98-11E1-A232-F04DA23A5C58}" = MSVCRT Redists"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant"{CF628852-7D98-4A99-A872-35BA1481AAA4}" = ZoomEx"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter"CCleaner" = CCleaner"EPSON XP-200 Series" = EPSON XP-200 Series Printer Uninstall"Logitech Gaming Software" = Logitech Gaming Software 8.46"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"NVIDIA Drivers" = NVIDIA Drivers"Speccy" = Speccy"TeamSpeak 3 Client" = TeamSpeak 3 Client"WinRAR archiver" = WinRAR 4.20 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01011662-76A8-41E8-B1A8-4F8821570AC5}" = Advanced Archive Password Recovery"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack"{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo for Android ( Version 2.1.5 )"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5"{53820F89-063F-10D7-7457-06C201F4CBF0}" = "{56CDB4FE-895F-4E0D-8BB4-9A8D4310898D}" = Antidote HD"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform"{6F985E79-2AAA-48A4-B9A4-4953B5D95D90}_is1" = ¡¶300Ó¢ÐÛ¡· °æ±¾ 0.2.0"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6"{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = Dynasty Warriors 6"{76217071-6575-44C3-8321-1D7D4D237136}" = RPS RpsCore"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90B059DF-F542-4E88-BCBD-0F1DBCF426D1}" = RPS CRT"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger"{FA8482C9-3907-478E-92A1-7D3293D2864C}" = Starbank"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Battlelog Web Plugins" = Battlelog Web Plugins"Binary Domain_is1" = Binary Domain"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager"Darksiders II_is1" = Darksiders II"Dishonored_is1" = Dishonored"DMC Devi May Cry © Capcom_is1" = DMC Devi May Cry © Capcom version 1"Dust: An Elysian Tail_is1" = Dust: An Elysian Tail"EPSON Scanner" = EPSON Scan"ERUNT_is1" = ERUNT 1.1j"ESN Sonar-0.70.4" = ESN Sonar"Fraps" = Fraps (remove only)"Game Booster_is1" = Game Booster 3"Google Chrome" = Google Chrome"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor"Internet Download Manager" = Internet Download Manager"Inversion_is1" = Inversion"LOLReplay" = LOLReplay"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"McAfee Virtual Technician" = McAfee Virtual Technician"Metro Last Light_is1" = Metro Last Light"Minecraft1.5.2" = Minecraft1.5.2"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"MSC" = McAfee Internet Security"Need for Speed Most Wanted_is1" = Need for Speed Most Wanted"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"Office14.PROPLUS" = Microsoft Office Professional Plus 2010"Origin" = Origin"R1JJRDI=_is1" = GRID 2 © Codemasters version 1"Remember Me_is1" = Remember Me"RPG Maker VX RTP_is1" = RPG Maker VX RTP"Scribblenauts Unlimited_is1" = Scribblenauts Unlimited"SP_5dec30d7" = "Spec Ops The Line_is1" = Spec Ops The Line"StarCraft II" = StarCraft II"Syndicate_is1" = Syndicate"Uplay" = Uplay"VLC media player" = VLC media player 2.0.6"WinLiveSuite" = Windows Live Essentials"xvid" = Xvid MPEG-4 Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper"Dropbox" = Dropbox"InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}" = DYNASTY WARRIORS 6"SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 29/06/2013 12:46:42 PM | Computer Name = Momo-PC | Source = WinMgmt | ID = 10Description = Error - 29/06/2013 12:57:19 PM | Computer Name = Momo-PC | Source = ESENT | ID = 489Description = taskhost (5100) An attempt to open the file "C:\Users\Momo\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 29/06/2013 12:57:44 PM | Computer Name = Momo-PC | Source = Application Error | ID = 1000Error - 30/06/2013 12:50:24 AM | Computer Name = Momo-PC | Source = AVLogEvent | ID = 5003 Description = McShield encountered error while stopping.Error Code:a7f40610Error - 30/06/2013 9:46:03 AM | Computer Name = Momo-PC | Source = Application Error | ID = 1000 Error - 30/06/2013 9:46:41 AM | Computer Name = Momo-PC | Source = WinMgmt | ID = 10Description = Error - 30/06/2013 4:10:12 PM | Computer Name = Momo-PC | Source = Application Error | ID = 1000Error - 30/06/2013 6:21:50 PM | Computer Name = Momo-PC | Source = Application Error | ID = 1000 Error - 30/06/2013 6:26:24 PM | Computer Name = Momo-PC | Source = Application Error | ID = 1000Error - 30/06/2013 7:00:15 PM | Computer Name = Momo-PC | Source = Windows Backup | ID = 4100 Description = Error - 30/06/2013 8:29:43 PM | Computer Name = Momo-PC | Source = Application Error | ID = 1000 [ System Events ]Error - 30/06/2013 9:46:52 AM | Computer Name = Momo-PC | Source = Service Control Manager | ID = 7038Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 30/06/2013 9:46:52 AM | Computer Name = Momo-PC | Source = Service Control Manager | ID = 7000Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error - 30/06/2013 1:27:34 PM | Computer Name = Momo-PC | Source = Service Control Manager | ID = 7034Description = The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). Error - 30/06/2013 1:29:56 PM | Computer Name = Momo-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 30/06/2013 1:31:49 PM | Computer Name = Momo-PC | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 30/06/2013 1:32:07 PM | Computer Name = Momo-PC | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 30/06/2013 6:30:36 PM | Computer Name = Momo-PC | Source = Service Control Manager | ID = 7031Description = The McAfee Platform Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 30/06/2013 6:30:41 PM | Computer Name = Momo-PC | Source = DCOM | ID = 10010Description = Error - 30/06/2013 6:30:55 PM | Computer Name = Momo-PC | Source = DCOM | ID = 10010Description = Error - 30/06/2013 6:31:36 PM | Computer Name = Momo-PC | Source = Service Control Manager | ID = 7032Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Platform Services service, but this action failed with the following error: %%1056 < End of report >
- July 6, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Negative. Issues are still present. ...
- July 6, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Here's the log cureit.log
- July 5, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Nothing was deleted or cured
- July 5, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

ummm.... There aren't any on C: and there also aren't any on System Memory, Hidden Startup, Disk boot, Documents, email, computer. should I try with E: & F: ?
- July 4, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Safe ones: Voice changer for skype (not needed tho) Wondershare Prayers Gadget rest are unknown to me, or not needed and may be the core of some problems. C:\Program Files (x86)\Deal Spy\Deal Spy-bg.exe probably a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined C:\Program Files (x86)\Deal Spy\Deal Spy.exe probably a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined E:\User\Momo\Documents\Wondershare\MobileGo\Backup\LG -P930_20121221122638\com.feelingtouch.gunzombie.apk a variant of Android/Adware.Youmi.B application deleted - quarantined F:\User\Momo\Downloads\FLVPlayerSetup-5t7ZMzW.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined F:\User\Momo\Downloads\Photocensoredet0276_Installer.zip.exe Win32/InstalleRex.J application cleaned by deleting - quarantined F:\User\Momo\Downloads\PhotocensoredetSetup0-0-9-1.exe.exe Win32/InstalleRex.J application cleaned by deleting - quarantined F:\User\Momo\Downloads\Programs\cbsidlm-tr1_13-Prayers_Gadget-ORG-75608970.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined F:\User\Momo\Downloads\Programs\cbsidlm-tr1_13-Voice_Changer_for_Skype-ORG-75740146.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined F:\User\Momo\Downloads\Programs\cpu-z_1.62-setup-en.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined F:\User\Momo\Downloads\Programs\SoftonicDownloader_for_free-sound-recorder.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined F:\User\Momo\Downloads\Programs\YTDSetup.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned by deleting - quarantined
- July 2, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

Yesterday, it got stuck at 99.9% for 3hours. 3 threads were found 1 was a Trojan. I went out afterwards, when I came back - my brother said it there was a popup then it crashed. I started another scan and I will update you once I see the popup.
- July 2, 2013
- 52 replies
Suspected Hijack, Chrome freezes, streams don't work and few websites don't work

Shogun replied to Shogun's topic in Resolved Malware Removal Logs

ComboFix 13-06-30.01 - Momo 30/06/2013 13:28:23.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.8136.5737 [GMT -4:00] Running from: e:\user\Momo\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\users\Momo\AppData\Roaming\Momolog.dat c:\users\Public\sdelevURL.tmp c:\windows\SysWow64\frapsvid.dll c:\windows\SysWow64\logs c:\windows\SysWow64\logs\Game - R3d Logs\2013-06-18T19-19-57_r3dlog.txt . . ((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-30 ))))))))))))))))))))))))))))))) . . 2013-06-30 17:32 . 2013-06-30 17:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-06-30 17:32 . 2013-06-30 17:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-29 16:57 . 2013-06-29 16:57 -------- d-----w- c:\users\Momo\AppData\Local\WSHelper 2013-06-29 16:33 . 2013-06-29 16:33 -------- d-----w- c:\users\Momo\Doctor Web 2013-06-29 14:34 . 2013-06-29 14:34 -------- d-----w- c:\windows\ERUNT 2013-06-29 14:32 . 2013-06-29 14:33 -------- d-----w- C:\JRT 2013-06-25 20:44 . 2013-06-25 20:44 -------- d-----w- c:\users\Momo\AppData\Roaming\McAfee 2013-06-21 15:34 . 2013-06-21 15:34 0 ----a-w- c:\windows\SysWow64\RENE149.tmp 2013-06-17 03:19 . 2013-06-29 21:29 -------- d-----w- c:\users\Momo\AppData\Roaming\.minecraft 2013-06-15 23:25 . 2013-06-15 23:25 -------- d-----w- c:\users\Momo\AppData\Local\Macromedia 2013-06-15 23:24 . 2013-06-15 23:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-06-12 19:57 . 2013-06-12 19:57 -------- d-----w- c:\program files (x86)\dumps 2013-06-12 02:01 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll 2013-06-12 02:01 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2013-06-12 02:01 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-06-12 02:01 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-06-12 02:00 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-12 02:00 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-12 01:50 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll 2013-06-12 01:48 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-12 01:48 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-12 01:48 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-12 01:48 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-06-12 01:48 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-06-12 01:48 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-06-12 01:48 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-06-12 01:48 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-06-12 01:48 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-06-12 01:48 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-06-12 01:48 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-06-12 01:48 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-06-12 01:48 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-06-08 05:32 . 2013-06-08 05:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-08 05:32 . 2013-06-08 05:32 -------- d-----w- c:\program files\iTunes 2013-06-08 05:32 . 2013-06-08 05:32 -------- d-----w- c:\program files (x86)\iTunes 2013-06-08 05:32 . 2013-06-08 05:32 -------- d-----w- c:\program files\iPod 2013-06-06 17:53 . 2013-06-06 17:53 -------- d-----w- c:\users\Momo\AppData\Local\FLT 2013-06-06 03:46 . 2013-06-06 03:46 -------- d-----w- c:\users\Momo\AppData\Local\ElevatedDiagnostics 2013-06-06 03:37 . 2013-06-06 03:37 -------- d-----w- c:\users\Momo\AppData\Roaming\Malwarebytes 2013-06-06 03:37 . 2013-06-06 03:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-06 03:37 . 2013-06-06 03:37 -------- d-----w- c:\programdata\Malwarebytes 2013-06-06 03:37 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-05 05:20 . 2013-06-06 20:47 -------- d-----w- c:\users\Momo\AppData\Roaming\RenPy 2013-06-04 05:17 . 2012-05-28 14:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2013-06-04 05:17 . 2013-06-04 05:17 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2013-06-04 05:17 . 2013-06-04 05:17 -------- d-----w- c:\program files\McAfee 2013-06-04 05:17 . 2013-06-26 10:15 -------- d-----w- c:\program files (x86)\McAfee 2013-06-04 05:03 . 2013-04-03 17:34 182752 ----a-w- c:\windows\system32\mfevtps.exe 2013-06-04 05:03 . 2013-06-04 05:17 -------- d-----w- c:\program files\Common Files\McAfee 2013-06-04 05:03 . 2013-06-25 20:43 -------- d-----w- c:\programdata\McAfee 2013-06-04 05:02 . 2013-06-04 05:02 -------- d-----w- c:\users\Momo\AppData\Local\Mozilla 2013-06-03 03:04 . 2013-06-03 03:07 -------- d-----w- c:\users\Momo\AppData\Local\NVIDIA Corporation 2013-06-01 19:10 . 2013-06-01 19:10 -------- d-----w- c:\programdata\Codemasters . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-15 23:35 . 2012-11-13 00:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-15 23:35 . 2012-11-13 00:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-12 01:50 . 2012-11-07 16:41 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-13 06:37 . 2013-05-31 14:20 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5004F7F4-1096-4179-A346-D9D11942D4A8}\mpengine.dll 2013-05-07 22:18 . 2012-12-28 08:14 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-15 19:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 19:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 19:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 19:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 19:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 19:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 15:12 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-15 19:55 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-15 19:55 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-15 19:55 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-04-03 17:37 . 2013-04-03 17:37 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys 2013-04-03 17:34 . 2013-04-03 17:34 342416 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2013-04-03 17:33 . 2012-12-26 13:50 772944 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2013-04-03 17:32 . 2013-04-03 17:32 516608 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2013-04-03 17:31 . 2013-04-03 17:31 309968 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2013-04-03 17:31 . 2012-12-26 13:48 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-28 08:13 220632 ----a-w- c:\users\Momo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-28 08:13 220632 ----a-w- c:\users\Momo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-28 08:13 220632 ----a-w- c:\users\Momo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 130736 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="e:\user\Momo\Applications\IDM\Internet Download Manager\IDMan.exe" [2012-11-08 3540416] "Hyperdesktop"="c:\users\Momo\AppData\Roaming\Hyperdesktop\hyperdesktop.exe" [2013-06-24 316000] "Facebook Update"="c:\users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-19 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19636840] "EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIEE.EXE" [2012-02-29 283232] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "agentantidote.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe" [2012-02-23 943168] "agentantidote64.exe"="c:\program files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe" [2012-02-23 77888] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Momo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - e:\user\Momo\Applications\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ LOLRecorder.lnk - e:\user\Momo\Applications\League of Legends Replay\LOLReplay\LOLRecorder.exe -minimize [2013-5-27 526336] MobileGo Service.lnk - c:\program files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe [2012-11-11 98704] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 androidusb;Google Device Driver;c:\windows\system32\Drivers\wsadb.sys;c:\windows\SYSNATIVE\Drivers\wsadb.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x] R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys;c:\windows\SYSNATIVE\DRIVERS\pneteth.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x] S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] S2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x] S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x] S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 t_mouse.sys;HID-compliand device;c:\windows\system32\DRIVERS\t_mouse.sys;c:\windows\SYSNATIVE\DRIVERS\t_mouse.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-27 00:27 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-13 23:35] . 2013-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000Core.job - c:\users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-19 05:53] . 2013-06-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2117279006-2250545515-668574822-1000UA.job - c:\users\Momo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-19 05:53] . 2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 16:03] . 2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-07 16:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-12-28 08:13 244696 ----a-w- c:\users\Momo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-12-28 08:13 244696 ----a-w- c:\users\Momo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-12-28 08:13 244696 ----a-w- c:\users\Momo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-05-25 00:36 164016 ----a-w- c:\users\Momo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ------w- e:\user\Momo\Applications\IDM\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-04-24 7477016] "MouseDriver"="TiltWheelMouse.exe" [2012-12-19 241152] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Download all links with IDM - e:\user\Momo\Applications\IDM\Internet Download Manager\IEGetAll.htm IE: Download with IDM - e:\user\Momo\Applications\IDM\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\h5sy0scq.default-1372515929771\ FF - ExtSQL: 2013-06-20 17:06; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; f:\mozilla\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-06-29 10:06; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) BHO-{B50DCC8E-967D-5B39-6447-E16D9DB46A80} - c:\programdata\Zoomex\5103e418938e6.dll Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKCU-Run-SkypeVoiceChanger - e:\user\Momo\Applications\VoiceMaster\New Folder\SkypeVoiceChanger.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) AddRemove-SP_5dec30d7 - c:\program files (x86)\ZoomEx\uninstall.exe AddRemove-{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1 - c:\program files (x86)\Wondershare\MobileGo for Android\unins000.exe AddRemove-{53820F89-063F-10D7-7457-06C201F4CBF0} - c:\programdata\Zoomex\uninstall.exe AddRemove-{5EED7B3E-8DC6-A4EF-2F32-0E71CA28007A} - c:\progra~3\INSTAL~1\{F40EC~1\Setup.exe AddRemove-{947B0A3C-0D19-3195-9AE6-13D819BC9536} - c:\progra~3\INSTAL~1\{481EF~1\Setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2117279006-2250545515-668574822-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2117279006-2250545515-668574822-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):6d,b8,5d,20,1f,dd,5a,f2,62,31,fc,88,9d,d2,c8,f7,49,4c,90,86,3a, b3,c0,75,8e,86,c6,ee,cc,e5,19,d4,1a,d0,3c,b2,71,d1,9d,89,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-2117279006-2250545515-668574822-1000_Classes\Wow6432Node\CLSID\{a3042a03-ac37-45f7-a206-e89ee5844a28}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000049 "Therad"=dword:00000022 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-30 13:33:19 ComboFix-quarantined-files.txt 2013-06-30 17:33 . Pre-Run: 17,840,353,280 bytes free Post-Run: 19,660,447,744 bytes free . - - End Of File - - FB651D1232E7D727C3F6D1D1BA99ADC3 D41D8CD98F00B204E9800998ECF8427E
- June 30, 2013
- 52 replies

Events

Profiles

Forums

Everything posted by Shogun

Important Information