heybabyzr0

Gringo, I am having one more problem this morning. Twice the computer has frozen and I get a popup saying Dr. Watson has encountered a problem post mortum. The computer then freezes and I must reboot.

Gringo, I have run the cleaners. Thank you for all your help in restoring my computer. Justin

EST Scan results are attached in this post since the last post had html markup. I've no idea why the html showed up in the post. EST.txt

<p>EST Scan Log:</p> <p> </p> <p> </p> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP633\A0203750.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP651\A0206918.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/DownloadAdmin.D application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP656\A0209375.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Toolbar.CrossRider.A application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP656\A0209409.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/OpenInstall application</div> <div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP658\A0209831.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.CrossRider.B application</div> <div> </div>

No issues running any of the programs this time. The computer speed, audio, and video seem to be ok. Boot up time is still very slow but, this is an old computer. The browser I use, Chrome, still looks "different." Yesterday sites using Java would not load or would load very slowly. After following your instruction in the above post, those sites seem to be loading better. MBAM Log: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.06.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Just :: TOSHIBA-USER [administrator] 12/6/2012 2:27:20 AM mbam-log-2012-12-06 (02-27-20).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234501 Time elapsed: 20 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) HiJackThis Log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:29:53 AM, on 12/6/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\PROGRA~1\AVG\AVG2013\avgrsx.exe C:\Program Files\AVG\AVG2013\avgcsrvx.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG2013\avgidsagent.exe C:\Program Files\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\Program Files\AVG\AVG2013\avgnsx.exe C:\Program Files\AVG\AVG2013\avgemcx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\AVG\AVG2013\avgui.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\PdaNet for Android\PdaNetPC.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Just\Desktop\HijackThis.exe C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator') O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 9324 bytes

µTorrent 2350 2350_Help 2350Trb 2Wire Wireless Client 32 Bit HP CIO Components Installer Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Fonts All Adobe Linguistics CS4 Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Reader X (10.1.4) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player 11.6 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AiO_Scan AiOSoftware ALPS Touch Pad Driver Android USB Driver Atheros Client Utility Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AVG 2013 BufferChm C4200 C4200_doccd c4200_Help CD/DVD Drive Acoustic Silencer Connect Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour CustomerResearchQFolder Destination Component DeviceDiscovery DeviceManagementQFolder DivX Setup DocProc DocProcQFolder DocumentViewer DVD-RAM Driver eSupportQFolder Fax FileZilla Client 3.5.3 Free Video to MP3 Converter version 5.0.19.1015 Google Chrome Google Update Helper HiJackThis Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) HP Customer Participation Program 9.0 HP Image Zone 4.7 HP Imaging Device Functions 9.0 HP OCR Software 9.0 HP Photosmart All-In-One Software 9.0 HP Photosmart Essential 2.01 HP Photosmart Essential2.01 HP Product Assistant HP PSC & OfficeJet 4.7 HP Solution Center 9.0 HP Update HPProductAssistant HPSystemDiagnostics InstantShare Java 7 Update 9 Java Auto Updater JDownloader 0.9 kuler Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MFC RunTime files Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Help Viewer 1.0 Microsoft IntelliPoint 6.1 Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Software Update for Web Folders (English) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server Compact 3.5 SP1 Design Tools English Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft SQL Server System CLR Types Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVC80_x86 MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 MSXML 6 Service Pack 2 (KB954459) Mysteryville Notebook Maximizer Notepad++ PanoStandAlone PC Connectivity Solution PdaNet for Android 3.50 PDF Settings CS4 PhotoGallery Photoshop Camera Raw Platform ProductContext PS_AIO_ProductContext PS_AIO_Software PS_AIO_Software_min PSSWCORE QFolder QuickTime RarZilla Free Unrar Readme RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek AC'97 Audio Realtek Fast Ethernet Adapter Driver RealUpgrade 1.1 RegAlyzer Roxio Burn Engine Samsung New PC Studio Scan ScannerCopy Scribus 1.4.1 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB969897) Security Update for Windows XP (KB975713) Segoe UI Sex Sim SkinsHP1 SlimCleaner SolutionCenter Sonic DLA Spybot - Search & Destroy Sql Server Customer Experience Improvement Program Status Suite Shared Configuration CS4 Super Collapse 3 swMSM TBS WMP Plug-in Toolbox TOSHIBA Access TOSHIBA ConfigFree TOSHIBA Console TOSHIBA Fax Extension TOSHIBA Hotkey Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Management Utility Toshiba Registration TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 Toshiba Tbiosdrv Driver Touch and Launch TouchPad On/Off Utility TrayApp Unload UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Word 2007 Help (KB963665) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB982664) Update for Windows XP (KB951978) VC 9.0 Runtime VC80CRTRedist - 8.0.50727.4053 VIA Platform Device Manager VideoToolkit01 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Windows Defender Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Photo Gallery Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows XP Service Pack 3 Wise Disk Cleaner 5.93

I ran the new script in Combo Fix. The program still froze up. I tried twice and gave in 1.5 hours to work but still nothing but a frozen program.

I tried running ComboFix using the script provided twice. Both times the program froze up. I did not click anything with the mouse one the program started and I disabled the antivirus program.

OK, The boot up was a bit faster. The browser in Chrome looks different. Audio and Video are playing back fine. My anti-virus, AVG, popped up saying it detected a threat called ACS.EXE. I did not take any action. Justin ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Service relational stopped successfully! Service relational deleted successfully! File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found. Error: No service named 18059 was found to stop! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\18059 deleted successfully. File globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found not found. Service mnsframework stopped successfully! Service mnsframework deleted successfully! File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found. Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found. Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.selectedEngine C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\skin folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale\en-US folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\lib folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com folder moved successfully. Folder C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode\ not found. C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml moved successfully. C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68 moved successfully. C:\Documents and Settings\All Users\Application Data\ci256wkm68 moved successfully. C:\WINDOWS\Lzugogevu.dat moved successfully. C:\WINDOWS\Bzacujekafiyaci.bin moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Just\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Just\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Default User User: Just ->Java cache emptied: 1505574 bytes User: LocalService User: NetworkService User: Owner Total Java Files Cleaned = 1.00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 760 bytes User: All Users User: Default User User: Just ->Flash cache emptied: 9523 bytes User: LocalService ->Flash cache emptied: 343 bytes User: NetworkService ->Flash cache emptied: 29349 bytes User: Owner Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12012012_151716

Here is the OTL Attachment: OTL.Txt

Don't know why its posting like this

<p> </p> <div>Sorry. I really don't know what happened in my last post.</div> <div>Here is the OTL Report:</div> <div> </div> <div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div> <div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Just\Desktop</div> <div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 8.0.6001.18702)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div> <div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div> <div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users</div> <div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div> <div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\WINDOWS\system32\acs.exe ()</div> <div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>MOD - C:\WINDOWS\system32\acs.exe ()</div> <div> </div> <div> </div> <div>========== Services (SafeList) ==========</div> <div> </div> <div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div> <div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div> <div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div> <div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div> <div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div> <div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div> <div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div> <div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div> <div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div> <div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div> <div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div> <div>DRV - (PCIDump) -- File not found</div> <div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div> <div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div> <div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div> <div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div> <div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div> <div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div> <div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div> <div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div> <div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div> <div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div> <div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div> <div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div> <div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div> <div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div> <div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div> <div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div> <div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div> <div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div> <div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div> <div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div> <div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div> <div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div> <div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div> <div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div> <div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div> <div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div> <div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div> <div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div> <div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div> <div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div> <div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div> <div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div> <div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div> <div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div> <div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div> <div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div> <div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div> <div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div> <div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div> <div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div> <div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div> <div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div> <div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div> <div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div> <div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div> <div> </div> <div> </div> <div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - prefs.js..browser.search.defaultenginename: "bing"</div> <div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div> <div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div> <div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.useDBForOrder: true</div> <div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div> <div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div> <div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div> <div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div> <div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div> <div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div> <div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div> <div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div> <div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div> <div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div> <div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ftp_port: 8080</div> <div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.gopher_port: 8080</div> <div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.socks_port: 8080</div> <div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ssl_port: 8080</div> <div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div> <div>FF - prefs.js..network.proxy.http_port: 61333</div> <div>FF - prefs.js..network.proxy.type: 1</div> <div> </div> <div> </div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div> </div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div> <div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div> <div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div> <div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div> <div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div> <div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div> <div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div> <div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div> <div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div> <div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div> <div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div> <div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div> <div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div> <div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div> <div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div> <div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div> <div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Google (Enabled)</div> <div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div> <div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div> <div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div> <div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div> <div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div> <div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div> <div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div> <div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div> <div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div> <div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div> <div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div> <div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div> <div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div> <div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div> <div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div> <div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div> <div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div> <div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div> <div> </div> <div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div> <div>O1 - Hosts: 127.0.0.1 localhost</div> <div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div> <div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div> <div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div> <div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div> <div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div> <div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div> <div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div> <div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div> <div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div> <div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div> <div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div> <div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div> <div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div> <div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div> <div>O24 - Desktop Components:0 () - </div> <div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div> <div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div> <div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div> <div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div> <div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div> <div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div> <div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div> <div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div> <div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div> <div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div> <div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div> <div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div> <div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div> <div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div> <div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div> <div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div> <div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div> <div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div> <div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div> <div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div> <div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div> <div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div> <div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div> <div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div> <div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div> <div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div> <div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div> <div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div> <div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div> <div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div> <div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div> <div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div> <div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div> <div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div> <div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div> <div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div> <div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div> <div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div> <div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div> <div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div> <div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div> <div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div> <div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div> <div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div> <div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div> <div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div> <div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div> <div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div> <div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div> <div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div> <div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div> <div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div> <div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div> <div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div> <div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div> <div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div> <div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div> <div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div> <div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div> <div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div> <div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div> <div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div> <div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div> <div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div> <div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div> <div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div> <div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div> <div> </div> <div>========== ZeroAccess Check ==========</div> <div> </div> <div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Apartment</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Free</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Both</div> <div> </div> <div>< End of report ></div>

<p>OTL Report:</p> <p> </p> <p> </p> <div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div> <div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Just\Desktop</div> <div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div> <div>Internet Explorer (Version = 8.0.6001.18702)</div> <div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div> <div> </div> <div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div> <div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div> <div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div> <div> </div> <div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div> <div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div> <div> </div> <div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div> <div>Boot Mode: Normal | Scan Mode: All users</div> <div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div> <div> </div> <div>========== Processes (SafeList) ==========</div> <div> </div> <div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div> <div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div> <div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\WINDOWS\system32\acs.exe ()</div> <div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Modules (No Company Name) ==========</div> <div> </div> <div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div> <div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div> <div>MOD - C:\WINDOWS\system32\acs.exe ()</div> <div> </div> <div> </div> <div>========== Services (SafeList) ==========</div> <div> </div> <div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div> <div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div> <div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div> <div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div> <div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div> <div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div> <div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div> <div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div> <div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div> <div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div> <div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div> <div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div> <div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div> <div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div> <div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div> <div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div> <div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div> <div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div> <div> </div> <div> </div> <div>========== Driver Services (SafeList) ==========</div> <div> </div> <div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div> <div>DRV - (PCIDump) -- File not found</div> <div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div> <div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div> <div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div> <div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div> <div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div> <div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div> <div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div> <div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div> <div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div> <div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div> <div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div> <div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div> <div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div> <div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div> <div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div> <div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div> <div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div> <div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div> <div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div> <div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div> <div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div> <div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div> <div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div> <div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div> <div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div> <div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div> <div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div> <div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div> <div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div> <div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div> <div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div> <div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div> <div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div> <div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div> <div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div> <div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div> <div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div> <div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div> <div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div> <div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div> <div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div> <div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div> <div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div> <div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div> <div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )</div> <div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div> <div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div> <div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div> <div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div> <div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div> <div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div> <div> </div> <div> </div> <div>========== Standard Registry (SafeList) ==========</div> <div> </div> <div> </div> <div>========== Internet Explorer ==========</div> <div> </div> <div>IE - HKLM\..\SearchScopes,DefaultScope = </div> <div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div> <div> </div> <div> </div> <div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div> <div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div> <div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div> </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div> <div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div> <div> </div> <div>========== FireFox ==========</div> <div> </div> <div>FF - prefs.js..browser.search.defaultenginename: "bing"</div> <div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div> <div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div> <div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div> <div>FF - prefs.js..browser.search.useDBForOrder: true</div> <div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div> <div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div> <div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div> <div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div> <div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div> <div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div> <div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div> <div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div> <div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div> <div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div> <div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div> <div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div> <div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div> <div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ftp_port: 8080</div> <div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.gopher_port: 8080</div> <div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.socks_port: 8080</div> <div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div> <div>FF - prefs.js..network.proxy.ssl_port: 8080</div> <div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div> <div>FF - prefs.js..network.proxy.http_port: 61333</div> <div>FF - prefs.js..network.proxy.type: 1</div> <div> </div> <div> </div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div> <div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div> <div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div> <div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div> <div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div> <div> </div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div> <div> </div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div> <div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div> <div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div> <div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div> <div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div> <div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div> <div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div> <div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div> <div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div> <div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div> <div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div> <div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div> <div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div> <div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div> <div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div> <div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div> <div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div> <div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div> <div> </div> <div>========== Chrome ==========</div> <div> </div> <div>CHR - default_search_provider: Google (Enabled)</div> <div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div> <div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div> <div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div> <div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div> <div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div> <div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div> <div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div> <div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div> <div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div> <div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div> <div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div> <div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div> <div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div> <div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div> <div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div> <div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div> <div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div> <div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div> <div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div> <div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div> <div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div> <div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div> <div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div> <div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div> <div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div> <div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div> <div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div> <div> </div> <div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div> <div>O1 - Hosts: 127.0.0.1 localhost</div> <div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div> <div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div> <div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div> <div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div> <div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div> <div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div> <div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div> <div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div> <div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div> <div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div> <div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div> <div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div> <div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div> <div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div> <div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div> <div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div> <div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div> <div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div> <div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div> <div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div> <div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div> <div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div> <div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div> <div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div> <div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div> <div>O24 - Desktop Components:0 () - </div> <div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div> <div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div> <div>O32 - HKLM CDRom: AutoRun - 1</div> <div>O34 - HKLM BootExecute: (autocheck autochk *)</div> <div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div> <div>O35 - HKLM\..comfile [open] -- "%1" %*</div> <div>O35 - HKLM\..exefile [open] -- "%1" %*</div> <div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div> <div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div> <div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div> <div> </div> <div>========== Files/Folders - Created Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div> <div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div> <div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div> <div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div> <div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div> <div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div> <div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div> <div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div> <div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div> <div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div> <div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div> <div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div> <div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div> <div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div> <div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div> <div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div> <div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div> <div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files - Modified Within 30 Days ==========</div> <div> </div> <div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div> <div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div> <div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div> <div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div> <div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div> <div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div> <div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div> <div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div> <div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div> <div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div> <div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div> <div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div> <div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div> <div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div> <div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div> <div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div> <div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div> <div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div> <div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div> <div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div> <div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div> <div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div> <div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div> <div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div> <div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div> <div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div> <div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div> <div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div> <div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div> <div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div> <div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div> <div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div> <div> </div> <div>========== Files Created - No Company Name ==========</div> <div> </div> <div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div> <div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div> <div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div> <div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div> <div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div> <div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div> <div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div> <div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div> <div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div> <div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div> <div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div> <div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div> <div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div> <div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div> <div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div> <div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div> <div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div> <div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div> <div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div> <div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div> <div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div> <div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div> <div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div> <div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div> <div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div> <div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div> <div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div> <div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div> <div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div> <div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div> <div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div> <div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div> <div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div> <div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div> <div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div> <div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div> <div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div> <div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div> <div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div> <div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div> <div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div> <div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div> <div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div> <div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div> <div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div> <div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div> <div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div> <div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div> <div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div> <div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div> <div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div> <div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div> <div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div> <div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div> <div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div> <div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div> <div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div> <div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div> <div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div> <div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div> <div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div> <div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div> <div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div> <div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div> <div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div> <div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div> <div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div> <div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div> <div> </div> <div>========== ZeroAccess Check ==========</div> <div> </div> <div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div> </div> <div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div> <div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Apartment</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Free</div> <div> </div> <div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div> <div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div> <div>"ThreadingModel" = Both</div> <div> </div> <div>< End of report ></div> <div> </div>

Ok, Followed your instructions. After reboot, the loading process is still painfully slow. Once the everything got loaded, programs open faster. There has not been any video or audio problems!

Computer is still running slow. Audio and video is also still choppy.