Jump to content

hms1018

Honorary Members
  • Posts

    70
  • Joined

  • Last visited

Everything posted by hms1018

  1. Thanks again AdvancedSetup. It has been a pleasure, I am back up and running.
  2. I had to reboot it and things seem to be running faster, Things are also loading a little faster, but I will run msconfig so that all these other things won't slow down my startup. Thank you soo much. Hope
  3. JavaRa 1.16 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Wed Oct 02 15:34:54 2013 There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124. There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124. Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284} Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Found and removed: SOFTWARE\JavaSoft Found and removed: SOFTWARE\JreMetrics Found and removed: SOFTWARE\MozillaPlugins ------------------------------------ Finished reporting.
  4. Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.7011) Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.8.800.168 Adobe Reader XI Mozilla Firefox (24.0) Google Chrome 29.0.1547.66 Google Chrome 29.0.1547.76 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-09-2013 02 Ran by HMS1018 at 2013-10-01 17:24:48 Run:1 Running from C:\Users\HMS1018\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe MountPoints2: {897b16b1-2a88-11e2-8b7e-f26ba78e1f30} - I:\setup\3DHADSD80_setup.exe MountPoints2: {cf243b3c-002e-11e3-9205-0002723e8dd9} - H:\LGAutoRun.exe HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firefox.com/ SearchScopes: HKLM-x32 - DefaultScope {D570841B-10AE-4D5B-BBB8-237DA20EA69F} URL = SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = BHO-x32: TWatchTorrentsHelper - {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Koox Group LLC/WatchTorrents Player,version=1.0.0.0 - C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll (Koox Group LLC) FF HKLM-x32\...\Firefox\Extensions: [jid1-vpu7aD5IBmKRFA@jetpack] - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi FF Extension: jid1-vpu7aD5IBmKRFA - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi Task: {150672DB-EAF9-4941-ADEA-4E940DEC4E86} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {17F43E83-B769-47A9-A10A-E9E183B0D41C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.) Task: {8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {D597D0D1-B6A7-463D-9D84-0464FAD2C88E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-09] (Facebook Inc.) Task: {F4BD837E-A59F-4011-969E-36117C4F33E5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17] (Google Inc.) Task: {F7DC172C-461B-4A59-846E-F588285296C2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: {F87126C6-071F-4B17-B99E-A65D4B30E7E1} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.) Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => C:\Users\HMS1018\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => C:\Users\HMS1018\AppData\Local\Google\Update\GoogleUpdate.exe AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\HMS1018\Downloads\Dropbox 2.0.0.exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\magicJackSetup.exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6(1).exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6.exe:BDU AlternateDataStreams: C:\Users\HMS1018\Downloads\msprod2.exe:BDU ***************** C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js => Moved successfully. C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js => Moved successfully. C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js => Moved successfully. C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part => Moved successfully. "C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll" => File/Directory not found. C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully. C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully. C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js => Moved successfully. C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe => Moved successfully. C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe => Moved successfully. C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe => Moved successfully. C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe => Moved successfully. C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe => Moved successfully. C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar => Moved successfully. C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe => Moved successfully. C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe => Moved successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{897b16b1-2a88-11e2-8b7e-f26ba78e1f30} => Key deleted successfully. HKCR\CLSID\{897b16b1-2a88-11e2-8b7e-f26ba78e1f30} => Key not found. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf243b3c-002e-11e3-9205-0002723e8dd9} => Key deleted successfully. HKCR\CLSID\{cf243b3c-002e-11e3-9205-0002723e8dd9} => Key not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EEE3B00-A4F8-4819-A336-1B547FA954BF} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{2EEE3B00-A4F8-4819-A336-1B547FA954BF} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} => Key deleted successfully. HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2 => Key deleted successfully. C:\Windows\system32\npDeployJava1.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully. C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key deleted successfully. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@Koox Group LLC/WatchTorrents Player,version=1.0.0.0 => Key deleted successfully. C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jid1-vpu7aD5IBmKRFA@jetpack => Value deleted successfully. C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{150672DB-EAF9-4941-ADEA-4E940DEC4E86} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{150672DB-EAF9-4941-ADEA-4E940DEC4E86} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17F43E83-B769-47A9-A10A-E9E183B0D41C} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17F43E83-B769-47A9-A10A-E9E183B0D41C} => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DC0FFA5-6F65-48BC-B5A7-4080927A5C51} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D597D0D1-B6A7-463D-9D84-0464FAD2C88E} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D597D0D1-B6A7-463D-9D84-0464FAD2C88E} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DABE46A8-9ECF-4A9C-AFA8-93E7E271BD17} => Key deleted successfully. C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F4BD837E-A59F-4011-969E-36117C4F33E5} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4BD837E-A59F-4011-969E-36117C4F33E5} => Key deleted successfully. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7DC172C-461B-4A59-846E-F588285296C2} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7DC172C-461B-4A59-846E-F588285296C2} => Key deleted successfully. C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-632562549-456321962-3968272267-1000 => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F87126C6-071F-4B17-B99E-A65D4B30E7E1} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F87126C6-071F-4B17-B99E-A65D4B30E7E1} => Key deleted successfully. C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-632562549-456321962-3968272267-1000 => Key deleted successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => Moved successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job => Moved successfully. C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job => Moved successfully. C:\ProgramData\Nalpeiron => ":user.ns1" ADS removed successfully. C:\ProgramData\Nalpeiron => ":user.ns2" ADS removed successfully. C:\ProgramData\Nalpeiron => ":user.ns3" ADS removed successfully. C:\ProgramData\Nalpeiron => ":user.ns4" ADS removed successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. C:\Users\HMS1018\Downloads\Dropbox 2.0.0.exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\magicJackSetup.exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6(1).exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\motherboard_utility_gbttools_gbt_et6.exe => ":BDU" ADS removed successfully. C:\Users\HMS1018\Downloads\msprod2.exe => ":BDU" ADS removed successfully. ==== End of Fixlog ====
  6. Post too long, attaching. Addition.txt
  7. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by HMS1018 (administrator) on HMS1018-PC on 01-10-2013 01:05:06 Running from C:\Users\HMS1018\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe ( ) C:\Windows\system32\lxcjcoms.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (AMD) C:\Windows\system32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dropbox, Inc.) C:\Users\HMS1018\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (magicJack L.P.) C:\Users\HMS1018\AppData\Roaming\mjusbsp\magicJack.exe (Spotify Ltd) C:\Users\HMS1018\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [cdloader] - C:\Users\HMS1018\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKCU\...\Run: [spotify Web Helper] - C:\Users\HMS1018\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-09-28] (Spotify Ltd) HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log MountPoints2: {897b16b1-2a88-11e2-8b7e-f26ba78e1f30} - I:\setup\3DHADSD80_setup.exe MountPoints2: {cf243b3c-002e-11e3-9205-0002723e8dd9} - H:\LGAutoRun.exe HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\HMS1018\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firefox.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x39874C359D1ECE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM-x32 - DefaultScope {D570841B-10AE-4D5B-BBB8-237DA20EA69F} URL = SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: TWatchTorrentsHelper - {2EEE3B00-A4F8-4819-A336-1B547FA954BF} - C:\Program Files (x86)\WatchTorrents Player\WatchTorrentsHelper.dll () BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\HMS1018\AppData\Roaming\Mozilla\Firefox\Profiles\oqc7cjzd.default-1379637043124 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Koox Group LLC/WatchTorrents Player,version=1.0.0.0 - C:\Program Files (x86)\WatchTorrents Player\npwtplayer.dll (Koox Group LLC) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\WatchTorrents Player\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\HMS1018\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\HMS1018\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\HMS1018\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\HMS1018\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\xfinitylcsearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\xfinity.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF HKLM-x32\...\Firefox\Extensions: [jid1-vpu7aD5IBmKRFA@jetpack] - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi FF Extension: jid1-vpu7aD5IBmKRFA - C:\Program Files (x86)\WatchTorrents Player\jid1-vpu7aD5IBmKRFA@jetpack.xpi FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext Chrome: ======= CHR RestoreOnStartup: "urls_to_restore_on_startup": [ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Talk Plugin) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\HMS1018\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\HMS1018\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\HMS1018\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (uTorrentControl_v6) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp\10.16.2.9_0 CHR Extension: (Google Search) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (savensharE ) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10 CHR Extension: (Browsea22ssAAvve) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffoganknhpieanlejociegddgkoaaae\1 CHR Extension: (SearchNewTab) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0 CHR Extension: (avast! Online Security) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0 CHR Extension: (Xfinity) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb\1_0 CHR Extension: (SearchNewTab) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0 CHR Extension: (WhiteSmoke New) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.23_0 CHR Extension: (WatchTorrents) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpafocldgpkgojfbjigddelmfjmffkee\1_0 CHR Extension: (saVensshaare ) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0 CHR Extension: (Gmail) - C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\HMS1018\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx CHR HKLM-x32\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\ProgramData\comcastModemRelease\shortcuts\chrome\xfinity.crx CHR HKLM-x32\...\Chrome\Extension: [mpafocldgpkgojfbjigddelmfjmffkee] - C:\Program Files (x86)\WatchTorrents Player\mpafocldgpkgojfbjigddelmfjmffkee.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Corporate.11.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\11.00\Licensing\CE\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 lxcj_device; C:\Windows\system32\lxcjcoms.exe [566192 2007-02-08] ( ) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe) R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices) R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.) R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-11-30] (C-Media Inc) S3 etdrv; C:\Windows\etdrv.sys [25640 2013-03-04] (Windows ® Server 2003 DDK provider) S3 etdrv; C:\Windows\etdrv.sys [25640 2013-03-04] (Windows ® Server 2003 DDK provider) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-22] (Windows ® Server 2003 DDK provider) S3 gdrv; C:\Windows\gdrv.sys [25640 2013-04-22] (Windows ® Server 2003 DDK provider) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-04] () S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-03-04] () S3 ltusbaud; C:\Windows\System32\DRIVERS\ltusbaud_x64.sys [250144 2013-03-04] () S3 ltusbaudks; C:\Windows\System32\DRIVERS\ltusbaudks_x64.sys [54048 2013-03-04] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2011-10-27] (Windows ® Win 7 DDK provider) S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [2061856 2010-03-23] (Realtek Semiconductor Corporation ) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [105832 2011-08-29] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [221544 2011-08-29] (Renesas Electronics Corporation) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-06] (Duplex Secure Ltd.) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation) U3 azn3ma5z; C:\Windows\System32\Drivers\azn3ma5z.sys [0 ] (Advanced Micro Devices) S3 HRMACPI; SYSTEM32\DRIVERS\HRMACPI.SYS [x] R4 ImmunetNetworkMonitorDriver; \??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [x] R4 ImmunetProtectDriver; system32\DRIVERS\ImmunetProtect.sys [x] R4 ImmunetSelfProtectDriver; system32\DRIVERS\ImmunetSelfProtect.sys [x] S3 MSICDSetup; \??\D:\CDriver64.sys [x] S3 SOFTUSBTESTHUB; SYSTEM32\DRIVERS\SOFTUSBTESTHUB.SYS [x] S3 SOFTWADP; SYSTEM32\DRIVERS\SOFTWADP.SYS [x] S3 WSOFTUSBK; SYSTEM32\DRIVERS\WSOFTUSBK.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-01 00:56 - 2013-10-01 00:56 - 00025688 _____ C:\Users\HMS1018\Downloads\Addition.txt 2013-10-01 00:52 - 2013-10-01 00:52 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe 2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST 2013-10-01 00:51 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64.exe 2013-10-01 00:48 - 2013-10-01 00:48 - 00004015 _____ C:\Users\HMS1018\Desktop\List of found threats.txt 2013-09-30 22:45 - 2013-10-01 00:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-30 22:22 - 2013-09-30 22:23 - 02347384 _____ (ESET) C:\Users\HMS1018\Downloads\esetsmartinstaller_enu.exe 2013-09-30 21:51 - 2013-09-30 21:52 - 00000000 ____D C:\AdwCleaner 2013-09-30 21:51 - 2013-09-30 21:51 - 01045226 _____ C:\Users\HMS1018\Downloads\AdwCleaner.exe 2013-09-30 21:42 - 2013-09-30 21:42 - 00005028 _____ C:\Users\HMS1018\Desktop\JRT.txt 2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Windows\ERUNT 2013-09-30 21:22 - 2013-09-30 21:22 - 01030305 _____ (Thisisu) C:\Users\HMS1018\Downloads\JRT.exe 2013-09-30 20:53 - 2013-09-30 21:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-30 19:20 - 2013-09-30 21:19 - 00000000 ____D C:\Users\HMS1018\Desktop\mbar 2013-09-30 19:20 - 2013-09-30 19:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\HMS1018\Downloads\mbar-1.07.0.1005.exe 2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Users\HMS1018\Desktop\Malwarebytes 2013-09-30 17:59 - 2013-09-30 18:13 - 00000000 ___RD C:\Users\HMS1018\Documents\ged back 2013-09-30 17:38 - 2013-09-30 17:38 - 00001624 _____ C:\Users\HMS1018\Desktop\RKreport[0]_S_09302013_173835.txt 2013-09-30 17:34 - 2013-09-30 17:39 - 00000000 ____D C:\Users\HMS1018\Desktop\RK_Quarantine 2013-09-30 17:32 - 2013-09-30 17:33 - 03969024 _____ C:\Users\HMS1018\Downloads\RogueKillerX64.exe 2013-09-30 17:32 - 2013-09-30 17:32 - 00000000 ____D C:\Windows\ERDNT 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\HMS1018\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\HMS1018\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-09-30 16:52 - 2013-09-30 16:52 - 00791393 _____ (Lars Hederer ) C:\Users\HMS1018\Downloads\erunt-setup.exe 2013-09-30 13:03 - 2013-09-30 13:04 - 00002604 _____ C:\Users\HMS1018\Desktop\Rkill.txt 2013-09-30 13:03 - 2013-09-30 13:03 - 00000000 ____D C:\Users\HMS1018\Desktop\rkill 2013-09-30 13:02 - 2013-09-30 13:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\HMS1018\Downloads\rkill.exe 2013-09-30 12:07 - 2013-09-30 12:07 - 05017824 _____ C:\Users\HMS1018\Desktop\stray emp.tif 2013-09-27 13:30 - 2013-09-27 13:30 - 00032768 _____ C:\Windows\nfm_cache.db-shm 2013-09-27 13:30 - 2013-09-27 13:30 - 00003176 _____ C:\Windows\nfm_cache.db-wal 2013-09-27 13:30 - 2013-09-27 13:30 - 00001024 _____ C:\Windows\nfm_cache.db 2013-09-25 12:07 - 2013-09-25 12:07 - 00001107 _____ C:\Users\HMS1018\Desktop\Cover letter.txt 2013-09-23 16:43 - 2013-09-23 16:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-23 16:43 - 2013-09-23 16:45 - 00000000 ____D C:\Program Files\iTunes 2013-09-23 16:43 - 2013-09-23 16:44 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-23 16:43 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iPod 2013-09-21 18:04 - 2013-09-21 18:04 - 00054629 _____ C:\Users\HMS1018\Downloads\20130921_161316.jpeg 2013-09-19 10:19 - 2013-09-19 10:19 - 00000000 ____D C:\Users\HMS1018\Desktop\New folder 2013-09-18 19:30 - 2013-09-18 19:31 - 00029015 _____ C:\Users\HMS1018\Desktop\dds.txt 2013-09-18 19:30 - 2013-09-18 19:31 - 00008793 _____ C:\Users\HMS1018\Desktop\attach.txt 2013-09-18 19:28 - 2013-09-18 19:28 - 00688992 ____R (Swearware) C:\Users\HMS1018\Downloads\dds.com 2013-09-18 16:48 - 2013-09-18 16:48 - 00000088 _____ C:\Windows\SysWOW64\7622695778335716585.log 2013-09-18 16:20 - 2013-09-18 17:00 - 00000000 ____D C:\Program Files (x86)\ss helper 2013-09-18 16:20 - 2013-09-18 16:59 - 00000000 ____D C:\ProgramData\savensharE 2013-09-18 15:52 - 2013-09-18 15:52 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Malwarebytes 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-18 15:51 - 2013-09-18 15:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-18 15:51 - 2013-09-18 15:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HMS1018\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-18 15:51 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-17 16:33 - 2013-09-17 16:33 - 02816072 _____ (LionSea SoftWare ) C:\Users\HMS1018\Downloads\setup(3).exe 2013-09-16 13:28 - 2013-09-16 13:28 - 00347424 _____ (Microsoft Corporation) C:\Users\HMS1018\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302783255414964.2.1.Run.exe 2013-09-16 09:40 - 2013-09-16 09:40 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Apps\2.0 2013-09-15 22:40 - 2013-09-15 22:41 - 00000088 _____ C:\Windows\SysWOW64\13838775941398595092.log 2013-09-15 22:39 - 2013-09-15 22:39 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Kalydo 2013-09-15 21:08 - 2013-09-15 21:13 - 00000000 ____D C:\Users\HMS1018\AppData\Local\ID Vault 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\White_Sky,_Inc 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\ProgramData\IsolatedStorage 2013-09-15 21:07 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-09-15 21:07 - 2013-09-16 02:27 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst 2013-09-15 21:07 - 2013-09-15 21:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\ID Vault 2013-09-15 21:07 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Zemana 2013-09-15 21:05 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\xfin_portal 2013-09-15 21:04 - 2013-09-16 02:28 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite 2013-09-15 21:04 - 2013-09-15 21:04 - 00000000 ____D C:\ProgramData\White Sky, Inc 2013-09-15 19:32 - 2013-09-15 19:32 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\EZDownloader 2013-09-15 19:31 - 2013-09-15 19:31 - 00000808 _____ C:\Users\HMS1018\Desktop\WeatherBug.lnk 2013-09-15 19:30 - 2013-09-16 14:19 - 00000000 ____D C:\ProgramData\saVensshaare 2013-09-13 23:03 - 2013-09-17 14:01 - 00000000 ____D C:\Users\HMS1018\Desktop\Go Green 2013-09-13 22:27 - 2013-09-27 13:19 - 00000000 ____D C:\Users\HMS1018\Desktop\Robbie 2013-09-12 23:53 - 2013-09-12 23:53 - 00001925 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe 2013-09-12 23:52 - 2013-09-17 16:49 - 00000000 ____D C:\ProgramData\Nalpeiron 2013-09-12 23:52 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software 2013-09-12 23:51 - 2013-09-12 23:53 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files (x86)\onOne Software 2013-09-12 23:49 - 2013-09-12 23:51 - 00000000 ____D C:\ProgramData\onOne Software 2013-09-12 23:47 - 2013-09-12 23:48 - 303683288 _____ (Acresso Software Inc.) C:\Users\HMS1018\Downloads\Perfect_Effects_4.0.4_Free.exe 2013-09-12 22:54 - 2013-09-12 22:54 - 00000855 _____ C:\Users\HMS1018\Desktop\µTorrent.lnk 2013-09-12 22:54 - 2013-09-12 22:54 - 00000835 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-12 21:25 - 2013-09-12 21:25 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill(1) 2013-09-12 21:24 - 2013-09-12 21:24 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill 2013-09-12 16:56 - 2013-09-13 23:27 - 00000000 ____D C:\Users\HMS1018\Desktop\Vicky 2013-09-12 09:16 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-09-12 09:16 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-09-12 09:16 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-09-12 09:16 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-09-12 09:16 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-09-12 09:16 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-09-12 09:16 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-09-12 09:16 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-12 09:16 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-12 09:16 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-12 09:16 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-09-12 09:16 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-12 09:16 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-09-12 09:16 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-12 06:45 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys 2013-09-12 06:44 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-09-12 06:44 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-09-12 06:44 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2013-09-12 06:44 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-09-12 06:44 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2013-09-12 06:44 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2013-09-12 06:44 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2013-09-12 06:44 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2013-09-12 06:44 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-12 06:44 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-12 06:44 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-12 06:44 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-12 06:44 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-12 06:44 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2013-09-12 06:44 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2013-09-12 06:44 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-12 06:44 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-12 06:44 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-12 06:44 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-12 06:44 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-12 06:44 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-12 06:43 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-09-12 06:42 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2013-09-12 06:42 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll 2013-09-12 06:42 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-12 06:42 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-10 15:46 - 2013-09-10 15:46 - 01069288 _____ (Solid State Networks) C:\Users\HMS1018\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 01970848 _____ C:\Users\HMS1018\Downloads\winrar-x64-500.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk 2013-09-09 11:51 - 2013-09-09 12:18 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Blackboard 2013-09-06 00:12 - 2013-09-06 00:12 - 03021614 _____ C:\Users\HMS1018\Downloads\Generic 2013-09-05 23:42 - 2013-09-05 23:42 - 01310720 _____ C:\Users\HMS1018\Desktop\stream_user_training.ppt 2013-09-05 21:34 - 2013-09-05 21:34 - 00000000 ____D C:\ProgramData\WebEx 2013-09-04 14:18 - 2013-09-04 14:18 - 00266288 _____ C:\Windows\Minidump\090413-16926-01.dmp 2013-09-03 01:09 - 2013-09-03 01:09 - 00262144 _____ C:\Windows\Minidump\090313-16598-01.dmp ==================== One Month Modified Files and Folders ======= 2013-10-01 00:58 - 2012-10-18 03:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-01 00:56 - 2013-10-01 00:56 - 00025688 _____ C:\Users\HMS1018\Downloads\Addition.txt 2013-10-01 00:52 - 2013-10-01 00:52 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64(1).exe 2013-10-01 00:52 - 2013-10-01 00:52 - 00000000 ____D C:\FRST 2013-10-01 00:51 - 2013-10-01 00:51 - 01953880 _____ (Farbar) C:\Users\HMS1018\Downloads\FRST64.exe 2013-10-01 00:48 - 2013-10-01 00:48 - 00004015 _____ C:\Users\HMS1018\Desktop\List of found threats.txt 2013-10-01 00:46 - 2013-09-30 22:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-10-01 00:46 - 2013-08-13 22:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 00:46 - 2012-10-18 03:38 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Mozilla 2013-10-01 00:41 - 2012-11-09 22:36 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job 2013-10-01 00:27 - 2012-12-17 19:03 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000UA.job 2013-10-01 00:13 - 2012-12-17 09:48 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-30 22:48 - 2013-08-20 12:32 - 00000000 ____D C:\Users\HMS1018\Desktop\Stray 2013-09-30 22:37 - 2011-01-01 00:56 - 01933757 _____ C:\Windows\WindowsUpdate.log 2013-09-30 22:23 - 2013-09-30 22:23 - 00000000 ____D C:\Program Files (x86)\ESET 2013-09-30 22:23 - 2013-09-30 22:22 - 02347384 _____ (ESET) C:\Users\HMS1018\Downloads\esetsmartinstaller_enu.exe 2013-09-30 21:52 - 2013-09-30 21:51 - 00000000 ____D C:\AdwCleaner 2013-09-30 21:51 - 2013-09-30 21:51 - 01045226 _____ C:\Users\HMS1018\Downloads\AdwCleaner.exe 2013-09-30 21:42 - 2013-09-30 21:42 - 00005028 _____ C:\Users\HMS1018\Desktop\JRT.txt 2013-09-30 21:41 - 2012-11-09 22:36 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job 2013-09-30 21:32 - 2013-09-30 21:32 - 00000000 ____D C:\Windows\ERUNT 2013-09-30 21:22 - 2013-09-30 21:22 - 01030305 _____ (Thisisu) C:\Users\HMS1018\Downloads\JRT.exe 2013-09-30 21:19 - 2013-09-30 20:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-30 21:19 - 2013-09-30 19:20 - 00000000 ____D C:\Users\HMS1018\Desktop\mbar 2013-09-30 21:13 - 2012-12-17 09:48 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-30 20:27 - 2012-12-17 19:03 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-632562549-456321962-3968272267-1000Core.job 2013-09-30 19:20 - 2013-09-30 19:20 - 12907592 _____ (Malwarebytes Corp.) C:\Users\HMS1018\Downloads\mbar-1.07.0.1005.exe 2013-09-30 19:18 - 2013-08-12 19:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Spotify 2013-09-30 19:04 - 2013-08-14 13:05 - 00000000 ____D C:\ProgramData\Immunet 2013-09-30 19:04 - 2013-08-14 12:44 - 00000000 ____D C:\Program Files\Immunet 2013-09-30 18:55 - 2013-09-30 18:55 - 00000000 ____D C:\Users\HMS1018\Desktop\Malwarebytes 2013-09-30 18:13 - 2013-09-30 17:59 - 00000000 ___RD C:\Users\HMS1018\Documents\ged back 2013-09-30 18:07 - 2013-03-14 11:10 - 00655872 ___SH C:\Users\HMS1018\Desktop\Thumbs.db 2013-09-30 17:39 - 2013-09-30 17:34 - 00000000 ____D C:\Users\HMS1018\Desktop\RK_Quarantine 2013-09-30 17:38 - 2013-09-30 17:38 - 00001624 _____ C:\Users\HMS1018\Desktop\RKreport[0]_S_09302013_173835.txt 2013-09-30 17:33 - 2013-09-30 17:32 - 03969024 _____ C:\Users\HMS1018\Downloads\RogueKillerX64.exe 2013-09-30 17:32 - 2013-09-30 17:32 - 00000000 ____D C:\Windows\ERDNT 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\HMS1018\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000924 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\HMS1018\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000905 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-09-30 17:30 - 2013-09-30 17:30 - 00000000 ____D C:\Program Files (x86)\ERUNT 2013-09-30 16:52 - 2013-09-30 16:52 - 00791393 _____ (Lars Hederer ) C:\Users\HMS1018\Downloads\erunt-setup.exe 2013-09-30 16:51 - 2013-04-25 22:59 - 00000000 ____D C:\Users\HMS1018\Desktop\Rental info 2013-09-30 13:04 - 2013-09-30 13:03 - 00002604 _____ C:\Users\HMS1018\Desktop\Rkill.txt 2013-09-30 13:03 - 2013-09-30 13:03 - 00000000 ____D C:\Users\HMS1018\Desktop\rkill 2013-09-30 13:02 - 2013-09-30 13:02 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\HMS1018\Downloads\rkill.exe 2013-09-30 12:41 - 2012-11-02 19:13 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\uTorrent 2013-09-30 12:07 - 2013-09-30 12:07 - 05017824 _____ C:\Users\HMS1018\Desktop\stray emp.tif 2013-09-30 11:11 - 2013-07-28 20:10 - 00000000 ____D C:\Users\HMS1018\Downloads\Lake Placid (1999) 2013-09-30 11:11 - 2012-11-14 17:17 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Windows Live 2013-09-30 11:05 - 2013-02-14 12:45 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\IrfanView 2013-09-30 11:03 - 2012-10-22 14:10 - 00000000 ____D C:\Program Files\Lx_cats 2013-09-28 21:53 - 2013-08-13 10:48 - 00000999 _____ C:\Users\HMS1018\Desktop\magicJack.lnk 2013-09-28 21:53 - 2012-10-18 01:58 - 00000985 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2013-09-28 21:53 - 2012-10-18 01:58 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\mjusbsp 2013-09-27 21:27 - 2013-04-06 20:00 - 00000000 ___RD C:\Users\HMS1018\Desktop\Dropbox 2013-09-27 21:27 - 2013-04-04 11:08 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Dropbox 2013-09-27 15:38 - 2009-07-14 00:51 - 22404150 _____ C:\Windows\setupact.log 2013-09-27 13:37 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-27 13:37 - 2009-07-14 00:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-27 13:32 - 2013-07-24 06:29 - 00000993 _____ C:\Users\Guest\Desktop\magicJack.lnk 2013-09-27 13:32 - 2013-07-24 06:29 - 00000979 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk 2013-09-27 13:32 - 2013-07-24 06:29 - 00000000 ____D C:\Users\Guest\AppData\Roaming\mjusbsp 2013-09-27 13:31 - 2013-04-30 13:03 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-27 13:31 - 2013-04-30 13:03 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-27 13:30 - 2013-09-27 13:30 - 00032768 _____ C:\Windows\nfm_cache.db-shm 2013-09-27 13:30 - 2013-09-27 13:30 - 00003176 _____ C:\Windows\nfm_cache.db-wal 2013-09-27 13:30 - 2013-09-27 13:30 - 00001024 _____ C:\Windows\nfm_cache.db 2013-09-27 13:30 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-27 13:29 - 2012-10-18 00:29 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-27 13:19 - 2013-09-13 22:27 - 00000000 ____D C:\Users\HMS1018\Desktop\Robbie 2013-09-25 22:08 - 2013-05-02 11:01 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2013-09-25 22:08 - 2012-10-18 03:42 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Adobe 2013-09-25 12:07 - 2013-09-25 12:07 - 00001107 _____ C:\Users\HMS1018\Desktop\Cover letter.txt 2013-09-25 10:32 - 2013-01-03 00:22 - 00000000 ____D C:\Users\HMS1018\Desktop\odd stuff 2013-09-24 15:43 - 2013-08-12 19:16 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Spotify 2013-09-24 10:20 - 2010-11-20 23:47 - 00231470 _____ C:\Windows\PFRO.log 2013-09-24 10:18 - 2012-10-18 00:09 - 00000000 ____D C:\Windows 7 Activation (Reccomended) 2013-09-23 21:06 - 2013-05-07 08:18 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-09-23 16:45 - 2013-09-23 16:43 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-23 16:45 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iTunes 2013-09-23 16:45 - 2013-08-26 14:26 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-23 16:44 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-23 16:43 - 2013-09-23 16:43 - 00000000 ____D C:\Program Files\iPod 2013-09-23 16:30 - 2013-05-07 16:55 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Apple Computer 2013-09-22 05:17 - 2013-01-22 22:18 - 00000000 ____D C:\Program Files (x86)\Cain 2013-09-21 18:04 - 2013-09-21 18:04 - 00054629 _____ C:\Users\HMS1018\Downloads\20130921_161316.jpeg 2013-09-20 10:13 - 2013-07-28 09:10 - 00000000 ____D C:\Users\HMS1018\Downloads\Young Dro - Best Thang Smokin' Album 2013-09-20 06:58 - 2012-10-18 03:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-20 06:58 - 2012-10-18 03:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-20 06:58 - 2012-10-18 03:41 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-19 20:30 - 2013-06-05 13:31 - 00000000 ____D C:\Users\HMS1018\Desktop\Old Firefox Data 2013-09-19 10:19 - 2013-09-19 10:19 - 00000000 ____D C:\Users\HMS1018\Desktop\New folder 2013-09-18 19:31 - 2013-09-18 19:30 - 00029015 _____ C:\Users\HMS1018\Desktop\dds.txt 2013-09-18 19:31 - 2013-09-18 19:30 - 00008793 _____ C:\Users\HMS1018\Desktop\attach.txt 2013-09-18 19:28 - 2013-09-18 19:28 - 00688992 ____R (Swearware) C:\Users\HMS1018\Downloads\dds.com 2013-09-18 17:00 - 2013-09-18 16:20 - 00000000 ____D C:\Program Files (x86)\ss helper 2013-09-18 16:59 - 2013-09-18 16:20 - 00000000 ____D C:\ProgramData\savensharE 2013-09-18 16:48 - 2013-09-18 16:48 - 00000088 _____ C:\Windows\SysWOW64\7622695778335716585.log 2013-09-18 16:25 - 2013-04-09 20:31 - 00000000 ____D C:\ProgramData\Browsea22ssAAvve 2013-09-18 16:20 - 2013-04-09 20:31 - 00000000 ____D C:\ProgramData\InstallMate 2013-09-18 15:52 - 2013-09-18 15:52 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Malwarebytes 2013-09-18 15:52 - 2013-09-18 15:52 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-18 15:52 - 2013-09-18 15:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-18 15:51 - 2013-09-18 15:51 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\HMS1018\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-17 16:49 - 2013-09-12 23:52 - 00000000 ____D C:\ProgramData\Nalpeiron 2013-09-17 16:33 - 2013-09-17 16:33 - 02816072 _____ (LionSea SoftWare ) C:\Users\HMS1018\Downloads\setup(3).exe 2013-09-17 14:01 - 2013-09-13 23:03 - 00000000 ____D C:\Users\HMS1018\Desktop\Go Green 2013-09-16 14:19 - 2013-09-15 19:30 - 00000000 ____D C:\ProgramData\saVensshaare 2013-09-16 13:28 - 2013-09-16 13:28 - 00347424 _____ (Microsoft Corporation) C:\Users\HMS1018\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.147302783255414964.2.1.Run.exe 2013-09-16 09:40 - 2013-09-16 09:40 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Apps\2.0 2013-09-16 02:28 - 2013-09-15 21:07 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK 2013-09-16 02:28 - 2013-09-15 21:05 - 00000000 ____D C:\Program Files (x86)\xfin_portal 2013-09-16 02:28 - 2013-09-15 21:04 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite 2013-09-16 02:28 - 2013-07-28 20:13 - 00000000 ____D C:\Users\HMS1018\Downloads\A Nightmare on Elm Street (1984) 2013-09-16 02:28 - 2013-07-28 20:00 - 00000000 ____D C:\Users\HMS1018\Downloads\Fast And Furious 6[2013]WEBRip XviD-ETRG 2013-09-16 02:28 - 2013-07-28 19:50 - 00000000 ____D C:\Users\HMS1018\Downloads\[ www.Torrenting.com ] - Love.and.Basketball.2000.WS.iNTERNAL.REPACK.DVDRip.XviD-PiRATEKiD 2013-09-16 02:28 - 2013-05-13 15:44 - 00000000 ____D C:\Users\HMS1018\Downloads\Adobe Photoshop CS6 13.0.1 Final Multilanguage (cracked dll) [ChingLiu] 2013-09-16 02:28 - 2013-04-30 13:02 - 00000000 ____D C:\Users\Guest 2013-09-16 02:27 - 2013-09-15 21:07 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst 2013-09-16 02:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2013-09-15 22:41 - 2013-09-15 22:40 - 00000088 _____ C:\Windows\SysWOW64\13838775941398595092.log 2013-09-15 22:39 - 2013-09-15 22:39 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Kalydo 2013-09-15 22:29 - 2011-01-01 00:56 - 00000000 ____D C:\Users\HMS1018 2013-09-15 21:13 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\ID Vault 2013-09-15 21:13 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\ID Vault 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\Users\HMS1018\AppData\Local\White_Sky,_Inc 2013-09-15 21:08 - 2013-09-15 21:08 - 00000000 ____D C:\ProgramData\IsolatedStorage 2013-09-15 21:07 - 2013-09-15 21:07 - 00000000 ____D C:\Users\HMS1018\AppData\Local\Zemana 2013-09-15 21:04 - 2013-09-15 21:04 - 00000000 ____D C:\ProgramData\White Sky, Inc 2013-09-15 19:35 - 2012-11-09 14:03 - 00000000 ____D C:\Windows\system32\appmgmt 2013-09-15 19:32 - 2013-09-15 19:32 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\EZDownloader 2013-09-15 19:31 - 2013-09-15 19:31 - 00000808 _____ C:\Users\HMS1018\Desktop\WeatherBug.lnk 2013-09-15 10:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2013-09-14 04:53 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache 2013-09-13 23:27 - 2013-09-12 16:56 - 00000000 ____D C:\Users\HMS1018\Desktop\Vicky 2013-09-12 23:53 - 2013-09-12 23:53 - 00001925 _____ C:\Users\Public\Desktop\Perfect Effects 4.lnk 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\onOne Software 2013-09-12 23:53 - 2013-09-12 23:53 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Adobe 2013-09-12 23:53 - 2013-09-12 23:51 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\onOne Software 2013-09-12 23:53 - 2013-07-06 11:05 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe 2013-09-12 23:52 - 2013-09-12 23:52 - 00000000 ____D C:\Users\Guest\AppData\Roaming\onOne Software 2013-09-12 23:51 - 2013-09-12 23:49 - 00000000 ____D C:\ProgramData\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files\onOne Software 2013-09-12 23:50 - 2013-09-12 23:50 - 00000000 ____D C:\Program Files (x86)\onOne Software 2013-09-12 23:50 - 2012-10-22 15:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-12 23:48 - 2013-09-12 23:47 - 303683288 _____ (Acresso Software Inc.) C:\Users\HMS1018\Downloads\Perfect_Effects_4.0.4_Free.exe 2013-09-12 22:54 - 2013-09-12 22:54 - 00000855 _____ C:\Users\HMS1018\Desktop\µTorrent.lnk 2013-09-12 22:54 - 2013-09-12 22:54 - 00000835 _____ C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2013-09-12 21:25 - 2013-09-12 21:25 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill(1) 2013-09-12 21:24 - 2013-09-12 21:24 - 00116413 _____ C:\Users\HMS1018\Downloads\displaypdfbill 2013-09-12 10:05 - 2011-01-01 00:57 - 00000000 ___RD C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-09-12 10:05 - 2011-01-01 00:57 - 00000000 ___RD C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-09-12 09:59 - 2009-07-14 00:45 - 05433144 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-12 09:15 - 2013-07-26 03:00 - 00000000 ____D C:\Windows\system32\MRT 2013-09-12 09:11 - 2012-11-05 22:37 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-12 09:11 - 2012-10-18 00:47 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-09-11 23:23 - 2013-05-07 08:18 - 00000000 _____ C:\Windows\SysWOW64\config.nt 2013-09-10 15:46 - 2013-09-10 15:46 - 01069288 _____ (Solid State Networks) C:\Users\HMS1018\Downloads\install_flashplayer11x32_mssa_aaa_aih.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 01970848 _____ C:\Users\HMS1018\Downloads\winrar-x64-500.exe 2013-09-10 02:39 - 2013-09-10 02:39 - 00000975 _____ C:\Users\Public\Desktop\WinRAR.lnk 2013-09-10 02:39 - 2012-12-21 00:36 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2013-09-10 02:39 - 2012-12-20 15:40 - 00000000 ____D C:\Program Files\WinRAR 2013-09-09 12:18 - 2013-09-09 11:51 - 00000000 ____D C:\Users\HMS1018\AppData\Roaming\Blackboard 2013-09-06 00:12 - 2013-09-06 00:12 - 03021614 _____ C:\Users\HMS1018\Downloads\Generic 2013-09-05 23:42 - 2013-09-05 23:42 - 01310720 _____ C:\Users\HMS1018\Desktop\stream_user_training.ppt 2013-09-05 21:34 - 2013-09-05 21:34 - 00000000 ____D C:\ProgramData\WebEx 2013-09-05 11:10 - 2009-07-14 01:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-04 14:32 - 2013-07-06 11:06 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe 2013-09-04 14:18 - 2013-09-04 14:18 - 00266288 _____ C:\Windows\Minidump\090413-16926-01.dmp 2013-09-04 14:18 - 2013-02-22 05:17 - 539062456 _____ C:\Windows\MEMORY.DMP 2013-09-04 14:18 - 2013-02-22 05:17 - 00000000 ____D C:\Windows\Minidump 2013-09-03 01:09 - 2013-09-03 01:09 - 00262144 _____ C:\Windows\Minidump\090313-16598-01.dmp Some content of TEMP: ==================== C:\Users\HMS1018\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe C:\Users\HMS1018\AppData\Local\Temp\bstrapInstall.exe C:\Users\HMS1018\AppData\Local\Temp\iprd_un.dll C:\Users\HMS1018\AppData\Local\Temp\iv_uninstall.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\HMS1018\AppData\Local\Temp\kpinstaller.exe C:\Users\HMS1018\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\HMS1018\AppData\Local\Temp\lowproc.exe C:\Users\HMS1018\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\HMS1018\AppData\Local\Temp\nsd317E.exe C:\Users\HMS1018\AppData\Local\Temp\nsg301A.exe C:\Users\HMS1018\AppData\Local\Temp\nsg6911.exe C:\Users\HMS1018\AppData\Local\Temp\nslEABE.exe C:\Users\HMS1018\AppData\Local\Temp\nsmDFBA.exe C:\Users\HMS1018\AppData\Local\Temp\nsn229C.exe C:\Users\HMS1018\AppData\Local\Temp\nsn8074.exe C:\Users\HMS1018\AppData\Local\Temp\nsp53A4.exe C:\Users\HMS1018\AppData\Local\Temp\nsr7709.exe C:\Users\HMS1018\AppData\Local\Temp\nswD1A3.exe C:\Users\HMS1018\AppData\Local\Temp\nsx47B2.exe C:\Users\HMS1018\AppData\Local\Temp\nsx5178.exe C:\Users\HMS1018\AppData\Local\Temp\nsx7392.exe C:\Users\HMS1018\AppData\Local\Temp\nsxB302.exe C:\Users\HMS1018\AppData\Local\Temp\ntdll_dump.dll C:\Users\HMS1018\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\HMS1018\AppData\Local\Temp\nvSCPAPI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStereoApiI.dll C:\Users\HMS1018\AppData\Local\Temp\nvStInst.exe C:\Users\HMS1018\AppData\Local\Temp\OIAppManager.exe C:\Users\HMS1018\AppData\Local\Temp\ose00000.exe C:\Users\HMS1018\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\HMS1018\AppData\Local\Temp\SpotifyUninstall.exe C:\Users\HMS1018\AppData\Local\Temp\SPStub.exe C:\Users\HMS1018\AppData\Local\Temp\stubhelper.dll C:\Users\HMS1018\AppData\Local\Temp\tbuTor.dll C:\Users\HMS1018\AppData\Local\Temp\tbWhit.dll C:\Users\HMS1018\AppData\Local\Temp\The_Weather_Channel_Application.exe C:\Users\HMS1018\AppData\Local\Temp\UnityWebPlayer9036510586564609267.exe C:\Users\HMS1018\AppData\Local\Temp\utt27FA.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\utt8B61.tmp.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.5-win32.exe C:\Users\HMS1018\AppData\Local\Temp\vlc-2.0.8-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-21 01:11 ==================== End Of Log ============================
  8. List of found threats: C:\Program Files (x86)\Cain\Cain.exe a variant of Win32/CainAbel application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js Win32/Adware.MultiPlug.H application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js Win32/Adware.MultiPlug.H application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js Win32/Adware.MultiPlug.H application C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpbgkkdmnpohfcldlnajplgbkoapcgmg\5.10\vM.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjikelfedmmmbanilmjkpalkhbijmcma\1.0\DSBnh.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgbbnoncamlghakafmddceiehgdjmhf\1.0\4Ep5jBwjsWV.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkpalpnbbkehbjiockhmchfaplolaapf\5.10\8j6s6qwy9.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6297WL2R\SPSetup[1].exe multiple threats C:\Users\HMS1018\AppData\Local\Temp\0hZIuCj7.exe.part Win32/OpenCandy application C:\Users\HMS1018\AppData\Local\Temp\2_hFHmYh.exe.part Win32/DownloadAdmin.G application C:\Users\HMS1018\AppData\Local\Temp\3XPk8Yez.exe.part a variant of Win32/Amonetize.P application C:\Users\HMS1018\AppData\Local\Temp\7txCBYzg.exe.part Win32/OpenCandy application C:\Users\HMS1018\AppData\Local\Temp\idfas79e.exe.part Win32/DownloadAdmin.G application C:\Users\HMS1018\AppData\Local\Temp\NmuKoJ62.exe.part a variant of Win32/Amonetize.P application C:\Users\HMS1018\AppData\Local\Temp\Qz1cxA9F.exe.part Win32/OpenCandy application C:\Users\HMS1018\AppData\Local\Temp\trz69D1.tmp Win32/Napolar.A trojan C:\Users\HMS1018\AppData\Local\Temp\00294823\nkpalpnbbkehbjiockhmchfaplolaapf\8j6s6qwy9.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\18be6784\gjikelfedmmmbanilmjkpalkhbijmcma\DSBnh.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\hfgbbnoncamlghakafmddceiehgdjmhf\4Ep5jBwjsWV.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\2cd672ae\vjnbifdh@izxk-.org\content\bg.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\4n6e@eoouuyouynv.org\content\bg.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\4ae13d6c\cpbgkkdmnpohfcldlnajplgbkoapcgmg\vM.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\AppData\Local\Temp\B2F8A64E-BAB0-7891-B40F-E8D0A8DA4501\Latest\IEHelper.dll Win32/Toolbar.Babylon.E application C:\Users\HMS1018\Desktop\Old Firefox Data\5xpq0jod.default-1379299627971\extensions\vjnbifdh@izxk-.org\content\bg.js Win32/Adware.MultiPlug.H application C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.3931.exe a variant of Win32/InstallCore.T application C:\Users\HMS1018\Downloads\Alcohol120_trial_2.0.2.4713.exe a variant of Win32/InstallCore.AX application C:\Users\HMS1018\Downloads\ArcadeFrontierGames.exe Win32/OpenCandy application C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-CMedia_PCI_Audio_Device-SEO-168596.exe Win32/DownloadAdmin.G application C:\Users\HMS1018\Downloads\cbsidlm-tr1_13-Virtual_Fashion_Professional-SEO-10556121.exe Win32/DownloadAdmin.G application C:\Users\HMS1018\Downloads\hybrid_wm8650_uberoid_v62.rar.exe.171103.gzquar Win32/InstalleRex.I application C:\Users\HMS1018\Downloads\WatchTorrents Setup.exe Win32/Toolbar.Babylon.E application C:\Windows\Temp\avast_ash\uTorrent\uTorrent.exe a variant of Win32/Bunndle application
  9. # AdwCleaner v3.006 - Report created 30/09/2013 at 21:52:26 # Updated 01/10/2013 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : HMS1018 - HMS1018-PC # Running from : C:\Users\HMS1018\Downloads\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp Folder Found : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Folder Found C:\Program Files (x86)\BitLord 2 Folder Found C:\Program Files (x86)\xfin_portal Folder Found C:\ProgramData\savensharE Folder Found C:\ProgramData\saVensshaare Folder Found C:\Users\HMS1018\AppData\LocalLow\xfin_portal Folder Found C:\Users\HMS1018\AppData\Roaming\BitLord Folder Found C:\Users\HMS1018\AppData\Roaming\EZDownloader Folder Found C:\Users\HMS1018\Documents\BitLord ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Found : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E} Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16686 -\\ Mozilla Firefox v23.0.1 (en-US) [ File : C:\Users\HMS1018\AppData\Roaming\Mozilla\Firefox\Profiles\oqc7cjzd.default-1379637043124\prefs.js ] -\\ Google Chrome v29.0.1547.76 [ File : C:\Users\HMS1018\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found : homepage Found : urls_to_restore_on_startup ************************* AdwCleaner[R0].txt - [6223 octets] - [30/09/2013 21:52:26] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6283 octets] ##########
  10. unkware Removal Tool (JRT) by Thisisu Version: 6.0.3 (09.27.2013:1) OS: Windows 7 Professional x64 Ran by HMS1018 on Mon 09/30/2013 at 21:32:32.08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\optimizer pro Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\optimizer pro Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_nonsearch_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sp global Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\sprotector Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D570841B-10AE-4D5B-BBB8-237DA20EA69F} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\softsafe" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\cre" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\local\swvupdater" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\boost_interprocess" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\comcasttb" Successfully deleted: [Folder] "C:\Users\HMS1018\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\websearch" ~~~ FireFox Emptied folder: C:\Users\HMS1018\AppData\Roaming\mozilla\firefox\profiles\oqc7cjzd.default-1379637043124\minidumps [5 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 09/30/2013 at 21:42:31.31 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  11. Just hit no and restarted it no problems: Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.09.30.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 HMS1018 :: HMS1018-PC [administrator] 9/30/2013 8:53:07 PM mbar-log-2013-09-30 (20-53-07).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 291908 Time elapsed: 23 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16686 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.013000 GHz Memory total: 4292403200, free: 2146627584 Downloaded database version: v2013.09.30.09 Downloaded database version: v2013.09.23.01 ======================================= Initializing... ------------ Kernel report ------------ 09/30/2013 20:53:03 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\DRIVERS\dsfksvcs.sys \SystemRoot\system32\DRIVERS\DSFOleaut32.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\sptd.sys \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\dsfroot.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\system32\DRIVERS\ImmunetProtect.sys \SystemRoot\system32\DRIVERS\ImmunetSelfProtect.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\softehci.sys \SystemRoot\system32\DRIVERS\usbehci_dsf.sys \SystemRoot\system32\DRIVERS\hrmports.sys \SystemRoot\system32\DRIVERS\USBPORT_DSF.SYS \SystemRoot\system32\DRIVERS\hrmints.sys \SystemRoot\SYSTEM32\DRIVERS\HRMCFGSPC.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\rusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\cmudax3.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\Drivers\azn3ma5z.SYS \SystemRoot\System32\Drivers\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\mcdbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\DRIVERS\rusb3hub.sys \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\netr28ux.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\drivers\bcbtums.sys \??\C:\Windows\system32\drivers\btwampfl.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\hidbth.sys \SystemRoot\system32\DRIVERS\btwavdt.sys \SystemRoot\system32\drivers\btwaudio.sys \SystemRoot\system32\DRIVERS\btwl2cap.sys \SystemRoot\system32\DRIVERS\btwrchid.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\Drivers\fastfat.SYS \??\C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys \??\C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\usbprint.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\shlwapi.dll \Windows\System32\lpk.dll \Windows\System32\comdlg32.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\setupapi.dll \Windows\System32\advapi32.dll \Windows\System32\msctf.dll \Windows\System32\user32.dll \Windows\System32\msvcrt.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\shell32.dll \Windows\System32\gdi32.dll \Windows\System32\difxapi.dll \Windows\System32\ws2_32.dll \Windows\System32\clbcatq.dll \Windows\System32\usp10.dll \Windows\System32\wininet.dll \Windows\System32\imm32.dll \Windows\System32\normaliz.dll \Windows\System32\urlmon.dll \Windows\System32\Wldap32.dll \Windows\System32\ole32.dll \Windows\System32\oleaut32.dll \Windows\System32\nsi.dll \Windows\System32\psapi.dll \Windows\System32\kernel32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\comctl32.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xfffffa8010c5e380 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000d7\ Lower Device Object: 0xfffffa8010876b60 Lower Device Driver Name: \Driver\USBSTOR\ IRP handler 0 of \Driver\USBSTOR points to an unknown module Unhooking enabled. <<<1>>> Upper Device Name: \Device\Harddisk1\DR4 Upper Device Object: 0xfffffa8010c5e380 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000d7\ Lower Device Object: 0xfffffa8010876b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8007c51060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a7\ Lower Device Object: 0xfffffa8007a6fb60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004c525d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8004aed060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004c525d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004c53040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004c525d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004adcd10, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004aed060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00281f080, 0xfffffa8004c525d0, 0xfffffa800ab92750 Lower DeviceData: 0xfffff8a00d924c00, 0xfffffa8004aed060, 0xfffffa80113949e0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 61767149 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1953314816 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8010c5e380, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80104ef250, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8010c5e380, DeviceName: \Device\Harddisk1\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8010876b60, DeviceName: \Device\000000d7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8007c51060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c51b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007c51060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007a6fb60, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removal finished
  12. STEP 03 Not sure what to do! will be waiting on you.
  13. Thanks! RogueKiller V8.7.0 _x64_ [sep 30 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : HMS1018 [Admin rights] Mode : Scan -- Date : 09/30/2013 17:38:35 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - Hitachi HDS721010CLA332 ATA Device +++++ --- User --- [MBR] dacf81a5cdc15d6b23b15cce8364c761 [bSP] ade3b5e7897382b1a593b7116c9fea16 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_09302013_173835.txt >>
  14. STEP 01 Backup the Registry:NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. It doesn't give me a no option for the start menu folder, where should it go?
  15. My computer constantly keeps freezing (on everything). Help! . attach.txt dds.txt
  16. OS:Windows XP pro/W sp3 Watching a movie when this thing took over. so here is the logs from rkill, malwarebytes, panda cloud and hijack this: This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 01/10/2012 at 22:45:49. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\Documents and Settings\Administrator\Local Settings\Application Data\kbf.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp:winupd.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe Rkill completed on 01/10/2012 at 22:45:51. Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.11.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: EXPERIEN-802FC6 [administrator] 1/10/2012 10:47:07 PM mbam-log-2012-01-11 (01-55-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 211780 Time elapsed: 14 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winupd (Trojan.Ransom.Gen) -> Data: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp:winupd.exe -> No action taken. Registry Data Items Detected: 6 HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\kbf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> No action taken. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\kbf.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> No action taken. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\kbf.exe" -a "iexplore.exe) Good: (iexplore.exe) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 5 c:\documents and settings\administrator\local settings\temp:winupd.exe (Trojan.Ransom.Gen) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\temp\p9pl8571812758123671603.tmp (Trojan.Ransom.Gen) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\temp\tue0.5159456914343048.exe (Spyware.Agent) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Application Data\kbf.exe (Spyware.Agent) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\temp\oiu0.8993867428690028.exe (Exploit.Drop.7) -> No action taken. (end) [19:55.22][iNFO] StubInstaller:Application Starts [19:55.22][iNFO] CDownloader:Stub Installer Version: 1.0.0.22: 30.05.2011 [19:55.22][iNFO] CDownloader:installationPath initialized: C:\Program Files\Panda Security\Panda Cloud Antivirus [19:55.22][iNFO] CRequest::SetConnectionTimeout(500) [19:55.22][iNFO] CRequest::SetConnectionTimeout(500), succeed [19:55.22][iNFO] CRequest::SetConnectionTimeout(500) [19:55.22][iNFO] CRequest::GetSession, The web browser: firefox, detected as system default [19:55.22][iNFO] CRequest::GetSession, Quering FireFox configuration settings... [19:55.22][iNFO] CRequest::GetSession, Completed. The following: '' proxy server has been detected. [19:55.22][iNFO] CRequest::GetSession, Creating session with dirrect connection. [19:55.22][iNFO] CRequest::GetSession, Completed. [19:55.23][iNFO] CDownloader:MajorVersion: 5, MinorVersion 1 [19:55.23][iNFO] CDownloader:isWow: 0 [19:55.23][iNFO] CDownloader:RAM: 1791 [19:55.23][iNFO] CDownloader:diskspace: 9415 [19:55.23][iNFO] CDownloader:Browser version: 8 [19:55.23][iNFO] CDownloader:major: 8 [19:55.23][iNFO] CDownloader:checkCompatibleMode: 0 [19:55.23][iNFO] CDownloader:Read key: Software\Panda Software\Setup [19:55.23][iNFO] CDownloader:Main Installer version number 0 [19:55.23][iNFO] CDownloader:Read key: Software\Panda Software\Setup [19:55.23][iNFO] CDownloader:Main Installer version number 0 [19:55.27][iNFO] CDownloader::SetConnectionTimeout(500) [19:55.27][iNFO] CDownloader::SetConnectionTimeout(500), succeed [19:55.27][iNFO] CDownloader::SetConnectionTimeout(500) [19:55.27][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [19:55.27][iNFO] CDownloader::Close() [19:55.27][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [19:55.27][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [19:55.27][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [19:55.27][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [19:55.27][iNFO] CDownloader::GetSession, Completed. [19:55.27][iNFO] CDownloader:Connecting to server [19:55.27][iNFO] CConnection::Open, Connecting to server [19:55.27][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [19:55.27][iNFO] CDownloader::SetConnectionTimeout(5000) [19:55.27][iNFO] CDownloader::SetConnectionTimeout(5000), succeed [19:55.27][iNFO] CDownloader::SetConnectionTimeout(5000) [19:55.27][iNFO] CDownloader::SetMaxRetires(5), succeed [19:55.27][iNFO] CDownloader::Close() [19:55.27][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [19:55.27][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [19:55.27][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [19:55.27][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [19:55.27][iNFO] CDownloader::GetSession, Completed. [19:55.27][iNFO] CDownloader:Connecting to server [19:55.27][iNFO] CConnection::Open, Connecting to server [19:55.27][iNFO] CConnection::Open, complete [19:55.27][iNFO] CDownloader:File Name: [19:55.27][iNFO] CDownloader:{7E96162E-691D-4232-8F51-56159CD7B81A}.exe [19:55.27][iNFO] CConnection::Open, complete [19:55.27][iNFO] CDownloader:File Name: [19:55.27][iNFO] CDownloader:{106F8795-7C69-4628-B5CD-7322561FB115}.exe [19:55.37][iNFO] CDownloader:Testing Connection [19:55.37][iNFO] CSession:Setting default options [19:55.37][iNFO] CSession::SetConnectionTimeout(7000) [19:55.37][iNFO] CSession::SetConnectionTimeout(7000) [19:55.37][iNFO] CSession::SetConnectionTimeout(7000), succeed [19:55.37][iNFO] CSession::SetMaxRetires(5), succeed [19:55.37][iNFO] CSession::GetSession, The web browser: firefox, detected as system default [19:55.37][iNFO] CSession::GetSession, Quering FireFox configuration settings... [19:55.37][iNFO] CSession::GetSession, Completed. The following: '' proxy server has been detected. [19:55.37][iNFO] CSession::GetSession, Creating session with dirrect connection. [19:55.37][iNFO] CSession::GetSession, Completed. [19:55.37][iNFO] CConnection::Open, Connecting to server [19:55.37][iNFO] CConnection::Open, complete [19:55.37][iNFO] CDownloader:CDownloader::RunConnectivityTest: Running 10 dummy test segments [19:55.37][iNFO] CSegment:#1:test starting... [19:55.37][iNFO] CSegment:#2:test starting... [19:55.37][iNFO] CSegment:#3:test starting... [19:55.37][iNFO] CSegment:#4:test starting... [19:55.37][iNFO] CSegment:#5:test starting... [19:55.37][iNFO] CSegment:#3::Open, Connecting to server [19:55.37][iNFO] CSegment:#6:test starting... [19:55.37][iNFO] CSegment:#1::Open, Connecting to server [19:55.37][iNFO] CSegment:#4::Open, Connecting to server [19:55.37][iNFO] CSegment:#7:test starting... [19:55.37][iNFO] CSegment:#2::Open, Connecting to server [19:55.37][iNFO] CSegment:#8:test starting... [19:55.37][iNFO] CSegment:#5::Open, Connecting to server [19:55.37][iNFO] CSegment:#9:test starting... [19:55.37][iNFO] CSegment:#10:test starting... [19:55.37][iNFO] CSegment:#7::Open, Connecting to server [19:55.37][iNFO] CSegment:#8::Open, Connecting to server [19:55.37][iNFO] CSegment:#6::Open, Connecting to server [19:55.37][iNFO] CSegment:#10::Open, Connecting to server [19:55.37][iNFO] CSegment:#9::Open, Connecting to server [19:55.37][iNFO] CDownloader:Testing Connection [19:55.37][iNFO] CRequest::SetConnectionTimeout(500) [19:55.37][iNFO] CRequest::SetConnectionTimeout(500), succeed [19:55.37][iNFO] CRequest::SetConnectionTimeout(500) [19:55.37][iNFO] CSegment:#3:starting test download... [19:55.38][iNFO] CDownloader:Starting download [19:55.38][iNFO] CDownloader:Runnig 10 segments... [19:55.38][iNFO] CSegment:#1:starting... [19:55.38][iNFO] CSegment:#2:starting... [19:55.38][iNFO] CSegment:#1::Open, Connecting to server [19:55.38][iNFO] CSegment:#3:starting... [19:55.38][iNFO] CSegment:#2::Open, Connecting to server [19:55.38][iNFO] CSegment:#4:starting... [19:55.38][iNFO] CSegment:#5:starting... [19:55.38][iNFO] CSegment:#4::Open, Connecting to server [19:55.38][iNFO] CSegment:#3::Open, Connecting to server [19:55.38][iNFO] CSegment:#5::Open, Connecting to server [19:55.38][iNFO] CSegment:#6:starting... [19:55.38][iNFO] CSegment:#7:starting... [19:55.38][iNFO] CSegment:#6::Open, Connecting to server [19:55.38][iNFO] CSegment:#8:starting... [19:55.38][iNFO] CSegment:#7::Open, Connecting to server [19:55.38][iNFO] CSegment:#9:starting... [19:55.38][iNFO] CSegment:#8::Open, Connecting to server [19:55.38][iNFO] CSegment:#10:starting... [19:55.38][iNFO] CSegment:#9::Open, Connecting to server [19:55.38][iNFO] CSegment:#10::Open, Connecting to server [19:55.38][iNFO] CSegment:#6:starting test download... [19:55.38][iNFO] CSegment:#10:starting test download... [19:55.38][iNFO] CSegment:#7:starting test download... [19:55.38][iNFO] CSegment:#5:starting test download... [19:55.38][iNFO] CSegment:#9:starting test download... [19:55.38][iNFO] CSegment:#1:starting download... [19:55.38][iNFO] CSegment:#8:starting test download... [19:55.38][iNFO] CSegment:#4:starting test download... [19:55.38][iNFO] CSegment:#1:starting test download... [19:55.38][iNFO] CSegment:#2:starting test download... [19:55.38][iNFO] CSegment:#1:Dispose, starting [19:55.38][iNFO] CSegment:#1:Dispose, complete [19:55.38][iNFO] CSegment:#2:Dispose, starting [19:55.38][iNFO] CSegment:#2:Dispose, complete [19:55.38][iNFO] CSegment:#3:Dispose, starting [19:55.38][iNFO] CSegment:#3:Dispose, complete [19:55.38][iNFO] CSegment:#4:Dispose, starting [19:55.38][iNFO] CSegment:#4:Dispose, complete [19:55.38][iNFO] CSegment:#5:Dispose, starting [19:55.38][iNFO] CSegment:#5:Dispose, complete [19:55.38][iNFO] CSegment:#6:Dispose, starting [19:55.38][iNFO] CSegment:#6:Dispose, complete [19:55.38][iNFO] CSegment:#7:Dispose, starting [19:55.38][iNFO] CSegment:#7:Dispose, complete [19:55.38][iNFO] CSegment:#8:Dispose, starting [19:55.38][iNFO] CSegment:#8:Dispose, complete [19:55.38][iNFO] CSegment:#9:Dispose, starting [19:55.38][iNFO] CSegment:#9:Dispose, complete [19:55.38][iNFO] CSegment:#10:Dispose, starting [19:55.38][iNFO] CSegment:#10:Dispose, complete [19:55.38][iNFO] CSession::Close() [19:55.38][iNFO] CSession::Close() [19:55.38][iNFO] CDownloader::DoRun, delete file. [19:55.38][iNFO] CDownloader:Download complete successfully [19:55.38][iNFO] CSegment:#2:starting download... [19:55.38][iNFO] CSegment:#9:starting download... [19:55.38][iNFO] CSegment:#10:starting download... [19:55.38][iNFO] CSegment:#5:starting download... [19:55.38][iNFO] CSegment:#8:starting download... [19:55.38][iNFO] CSegment:#7:starting download... [19:55.38][iNFO] CSegment:#6:starting download... [19:55.38][iNFO] CSegment:#4:starting download... [19:55.38][iNFO] CSegment:#3:starting download... [19:56.21][iNFO] CSegment:#8:download complete, 43s left. [19:56.25][iNFO] CDownloader:WaitAll, removing succed #8 segment [19:56.25][iNFO] CSegment:#8:Dispose, starting [19:56.25][iNFO] CSegment:#8:Dispose, complete [19:56.28][iNFO] CSegment:#7:download complete, 50s left. [19:56.30][iNFO] CSegment:#10:download complete, 52s left. [19:56.32][iNFO] CSegment:#6:download complete, 54s left. [19:56.32][iNFO] CDownloader:WaitAll, removing succed #6 segment [19:56.32][iNFO] CSegment:#6:Dispose, starting [19:56.32][iNFO] CSegment:#6:Dispose, complete [19:56.32][iNFO] CDownloader:WaitAll, removing succed #7 segment [19:56.32][iNFO] CSegment:#7:Dispose, starting [19:56.32][iNFO] CSegment:#7:Dispose, complete [19:56.32][iNFO] CSegment:#5:download complete, 54s left. [19:56.33][iNFO] CSegment:#3:download complete, 55s left. [19:56.33][iNFO] CDownloader:WaitAll, removing succed #10 segment [19:56.33][iNFO] CSegment:#10:Dispose, starting [19:56.33][iNFO] CSegment:#10:Dispose, complete [19:56.34][iNFO] CSegment:#1:download complete, 56s left. [19:56.35][iNFO] CDownloader:WaitAll, removing succed #3 segment [19:56.35][iNFO] CSegment:#3:Dispose, starting [19:56.35][iNFO] CSegment:#3:Dispose, complete [19:56.36][iNFO] CDownloader:WaitAll, removing succed #5 segment [19:56.36][iNFO] CSegment:#5:Dispose, starting [19:56.36][iNFO] CSegment:#5:Dispose, complete [19:56.36][iNFO] CSegment:#2:download complete, 58s left. [19:56.37][iNFO] CSegment:#9:download complete, 59s left. [19:56.37][iNFO] CDownloader:WaitAll, removing succed #9 segment [19:56.37][iNFO] CSegment:#9:Dispose, starting [19:56.37][iNFO] CSegment:#9:Dispose, complete [19:56.37][iNFO] CDownloader:WaitAll, removing succed #1 segment [19:56.37][iNFO] CSegment:#1:Dispose, starting [19:56.37][iNFO] CSegment:#1:Dispose, complete [19:56.37][iNFO] CDownloader:WaitAll, removing succed #2 segment [19:56.37][iNFO] CSegment:#2:Dispose, starting [19:56.37][iNFO] CSegment:#2:Dispose, complete [19:56.39][iNFO] CSegment:#4:download complete, 61s left. [19:56.39][iNFO] CDownloader:WaitAll, removing succed #4 segment [19:56.39][iNFO] CSegment:#4:Dispose, starting [19:56.39][iNFO] CSegment:#4:Dispose, complete [19:56.39][iNFO] CDownloader:Download complete successfully [19:56.39][iNFO] CDownloader:Setting default options [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000) [19:56.39][iNFO] CDownloader:Started ThreadExecute [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000) [19:56.39][iNFO] CDownloader:ThreadExecute after CDlgDownload::m_hSection [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [19:56.39][iNFO] CDownloader::SetMaxRetires(5), succeed [19:56.39][iNFO] CDownloader::SetConnectionTimeout(500), succeed [19:56.39][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_2_en.png [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [19:56.39][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [19:56.39][iNFO] CDownloader:Command line for MainInstaller: -sp"/ConfigurationFile:C:\Temp\CloudAvBootstrap.xml" [19:56.39][iNFO] CRequest::SetConnectionTimeout(500) [19:56.39][iNFO] CRequest::SetConnectionTimeout(500), succeed [19:56.39][iNFO] CRequest::SetConnectionTimeout(500) [19:56.39][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [19:56.39][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [19:56.39][iNFO] CDownloader::GetSession, Completed. [19:56.39][iNFO] CDownloader:Setting default options [19:56.39][iNFO] CDownloader:Connecting to server [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000) [19:56.39][iNFO] CConnection::Open, Connecting to server [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000) [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [19:56.39][iNFO] CDownloader::SetMaxRetires(5), succeed [19:56.39][iNFO] CDownloader::SetConnectionTimeout(500), succeed [19:56.39][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_3_en.png [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [19:56.39][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [19:56.39][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [19:56.39][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [19:56.39][iNFO] CDownloader::GetSession, Completed. [19:56.39][iNFO] CDownloader:Setting default options [19:56.39][iNFO] CDownloader:Connecting to server [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000) [19:56.39][iNFO] CConnection::Open, Connecting to server [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000) [19:56.39][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [19:56.39][iNFO] CDownloader::SetMaxRetires(5), succeed [19:56.39][iNFO] CDownloader::SetConnectionTimeout(500), succeed [19:56.39][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_4_en.png [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [19:56.39][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [19:56.39][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [19:56.39][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [19:56.39][iNFO] CDownloader::GetSession, Completed. [19:56.39][iNFO] CDownloader:Connecting to server [19:56.39][iNFO] CConnection::Open, Connecting to server [19:56.39][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{106F8795-7C69-4628-B5CD-7322561FB115}.exe [19:56.39][iNFO] CDownloader:Finish execute [19:56.39][iNFO] CConnection::Open, complete [19:56.39][iNFO] CDownloader:File Name: [19:56.39][iNFO] CDownloader:{4F2AE8B3-6295-4A0B-928A-D6DA8ED382A4}.png [19:56.39][iNFO] CDownloader:Testing Connection [19:56.39][iNFO] CDownloader:Starting download [19:56.39][iNFO] CDownloader:Runnig 1 segments... [19:56.39][iNFO] CSegment:#1:starting... [19:56.39][iNFO] CSegment:#1::Open, Connecting to server [19:56.39][iNFO] CConnection::Open, complete [19:56.39][iNFO] CDownloader:File Name: [19:56.39][iNFO] CDownloader:{83772722-55E4-4110-B48B-1FF1DAF83F90}.png [19:56.39][iNFO] CDownloader:Testing Connection [19:56.39][iNFO] CDownloader:Starting download [19:56.39][iNFO] CDownloader:Runnig 1 segments... [19:56.39][iNFO] CSegment:#1:starting... [19:56.39][iNFO] CSegment:#1::Open, Connecting to server [19:56.39][iNFO] CSegment:#1:starting download... [19:56.39][iNFO] CSegment:#1:starting download... [19:56.39][iNFO] CConnection::Open, complete [19:56.39][iNFO] CDownloader:File Name: [19:56.39][iNFO] CDownloader:{29B5C304-D747-40A8-89F1-7E1FFAC904B3}.png [19:56.39][iNFO] CDownloader:Testing Connection [19:56.39][iNFO] CDownloader:Starting download [19:56.39][iNFO] CDownloader:Runnig 1 segments... [19:56.39][iNFO] CSegment:#1:starting... [19:56.39][iNFO] CSegment:#1::Open, Connecting to server [19:56.39][iNFO] CSegment:#1:starting download... [19:56.39][iNFO] StubInstaller:Application Exit [19:56.39][iNFO] CSegment:#1:Dispose, starting [19:56.39][iNFO] CSegment:#1:Dispose, complete [19:56.39][ERROR] 0:CSegment:#1:::GetCurrentThreadId(): 3060 Position(): 0 [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CSegment:#1:Dispose, starting [19:56.39][iNFO] CDownloader::WaitAll, terminating unfinished (0) segments thread procs... [19:56.39][iNFO] CSegment:#1:Dispose, complete [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CSegment:#1:Dispose, starting [19:56.39][ERROR] -1:CSegment::ThreadMain, failed to process an incoming segment [19:56.39][iNFO] CSegment:#1:Dispose, complete [19:56.39][iNFO] CDownloader::WaitAll, terminating unfinished (0) segments thread procs... [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CDownloader::WaitAll, terminating unfinished (0) segments thread procs... [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CDownloader::DoRun, delete file. [19:56.39][iNFO] CDownloader::DoRun, delete file. [19:56.39][iNFO] CDownloader::Close() [19:56.39][iNFO] CDownloader:Delete file failed [19:56.39][iNFO] CDownloader::DoRun, delete file. [19:56.39][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{7E96162E-691D-4232-8F51-56159CD7B81A}.exe [19:59.33][iNFO] StubInstaller:Application Starts [19:59.33][iNFO] CDownloader:Stub Installer Version: 1.0.0.22: 30.05.2011 [19:59.33][iNFO] CDownloader:installationPath initialized: C:\Program Files\Panda Security\Panda Cloud Antivirus [19:59.33][iNFO] CRequest::SetConnectionTimeout(500) [19:59.33][iNFO] CRequest::SetConnectionTimeout(500), succeed [19:59.33][iNFO] CRequest::SetConnectionTimeout(500) [19:59.33][iNFO] CRequest::GetSession, The web browser: firefox, detected as system default [19:59.33][iNFO] CRequest::GetSession, Quering FireFox configuration settings... [19:59.33][iNFO] CRequest::GetSession, Completed. The following: '' proxy server has been detected. [19:59.33][iNFO] CRequest::GetSession, Creating session with dirrect connection. [19:59.33][iNFO] CRequest::GetSession, Completed. [19:59.33][iNFO] CDownloader:MajorVersion: 5, MinorVersion 1 [19:59.33][iNFO] CDownloader:isWow: 0 [19:59.33][iNFO] CDownloader:RAM: 1791 [19:59.33][iNFO] CDownloader:diskspace: 9264 [19:59.33][iNFO] CDownloader:Browser version: 8 [19:59.33][iNFO] CDownloader:major: 8 [19:59.33][iNFO] CDownloader:checkCompatibleMode: 0 [19:59.33][iNFO] CDownloader:Read key: Software\Panda Software\Setup [19:59.33][iNFO] CDownloader:Main Installer version number 0 [19:59.33][iNFO] CDownloader:Read key: Software\Panda Software\Setup [19:59.33][iNFO] CDownloader:Main Installer version number 0 [19:59.36][iNFO] CDownloader::SetConnectionTimeout(500) [19:59.36][iNFO] CDownloader::SetConnectionTimeout(500), succeed [19:59.36][iNFO] CDownloader::SetConnectionTimeout(500) [19:59.36][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [19:59.36][iNFO] CDownloader::Close() [19:59.36][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [19:59.36][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [19:59.36][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [19:59.36][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [19:59.36][iNFO] CDownloader::GetSession, Completed. [19:59.36][iNFO] CDownloader:Connecting to server [19:59.36][iNFO] CConnection::Open, Connecting to server [19:59.36][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [19:59.36][iNFO] CDownloader::SetConnectionTimeout(5000) [19:59.36][iNFO] CDownloader::SetConnectionTimeout(5000), succeed [19:59.36][iNFO] CDownloader::SetConnectionTimeout(5000) [19:59.36][iNFO] CDownloader::SetMaxRetires(5), succeed [19:59.36][iNFO] CDownloader::Close() [19:59.36][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [19:59.36][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [19:59.36][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [19:59.36][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [19:59.36][iNFO] CDownloader::GetSession, Completed. [19:59.36][iNFO] CDownloader:Connecting to server [19:59.36][iNFO] CConnection::Open, Connecting to server [19:59.36][iNFO] CConnection::Open, complete [19:59.36][iNFO] CDownloader:File Name: [19:59.36][iNFO] CDownloader:{C55F5D55-464D-48F7-8EBD-C7A04071C972}.exe [19:59.36][iNFO] CConnection::Open, complete [19:59.36][iNFO] CDownloader:File Name: [19:59.36][iNFO] CDownloader:{5E8F016D-AF21-41DC-9D67-56B9BB0450D3}.exe [19:59.45][iNFO] CDownloader:Testing Connection [19:59.45][iNFO] CSession:Setting default options [19:59.45][iNFO] CSession::SetConnectionTimeout(7000) [19:59.45][iNFO] CSession::SetConnectionTimeout(7000) [19:59.45][iNFO] CSession::SetConnectionTimeout(7000), succeed [19:59.45][iNFO] CSession::SetMaxRetires(5), succeed [19:59.45][iNFO] CSession::GetSession, The web browser: firefox, detected as system default [19:59.45][iNFO] CSession::GetSession, Quering FireFox configuration settings... [19:59.45][iNFO] CSession::GetSession, Completed. The following: '' proxy server has been detected. [19:59.45][iNFO] CSession::GetSession, Creating session with dirrect connection. [19:59.45][iNFO] CSession::GetSession, Completed. [19:59.45][iNFO] CConnection::Open, Connecting to server [19:59.45][iNFO] CDownloader:Testing Connection [19:59.45][iNFO] CRequest::SetConnectionTimeout(500) [19:59.45][iNFO] CRequest::SetConnectionTimeout(500), succeed [19:59.45][iNFO] CRequest::SetConnectionTimeout(500) [19:59.46][iNFO] CConnection::Open, complete [19:59.46][iNFO] CDownloader:CDownloader::RunConnectivityTest: Running 10 dummy test segments [19:59.46][iNFO] CSegment:#1:test starting... [19:59.46][iNFO] CSegment:#2:test starting... [19:59.46][iNFO] CSegment:#3:test starting... [19:59.46][iNFO] CSegment:#4:test starting... [19:59.46][iNFO] CSegment:#5:test starting... [19:59.46][iNFO] CSegment:#6:test starting... [19:59.46][iNFO] CSegment:#1::Open, Connecting to server [19:59.46][iNFO] CSegment:#7:test starting... [19:59.46][iNFO] CSegment:#2::Open, Connecting to server [19:59.46][iNFO] CSegment:#4::Open, Connecting to server [19:59.46][iNFO] CSegment:#3::Open, Connecting to server [19:59.46][iNFO] CSegment:#6::Open, Connecting to server [19:59.46][iNFO] CSegment:#8:test starting... [19:59.46][iNFO] CSegment:#9:test starting... [19:59.46][iNFO] CSegment:#10:test starting... [19:59.46][iNFO] CSegment:#9::Open, Connecting to server [19:59.46][iNFO] CSegment:#5::Open, Connecting to server [19:59.46][iNFO] CSegment:#8::Open, Connecting to server [19:59.46][iNFO] CSegment:#7::Open, Connecting to server [19:59.46][iNFO] CSegment:#10::Open, Connecting to server [19:59.46][iNFO] CSegment:#6:starting test download... [19:59.46][iNFO] CSegment:#9:starting test download... [19:59.46][iNFO] CSegment:#4:starting test download... [19:59.46][iNFO] CSegment:#7:starting test download... [19:59.46][iNFO] CSegment:#8:starting test download... [19:59.46][iNFO] CSegment:#1:starting test download... [19:59.46][iNFO] CSegment:#3:starting test download... [19:59.46][iNFO] CSegment:#5:starting test download... [19:59.46][iNFO] CSegment:#10:starting test download... [19:59.46][iNFO] CSegment:#2:starting test download... [19:59.46][iNFO] CSegment:#1:Dispose, starting [19:59.46][iNFO] CSegment:#1:Dispose, complete [19:59.46][iNFO] CSegment:#2:Dispose, starting [19:59.46][iNFO] CSegment:#2:Dispose, complete [19:59.46][iNFO] CSegment:#3:Dispose, starting [19:59.46][iNFO] CSegment:#3:Dispose, complete [19:59.46][iNFO] CSegment:#4:Dispose, starting [19:59.46][iNFO] CSegment:#4:Dispose, complete [19:59.46][iNFO] CSegment:#5:Dispose, starting [19:59.46][iNFO] CSegment:#5:Dispose, complete [19:59.46][iNFO] CSegment:#6:Dispose, starting [19:59.46][iNFO] CSegment:#6:Dispose, complete [19:59.46][iNFO] CSegment:#7:Dispose, starting [19:59.46][iNFO] CSegment:#7:Dispose, complete [19:59.46][iNFO] CSegment:#8:Dispose, starting [19:59.46][iNFO] CSegment:#8:Dispose, complete [19:59.46][iNFO] CSegment:#9:Dispose, starting [19:59.46][iNFO] CSegment:#9:Dispose, complete [19:59.46][iNFO] CSegment:#10:Dispose, starting [19:59.46][iNFO] CSegment:#10:Dispose, complete [19:59.46][iNFO] CSession::Close() [19:59.46][iNFO] CSession::Close() [19:59.46][iNFO] CDownloader::DoRun, delete file. [19:59.46][iNFO] CDownloader:Download complete successfully [19:59.46][iNFO] CDownloader:Starting download [19:59.46][iNFO] CDownloader:Runnig 10 segments... [19:59.46][iNFO] CSegment:#1:starting... [19:59.46][iNFO] CSegment:#2:starting... [19:59.46][iNFO] CSegment:#1::Open, Connecting to server [19:59.46][iNFO] CSegment:#3:starting... [19:59.46][iNFO] CSegment:#2::Open, Connecting to server [19:59.46][iNFO] CSegment:#4:starting... [19:59.46][iNFO] CSegment:#3::Open, Connecting to server [19:59.46][iNFO] CSegment:#5:starting... [19:59.46][iNFO] CSegment:#6:starting... [19:59.46][iNFO] CSegment:#5::Open, Connecting to server [19:59.46][iNFO] CSegment:#7:starting... [19:59.46][iNFO] CSegment:#8:starting... [19:59.46][iNFO] CSegment:#7::Open, Connecting to server [19:59.46][iNFO] CSegment:#4::Open, Connecting to server [19:59.46][iNFO] CSegment:#6::Open, Connecting to server [19:59.46][iNFO] CSegment:#9:starting... [19:59.46][iNFO] CSegment:#8::Open, Connecting to server [19:59.46][iNFO] CSegment:#10:starting... [19:59.46][iNFO] CSegment:#9::Open, Connecting to server [19:59.46][iNFO] CSegment:#10::Open, Connecting to server [19:59.46][iNFO] CSegment:#1:starting download... [19:59.46][iNFO] CSegment:#5:starting download... [19:59.46][iNFO] CSegment:#3:starting download... [19:59.46][iNFO] CSegment:#4:starting download... [19:59.46][iNFO] CSegment:#2:starting download... [19:59.46][iNFO] CSegment:#7:starting download... [19:59.46][iNFO] CSegment:#6:starting download... [19:59.46][iNFO] CSegment:#8:starting download... [19:59.46][iNFO] CSegment:#9:starting download... [19:59.46][iNFO] CSegment:#10:starting download... [20:00.13][iNFO] CSegment:#5:download complete, 27s left. [20:00.13][iNFO] CSegment:#2:download complete, 27s left. [20:00.13][iNFO] CSegment:#8:download complete, 27s left. [20:00.13][iNFO] CDownloader:WaitAll, removing succed #8 segment [20:00.13][iNFO] CSegment:#8:Dispose, starting [20:00.13][iNFO] CSegment:#8:Dispose, complete [20:00.13][iNFO] CSegment:#9:download complete, 27s left. [20:00.13][iNFO] CDownloader:WaitAll, removing succed #9 segment [20:00.13][iNFO] CSegment:#9:Dispose, starting [20:00.13][iNFO] CSegment:#9:Dispose, complete [20:00.13][iNFO] CSegment:#1:download complete, 27s left. [20:00.13][iNFO] CSegment:#10:download complete, 27s left. [20:00.13][iNFO] CDownloader:WaitAll, removing succed #10 segment [20:00.13][iNFO] CSegment:#10:Dispose, starting [20:00.13][iNFO] CSegment:#10:Dispose, complete [20:00.13][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:00.13][iNFO] CSegment:#1:Dispose, starting [20:00.13][iNFO] CSegment:#1:Dispose, complete [20:00.13][iNFO] CDownloader:WaitAll, removing succed #2 segment [20:00.13][iNFO] CSegment:#2:Dispose, starting [20:00.13][iNFO] CSegment:#2:Dispose, complete [20:00.13][iNFO] CSegment:#4:download complete, 27s left. [20:00.13][iNFO] CSegment:#6:download complete, 27s left. [20:00.13][iNFO] CSegment:#7:download complete, 27s left. [20:00.13][iNFO] CSegment:#3:download complete, 27s left. [20:00.13][iNFO] CDownloader:WaitAll, removing succed #3 segment [20:00.13][iNFO] CSegment:#3:Dispose, starting [20:00.13][iNFO] CSegment:#3:Dispose, complete [20:00.13][iNFO] CDownloader:WaitAll, removing succed #4 segment [20:00.13][iNFO] CSegment:#4:Dispose, starting [20:00.13][iNFO] CSegment:#4:Dispose, complete [20:00.13][iNFO] CDownloader:WaitAll, removing succed #5 segment [20:00.13][iNFO] CSegment:#5:Dispose, starting [20:00.13][iNFO] CSegment:#5:Dispose, complete [20:00.13][iNFO] CDownloader:WaitAll, removing succed #6 segment [20:00.13][iNFO] CSegment:#6:Dispose, starting [20:00.13][iNFO] CSegment:#6:Dispose, complete [20:00.13][iNFO] CDownloader:WaitAll, removing succed #7 segment [20:00.13][iNFO] CSegment:#7:Dispose, starting [20:00.13][iNFO] CSegment:#7:Dispose, complete [20:00.13][iNFO] CDownloader:Download complete successfully [20:00.13][iNFO] CDownloader:Setting default options [20:00.13][iNFO] CDownloader:Started ThreadExecute [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000) [20:00.13][iNFO] CDownloader:ThreadExecute after CDlgDownload::m_hSection [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000) [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [20:00.13][iNFO] CDownloader::SetMaxRetires(5), succeed [20:00.13][iNFO] CDownloader::SetConnectionTimeout(500), succeed [20:00.13][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_2_en.png [20:00.13][iNFO] CDownloader::Close() [20:00.13][iNFO] CDownloader:Command line for MainInstaller: -sp"/ConfigurationFile:C:\Temp\CloudAvBootstrap.xml" [20:00.13][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:00.13][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:00.13][iNFO] CRequest::SetConnectionTimeout(500) [20:00.13][iNFO] CRequest::SetConnectionTimeout(500), succeed [20:00.13][iNFO] CRequest::SetConnectionTimeout(500) [20:00.13][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:00.13][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:00.13][iNFO] CDownloader::GetSession, Completed. [20:00.13][iNFO] CDownloader:Setting default options [20:00.13][iNFO] CDownloader:Connecting to server [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000) [20:00.13][iNFO] CConnection::Open, Connecting to server [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000) [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [20:00.13][iNFO] CDownloader::SetMaxRetires(5), succeed [20:00.13][iNFO] CDownloader::SetConnectionTimeout(500), succeed [20:00.13][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_3_en.png [20:00.13][iNFO] CDownloader::Close() [20:00.13][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:00.13][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:00.13][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:00.13][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:00.13][iNFO] CDownloader::GetSession, Completed. [20:00.13][iNFO] CDownloader:Setting default options [20:00.13][iNFO] CDownloader:Connecting to server [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000) [20:00.13][iNFO] CConnection::Open, Connecting to server [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000) [20:00.13][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [20:00.13][iNFO] CDownloader::SetMaxRetires(5), succeed [20:00.13][iNFO] CDownloader::SetConnectionTimeout(500), succeed [20:00.13][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_4_en.png [20:00.13][iNFO] CDownloader::Close() [20:00.13][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:00.13][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:00.13][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:00.13][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:00.13][iNFO] CDownloader::GetSession, Completed. [20:00.13][iNFO] CDownloader:Connecting to server [20:00.13][iNFO] CConnection::Open, Connecting to server [20:00.13][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5E8F016D-AF21-41DC-9D67-56B9BB0450D3}.exe [20:00.13][iNFO] CDownloader:Finish execute [20:00.13][iNFO] CConnection::Open, complete [20:00.13][iNFO] CDownloader:File Name: [20:00.13][iNFO] CDownloader:{5836ACB7-CBE6-4C23-B4BB-1FE6AE478261}.png [20:00.13][iNFO] CDownloader:Testing Connection [20:00.13][iNFO] CDownloader:Starting download [20:00.13][iNFO] CDownloader:Runnig 1 segments... [20:00.13][iNFO] CSegment:#1:starting... [20:00.13][iNFO] CSegment:#1::Open, Connecting to server [20:00.13][iNFO] CConnection::Open, complete [20:00.13][iNFO] CDownloader:File Name: [20:00.13][iNFO] CDownloader:{647BBB30-7535-4EB4-8CAF-96EF75F79D38}.png [20:00.13][iNFO] CConnection::Open, complete [20:00.14][iNFO] CSegment:#1:starting download... [20:00.14][iNFO] CDownloader:File Name: [20:00.14][iNFO] CDownloader:Testing Connection [20:00.14][iNFO] CDownloader:{EA160D80-DFBB-4230-B42B-F230599A6A81}.png [20:00.14][iNFO] CDownloader:Starting download [20:00.14][iNFO] CDownloader:Runnig 1 segments... [20:00.14][iNFO] CSegment:#1:starting... [20:00.14][iNFO] CDownloader:Testing Connection [20:00.14][iNFO] CSegment:#1::Open, Connecting to server [20:00.14][iNFO] CDownloader:Starting download [20:00.14][iNFO] CDownloader:Runnig 1 segments... [20:00.14][iNFO] CSegment:#1:starting... [20:00.14][iNFO] CSegment:#1::Open, Connecting to server [20:00.14][iNFO] CSegment:#1:starting download... [20:00.14][iNFO] CSegment:#1:starting download... [20:00.14][iNFO] CSegment:#1:download complete, 1s left. [20:00.14][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:00.14][iNFO] CSegment:#1:Dispose, starting [20:00.14][iNFO] CSegment:#1:Dispose, complete [20:00.14][iNFO] CDownloader:Download complete successfully [20:00.14][iNFO] CSegment:#1:download complete, 0s left. [20:00.14][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:00.14][iNFO] CSegment:#1:Dispose, starting [20:00.14][iNFO] CSegment:#1:Dispose, complete [20:00.14][iNFO] CDownloader:Download complete successfully [20:00.14][iNFO] CSegment:#1:download complete, 0s left. [20:00.14][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:00.14][iNFO] CSegment:#1:Dispose, starting [20:00.14][iNFO] CSegment:#1:Dispose, complete [20:00.14][iNFO] CDownloader:Download complete successfully [20:00.15][iNFO] CRequest::SetConnectionTimeout(500) [20:00.15][iNFO] CRequest::SetConnectionTimeout(500), succeed [20:00.15][iNFO] CRequest::SetConnectionTimeout(500) [20:13.42][iNFO] StubInstaller:Application Exit [20:13.42][iNFO] CDownloader::Close() [20:13.42][iNFO] CDownloader::Close() [20:13.42][iNFO] CDownloader::Close() [20:13.42][iNFO] CDownloader:Delete file failed [20:13.42][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{C55F5D55-464D-48F7-8EBD-C7A04071C972}.exe [20:13.42][iNFO] CDownloader:Delete file failed [20:13.42][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5E8F016D-AF21-41DC-9D67-56B9BB0450D3}.exe [20:13.42][iNFO] CDownloader:Delete file failed [20:13.42][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5836ACB7-CBE6-4C23-B4BB-1FE6AE478261}.png [20:13.42][iNFO] CDownloader::Close() [20:13.42][iNFO] CDownloader::Close() [20:13.48][iNFO] StubInstaller:Application Starts [20:13.48][iNFO] CDownloader:Stub Installer Version: 1.0.0.22: 30.05.2011 [20:13.48][iNFO] CDownloader:installationPath initialized: C:\Program Files\Panda Security\Panda Cloud Antivirus [20:13.48][iNFO] CRequest::SetConnectionTimeout(500) [20:13.48][iNFO] CRequest::SetConnectionTimeout(500), succeed [20:13.48][iNFO] CRequest::SetConnectionTimeout(500) [20:13.48][iNFO] CRequest::GetSession, The web browser: firefox, detected as system default [20:13.48][iNFO] CRequest::GetSession, Quering FireFox configuration settings... [20:13.48][iNFO] CRequest::GetSession, Completed. The following: '' proxy server has been detected. [20:13.48][iNFO] CRequest::GetSession, Creating session with dirrect connection. [20:13.48][iNFO] CRequest::GetSession, Completed. [20:13.48][iNFO] CDownloader:MajorVersion: 5, MinorVersion 1 [20:13.48][iNFO] CDownloader:isWow: 0 [20:13.48][iNFO] CDownloader:RAM: 1791 [20:13.48][iNFO] CDownloader:diskspace: 9146 [20:13.48][iNFO] CDownloader:Browser version: 8 [20:13.48][iNFO] CDownloader:major: 8 [20:13.48][iNFO] CDownloader:checkCompatibleMode: 0 [20:13.48][iNFO] CDownloader:Read key: Software\Panda Software\Setup [20:13.48][iNFO] CDownloader:Main Installer version number 0 [20:13.48][iNFO] CDownloader:Read key: Software\Panda Software\Setup [20:13.48][iNFO] CDownloader:Main Installer version number 0 [20:16.18][iNFO] CDownloader::SetConnectionTimeout(500) [20:16.18][iNFO] CDownloader::SetConnectionTimeout(500), succeed [20:16.18][iNFO] CDownloader::SetConnectionTimeout(500) [20:16.18][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [20:16.18][iNFO] CDownloader::Close() [20:16.18][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:16.18][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:16.18][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:16.18][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:16.18][iNFO] CDownloader::GetSession, Completed. [20:16.18][iNFO] CDownloader:Connecting to server [20:16.18][iNFO] CConnection::Open, Connecting to server [20:16.18][iNFO] CConnection::Open, complete [20:16.18][iNFO] CDownloader:File Name: [20:16.18][iNFO] CDownloader:{4BEC5E14-48B9-46EB-ABF8-E291B677F013}.exe [20:16.18][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [20:16.18][iNFO] CDownloader::SetConnectionTimeout(5000) [20:16.18][iNFO] CDownloader::SetConnectionTimeout(5000), succeed [20:16.18][iNFO] CDownloader::SetConnectionTimeout(5000) [20:16.18][iNFO] CDownloader::SetMaxRetires(5), succeed [20:16.18][iNFO] CDownloader::Close() [20:16.18][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:16.18][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:16.18][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:16.18][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:16.18][iNFO] CDownloader::GetSession, Completed. [20:16.18][iNFO] CDownloader:Connecting to server [20:16.18][iNFO] CConnection::Open, Connecting to server [20:16.18][iNFO] CConnection::Open, complete [20:16.18][iNFO] CDownloader:File Name: [20:16.18][iNFO] CDownloader:{805ABC85-6142-4C37-9792-85781EF268C1}.exe [20:16.25][iNFO] CDownloader:Testing Connection [20:16.25][iNFO] CSession:Setting default options [20:16.25][iNFO] CSession::SetConnectionTimeout(7000) [20:16.25][iNFO] CSession::SetConnectionTimeout(7000) [20:16.25][iNFO] CSession::SetConnectionTimeout(7000), succeed [20:16.25][iNFO] CSession::SetMaxRetires(5), succeed [20:16.25][iNFO] CSession::GetSession, The web browser: firefox, detected as system default [20:16.25][iNFO] CSession::GetSession, Quering FireFox configuration settings... [20:16.25][iNFO] CSession::GetSession, Completed. The following: '' proxy server has been detected. [20:16.25][iNFO] CSession::GetSession, Creating session with dirrect connection. [20:16.25][iNFO] CSession::GetSession, Completed. [20:16.25][iNFO] CConnection::Open, Connecting to server [20:16.26][iNFO] CConnection::Open, complete [20:16.26][iNFO] CDownloader:CDownloader::RunConnectivityTest: Running 10 dummy test segments [20:16.26][iNFO] CSegment:#1:test starting... [20:16.26][iNFO] CSegment:#2:test starting... [20:16.26][iNFO] CSegment:#3:test starting... [20:16.26][iNFO] CSegment:#4:test starting... [20:16.26][iNFO] CSegment:#5:test starting... [20:16.26][iNFO] CSegment:#6:test starting... [20:16.26][iNFO] CSegment:#7:test starting... [20:16.26][iNFO] CSegment:#8:test starting... [20:16.26][iNFO] CSegment:#9:test starting... [20:16.26][iNFO] CSegment:#10:test starting... [20:16.26][iNFO] CSegment:#4::Open, Connecting to server [20:16.26][iNFO] CSegment:#6::Open, Connecting to server [20:16.26][iNFO] CSegment:#1::Open, Connecting to server [20:16.26][iNFO] CSegment:#9::Open, Connecting to server [20:16.26][iNFO] CSegment:#2::Open, Connecting to server [20:16.26][iNFO] CSegment:#8::Open, Connecting to server [20:16.26][iNFO] CSegment:#3::Open, Connecting to server [20:16.26][iNFO] CSegment:#7::Open, Connecting to server [20:16.26][iNFO] CSegment:#5::Open, Connecting to server [20:16.26][iNFO] CSegment:#10::Open, Connecting to server [20:16.26][iNFO] CSegment:#4:starting test download... [20:16.26][iNFO] CDownloader:Testing Connection [20:16.26][iNFO] CRequest::SetConnectionTimeout(500) [20:16.26][iNFO] CRequest::SetConnectionTimeout(500), succeed [20:16.26][iNFO] CRequest::SetConnectionTimeout(500) [20:16.27][iNFO] CDownloader:Starting download [20:16.27][iNFO] CDownloader:Runnig 10 segments... [20:16.27][iNFO] CSegment:#1:starting... [20:16.27][iNFO] CSegment:#2:starting... [20:16.27][iNFO] CSegment:#1::Open, Connecting to server [20:16.27][iNFO] CSegment:#3:starting... [20:16.27][iNFO] CSegment:#4:starting... [20:16.27][iNFO] CSegment:#5:starting... [20:16.27][iNFO] CSegment:#6:starting... [20:16.27][iNFO] CSegment:#7:starting... [20:16.27][iNFO] CSegment:#8:starting... [20:16.27][iNFO] CSegment:#9:starting... [20:16.27][iNFO] CSegment:#10:starting... [20:16.27][iNFO] CSegment:#3::Open, Connecting to server [20:16.27][iNFO] CSegment:#5::Open, Connecting to server [20:16.27][iNFO] CSegment:#7::Open, Connecting to server [20:16.27][iNFO] CSegment:#2::Open, Connecting to server [20:16.27][iNFO] CSegment:#9::Open, Connecting to server [20:16.27][iNFO] CSegment:#4::Open, Connecting to server [20:16.27][iNFO] CSegment:#6::Open, Connecting to server [20:16.27][iNFO] CSegment:#8::Open, Connecting to server [20:16.27][iNFO] CSegment:#10::Open, Connecting to server [20:16.27][iNFO] CSegment:#7:starting test download... [20:16.27][iNFO] CSegment:#8:starting test download... [20:16.27][iNFO] CSegment:#5:starting test download... [20:16.27][iNFO] CSegment:#6:starting test download... [20:16.27][iNFO] CSegment:#3:starting test download... [20:16.27][iNFO] CSegment:#1:starting download... [20:16.27][iNFO] CSegment:#2:starting test download... [20:16.27][iNFO] CSegment:#9:starting test download... [20:16.27][iNFO] CSegment:#10:starting test download... [20:16.27][iNFO] CSegment:#1:starting test download... [20:16.27][iNFO] CSegment:#1:Dispose, starting [20:16.27][iNFO] CSegment:#1:Dispose, complete [20:16.27][iNFO] CSegment:#2:Dispose, starting [20:16.27][iNFO] CSegment:#2:Dispose, complete [20:16.27][iNFO] CSegment:#3:Dispose, starting [20:16.27][iNFO] CSegment:#3:Dispose, complete [20:16.27][iNFO] CSegment:#4:Dispose, starting [20:16.27][iNFO] CSegment:#4:Dispose, complete [20:16.27][iNFO] CSegment:#5:Dispose, starting [20:16.27][iNFO] CSegment:#5:Dispose, complete [20:16.27][iNFO] CSegment:#6:Dispose, starting [20:16.27][iNFO] CSegment:#6:Dispose, complete [20:16.27][iNFO] CSegment:#7:Dispose, starting [20:16.27][iNFO] CSegment:#7:Dispose, complete [20:16.27][iNFO] CSegment:#8:Dispose, starting [20:16.27][iNFO] CSegment:#8:Dispose, complete [20:16.27][iNFO] CSegment:#9:Dispose, starting [20:16.27][iNFO] CSegment:#9:Dispose, complete [20:16.27][iNFO] CSegment:#10:Dispose, starting [20:16.27][iNFO] CSegment:#10:Dispose, complete [20:16.27][iNFO] CSession::Close() [20:16.27][iNFO] CSession::Close() [20:16.27][iNFO] CDownloader::DoRun, delete file. [20:16.27][iNFO] CDownloader:Download complete successfully [20:16.27][iNFO] CSegment:#8:starting download... [20:16.27][iNFO] CSegment:#4:starting download... [20:16.27][iNFO] CSegment:#2:starting download... [20:16.27][iNFO] CSegment:#9:starting download... [20:16.27][iNFO] CSegment:#10:starting download... [20:16.27][iNFO] CSegment:#5:starting download... [20:16.27][iNFO] CSegment:#3:starting download... [20:16.27][iNFO] CSegment:#6:starting download... [20:16.27][iNFO] CSegment:#7:starting download... [20:16.45][iNFO] CSegment:#10:download complete, 18s left. [20:16.45][iNFO] CSegment:#3:download complete, 18s left. [20:16.46][iNFO] CDownloader:WaitAll, removing succed #10 segment [20:16.46][iNFO] CSegment:#10:Dispose, starting [20:16.46][iNFO] CSegment:#10:Dispose, complete [20:16.46][iNFO] CSegment:#8:download complete, 19s left. [20:16.46][iNFO] CSegment:#2:download complete, 19s left. [20:16.46][iNFO] CSegment:#9:download complete, 19s left. [20:16.46][iNFO] CSegment:#1:download complete, 19s left. [20:16.46][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:16.46][iNFO] CSegment:#1:Dispose, starting [20:16.46][iNFO] CSegment:#1:Dispose, complete [20:16.46][iNFO] CDownloader:WaitAll, removing succed #2 segment [20:16.46][iNFO] CSegment:#2:Dispose, starting [20:16.46][iNFO] CSegment:#2:Dispose, complete [20:16.46][iNFO] CDownloader:WaitAll, removing succed #3 segment [20:16.46][iNFO] CSegment:#3:Dispose, starting [20:16.46][iNFO] CSegment:#3:Dispose, complete [20:16.46][iNFO] CSegment:#4:download complete, 19s left. [20:16.46][iNFO] CDownloader:WaitAll, removing succed #4 segment [20:16.46][iNFO] CSegment:#4:Dispose, starting [20:16.46][iNFO] CSegment:#4:Dispose, complete [20:16.46][iNFO] CSegment:#5:download complete, 19s left. [20:16.46][iNFO] CDownloader:WaitAll, removing succed #5 segment [20:16.46][iNFO] CSegment:#5:Dispose, starting [20:16.46][iNFO] CSegment:#5:Dispose, complete [20:16.48][iNFO] CSegment:#6:download complete, 21s left. [20:16.48][iNFO] CSegment:#7:download complete, 21s left. [20:16.48][iNFO] CDownloader:WaitAll, removing succed #7 segment [20:16.48][iNFO] CSegment:#7:Dispose, starting [20:16.48][iNFO] CSegment:#7:Dispose, complete [20:16.48][iNFO] CDownloader:WaitAll, removing succed #8 segment [20:16.48][iNFO] CSegment:#8:Dispose, starting [20:16.48][iNFO] CSegment:#8:Dispose, complete [20:16.48][iNFO] CDownloader:WaitAll, removing succed #9 segment [20:16.48][iNFO] CSegment:#9:Dispose, starting [20:16.48][iNFO] CSegment:#9:Dispose, complete [20:16.48][iNFO] CDownloader:WaitAll, removing succed #6 segment [20:16.48][iNFO] CSegment:#6:Dispose, starting [20:16.48][iNFO] CSegment:#6:Dispose, complete [20:16.48][iNFO] CDownloader:Download complete successfully [20:16.48][iNFO] CDownloader:Setting default options [20:16.48][iNFO] CDownloader:Started ThreadExecute [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000) [20:16.48][iNFO] CDownloader:ThreadExecute after CDlgDownload::m_hSection [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000) [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [20:16.48][iNFO] CDownloader::SetMaxRetires(5), succeed [20:16.48][iNFO] CDownloader::SetConnectionTimeout(500), succeed [20:16.48][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_2_en.png [20:16.48][iNFO] CDownloader:Command line for MainInstaller: -sp"/ConfigurationFile:C:\Temp\CloudAvBootstrap.xml" [20:16.48][iNFO] CDownloader::Close() [20:16.48][iNFO] CRequest::SetConnectionTimeout(500) [20:16.48][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:16.48][iNFO] CRequest::SetConnectionTimeout(500), succeed [20:16.48][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:16.48][iNFO] CRequest::SetConnectionTimeout(500) [20:16.48][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:16.48][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:16.48][iNFO] CDownloader::GetSession, Completed. [20:16.48][iNFO] CDownloader:Setting default options [20:16.48][iNFO] CDownloader:Connecting to server [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000) [20:16.48][iNFO] CConnection::Open, Connecting to server [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000) [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [20:16.48][iNFO] CDownloader::SetMaxRetires(5), succeed [20:16.48][iNFO] CDownloader::SetConnectionTimeout(500), succeed [20:16.48][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_3_en.png [20:16.48][iNFO] CDownloader::Close() [20:16.48][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:16.48][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:16.48][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:16.48][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:16.48][iNFO] CDownloader::GetSession, Completed. [20:16.48][iNFO] CDownloader:Setting default options [20:16.48][iNFO] CDownloader:Connecting to server [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000) [20:16.48][iNFO] CConnection::Open, Connecting to server [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000) [20:16.48][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [20:16.48][iNFO] CDownloader::SetMaxRetires(5), succeed [20:16.48][iNFO] CDownloader::SetConnectionTimeout(500), succeed [20:16.48][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_4_en.png [20:16.48][iNFO] CDownloader::Close() [20:16.48][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [20:16.48][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [20:16.48][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [20:16.48][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [20:16.48][iNFO] CDownloader::GetSession, Completed. [20:16.48][iNFO] CDownloader:Connecting to server [20:16.48][iNFO] CConnection::Open, Connecting to server [20:16.48][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{805ABC85-6142-4C37-9792-85781EF268C1}.exe [20:16.48][iNFO] CDownloader:Finish execute [20:16.48][iNFO] CConnection::Open, complete [20:16.48][iNFO] CDownloader:File Name: [20:16.48][iNFO] CDownloader:{4C7CE4EF-E8C2-474F-802B-42B69F124E0B}.png [20:16.48][iNFO] CDownloader:Testing Connection [20:16.48][iNFO] CDownloader:Starting download [20:16.48][iNFO] CDownloader:Runnig 1 segments... [20:16.48][iNFO] CSegment:#1:starting... [20:16.48][iNFO] CSegment:#1::Open, Connecting to server [20:16.48][iNFO] CConnection::Open, complete [20:16.48][iNFO] CDownloader:File Name: [20:16.48][iNFO] CDownloader:{4F2E2BC6-9649-4535-8DDE-EDF83F25EAE0}.png [20:16.48][iNFO] CDownloader:Testing Connection [20:16.48][iNFO] CDownloader:Starting download [20:16.48][iNFO] CDownloader:Runnig 1 segments... [20:16.48][iNFO] CSegment:#1:starting... [20:16.48][iNFO] CSegment:#1::Open, Connecting to server [20:16.48][iNFO] CConnection::Open, complete [20:16.48][iNFO] CDownloader:File Name: [20:16.48][iNFO] CDownloader:{DB1E48C7-AA1D-4A4F-8FC9-74B1998A1C0E}.png [20:16.48][iNFO] CDownloader:Testing Connection [20:16.48][iNFO] CDownloader:Starting download [20:16.48][iNFO] CDownloader:Runnig 1 segments... [20:16.48][iNFO] CSegment:#1:starting... [20:16.48][iNFO] CSegment:#1::Open, Connecting to server [20:16.48][iNFO] CSegment:#1:starting download... [20:16.48][iNFO] CSegment:#1:starting download... [20:16.48][iNFO] CSegment:#1:starting download... [20:16.48][iNFO] CSegment:#1:download complete, 0s left. [20:16.48][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:16.48][iNFO] CSegment:#1:Dispose, starting [20:16.48][iNFO] CSegment:#1:Dispose, complete [20:16.48][iNFO] CDownloader:Download complete successfully [20:16.48][iNFO] CSegment:#1:download complete, 0s left. [20:16.48][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:16.48][iNFO] CSegment:#1:Dispose, starting [20:16.48][iNFO] CSegment:#1:Dispose, complete [20:16.48][iNFO] CDownloader:Download complete successfully [20:16.48][iNFO] CSegment:#1:download complete, 0s left. [20:16.48][iNFO] CDownloader:WaitAll, removing succed #1 segment [20:16.48][iNFO] CSegment:#1:Dispose, starting [20:16.48][iNFO] CSegment:#1:Dispose, complete [20:16.48][iNFO] CDownloader:Download complete successfully [20:16.49][iNFO] CRequest::SetConnectionTimeout(500) [20:16.49][iNFO] CRequest::SetConnectionTimeout(500), succeed [20:16.49][iNFO] CRequest::SetConnectionTimeout(500) [20:17.23][iNFO] StubInstaller:Application Exit [20:17.23][iNFO] CDownloader::Close() [20:17.23][iNFO] CDownloader::Close() [20:17.23][iNFO] CDownloader::Close() [20:17.23][iNFO] CDownloader:Delete file failed [20:17.23][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{4BEC5E14-48B9-46EB-ABF8-E291B677F013}.exe [20:17.23][iNFO] CDownloader:Delete file failed [20:17.23][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{805ABC85-6142-4C37-9792-85781EF268C1}.exe [20:17.23][iNFO] CDownloader:Delete file failed [20:17.23][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{4C7CE4EF-E8C2-474F-802B-42B69F124E0B}.png [20:17.23][iNFO] CDownloader::Close() [20:17.23][iNFO] CDownloader::Close() [21:43.09][iNFO] StubInstaller:Application Starts [21:43.09][iNFO] CDownloader:Stub Installer Version: 1.0.0.22: 30.05.2011 [21:43.09][iNFO] CDownloader:installationPath initialized: C:\Program Files\Panda Security\Panda Cloud Antivirus [21:43.09][iNFO] CRequest::SetConnectionTimeout(500) [21:43.09][iNFO] CRequest::SetConnectionTimeout(500), succeed [21:43.09][iNFO] CRequest::SetConnectionTimeout(500) [21:43.09][iNFO] CRequest::GetSession, The web browser: firefox, detected as system default [21:43.09][iNFO] CRequest::GetSession, Quering FireFox configuration settings... [21:43.09][iNFO] CRequest::GetSession, Completed. The following: '' proxy server has been detected. [21:43.09][iNFO] CRequest::GetSession, Creating session with dirrect connection. [21:43.09][iNFO] CRequest::GetSession, Completed. [21:43.09][iNFO] CDownloader:MajorVersion: 5, MinorVersion 1 [21:43.09][iNFO] CDownloader:isWow: 0 [21:43.09][iNFO] CDownloader:RAM: 1791 [21:43.09][iNFO] CDownloader:diskspace: 8904 [21:43.09][iNFO] CDownloader:Browser version: 8 [21:43.09][iNFO] CDownloader:major: 8 [21:43.09][iNFO] CDownloader:checkCompatibleMode: 0 [21:43.09][iNFO] CDownloader:Read key: Software\Panda Software\Setup [21:43.09][iNFO] CDownloader:Main Installer version number 0 [21:43.09][iNFO] CDownloader:Read key: Software\Panda Software\Setup [21:43.09][iNFO] CDownloader:Main Installer version number 0 [21:43.34][iNFO] CDownloader:installationPath changed: C:\Program Files\Panda Security\Panda Cloud Antivirus [21:43.34][iNFO] CDownloader::SetConnectionTimeout(500) [21:43.34][iNFO] CDownloader::SetConnectionTimeout(500), succeed [21:43.34][iNFO] CDownloader::SetConnectionTimeout(500) [21:43.34][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [21:43.34][iNFO] CDownloader::Close() [21:43.34][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [21:43.34][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [21:43.34][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [21:43.34][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [21:43.34][iNFO] CDownloader::GetSession, Completed. [21:43.34][iNFO] CDownloader:Connecting to server [21:43.34][iNFO] CConnection::Open, Connecting to server [21:43.34][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloud/CloudAntivirus.exe [21:43.34][iNFO] CDownloader::SetConnectionTimeout(5000) [21:43.34][iNFO] CDownloader::SetConnectionTimeout(5000), succeed [21:43.34][iNFO] CDownloader::SetConnectionTimeout(5000) [21:43.34][iNFO] CDownloader::SetMaxRetires(5), succeed [21:43.34][iNFO] CDownloader::Close() [21:43.34][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [21:43.34][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [21:43.34][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [21:43.34][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [21:43.34][iNFO] CDownloader::GetSession, Completed. [21:43.34][iNFO] CDownloader:Connecting to server [21:43.34][iNFO] CConnection::Open, Connecting to server [21:43.34][iNFO] CConnection::Open, complete [21:43.34][iNFO] CDownloader:File Name: [21:43.34][iNFO] CDownloader:{1E958669-A14C-46BE-9BBF-E93FA2FD7918}.exe [21:43.34][iNFO] CConnection::Open, complete [21:43.34][iNFO] CDownloader:File Name: [21:43.34][iNFO] CDownloader:{75BE390A-A773-4CCD-8452-1076FC932BB5}.exe [21:43.42][iNFO] CDownloader:Testing Connection [21:43.42][iNFO] CDownloader:Testing Connection [21:43.42][iNFO] CSession:Setting default options [21:43.42][iNFO] CSession::SetConnectionTimeout(7000) [21:43.42][iNFO] CRequest::SetConnectionTimeout(500) [21:43.42][iNFO] CSession::SetConnectionTimeout(7000) [21:43.42][iNFO] CRequest::SetConnectionTimeout(500), succeed [21:43.42][iNFO] CSession::SetConnectionTimeout(7000), succeed [21:43.42][iNFO] CRequest::SetConnectionTimeout(500) [21:43.42][iNFO] CSession::SetMaxRetires(5), succeed [21:43.42][iNFO] CSession::GetSession, The web browser: firefox, detected as system default [21:43.42][iNFO] CSession::GetSession, Quering FireFox configuration settings... [21:43.42][iNFO] CSession::GetSession, Completed. The following: '' proxy server has been detected. [21:43.42][iNFO] CSession::GetSession, Creating session with dirrect connection. [21:43.42][iNFO] CSession::GetSession, Completed. [21:43.42][iNFO] CConnection::Open, Connecting to server [21:43.43][iNFO] CConnection::Open, complete [21:43.43][iNFO] CDownloader:CDownloader::RunConnectivityTest: Running 10 dummy test segments [21:43.43][iNFO] CSegment:#1:test starting... [21:43.43][iNFO] CSegment:#2:test starting... [21:43.43][iNFO] CSegment:#1::Open, Connecting to server [21:43.43][iNFO] CSegment:#3:test starting... [21:43.43][iNFO] CSegment:#2::Open, Connecting to server [21:43.43][iNFO] CSegment:#4:test starting... [21:43.43][iNFO] CSegment:#5:test starting... [21:43.43][iNFO] CSegment:#3::Open, Connecting to server [21:43.43][iNFO] CSegment:#6:test starting... [21:43.43][iNFO] CSegment:#7:test starting... [21:43.43][iNFO] CSegment:#8:test starting... [21:43.43][iNFO] CSegment:#9:test starting... [21:43.43][iNFO] CSegment:#10:test starting... [21:43.43][iNFO] CSegment:#6::Open, Connecting to server [21:43.43][iNFO] CSegment:#5::Open, Connecting to server [21:43.43][iNFO] CSegment:#9::Open, Connecting to server [21:43.43][iNFO] CSegment:#10::Open, Connecting to server [21:43.43][iNFO] CSegment:#4::Open, Connecting to server [21:43.43][iNFO] CSegment:#7::Open, Connecting to server [21:43.43][iNFO] CSegment:#8::Open, Connecting to server [21:43.43][iNFO] CSegment:#1:starting test download... [21:43.43][iNFO] CSegment:#4:starting test download... [21:43.43][iNFO] CSegment:#2:starting test download... [21:43.43][iNFO] CSegment:#5:starting test download... [21:43.43][iNFO] CSegment:#6:starting test download... [21:43.43][iNFO] CSegment:#9:starting test download... [21:43.43][iNFO] CSegment:#10:starting test download... [21:43.43][iNFO] CSegment:#3:starting test download... [21:43.43][iNFO] CSegment:#7:starting test download... [21:43.43][iNFO] CSegment:#8:starting test download... [21:43.43][iNFO] CSegment:#1:Dispose, starting [21:43.43][iNFO] CSegment:#1:Dispose, complete [21:43.43][iNFO] CSegment:#2:Dispose, starting [21:43.43][iNFO] CSegment:#2:Dispose, complete [21:43.43][iNFO] CSegment:#3:Dispose, starting [21:43.43][iNFO] CSegment:#3:Dispose, complete [21:43.43][iNFO] CSegment:#4:Dispose, starting [21:43.43][iNFO] CSegment:#4:Dispose, complete [21:43.43][iNFO] CSegment:#5:Dispose, starting [21:43.43][iNFO] CSegment:#5:Dispose, complete [21:43.43][iNFO] CSegment:#6:Dispose, starting [21:43.43][iNFO] CSegment:#6:Dispose, complete [21:43.43][iNFO] CSegment:#7:Dispose, starting [21:43.43][iNFO] CSegment:#7:Dispose, complete [21:43.43][iNFO] CSegment:#8:Dispose, starting [21:43.43][iNFO] CSegment:#8:Dispose, complete [21:43.43][iNFO] CSegment:#9:Dispose, starting [21:43.43][iNFO] CSegment:#9:Dispose, complete [21:43.43][iNFO] CSegment:#10:Dispose, starting [21:43.43][iNFO] CSegment:#10:Dispose, complete [21:43.43][iNFO] CSession::Close() [21:43.43][iNFO] CSession::Close() [21:43.43][iNFO] CDownloader::DoRun, delete file. [21:43.43][iNFO] CDownloader:Download complete successfully [21:43.43][iNFO] CDownloader:Starting download [21:43.43][iNFO] CDownloader:Runnig 10 segments... [21:43.43][iNFO] CSegment:#1:starting... [21:43.43][iNFO] CSegment:#2:starting... [21:43.43][iNFO] CSegment:#3:starting... [21:43.43][iNFO] CSegment:#1::Open, Connecting to server [21:43.43][iNFO] CSegment:#4:starting... [21:43.43][iNFO] CSegment:#5:starting... [21:43.43][iNFO] CSegment:#6:starting... [21:43.43][iNFO] CSegment:#3::Open, Connecting to server [21:43.43][iNFO] CSegment:#7:starting... [21:43.43][iNFO] CSegment:#8:starting... [21:43.43][iNFO] CSegment:#5::Open, Connecting to server [21:43.43][iNFO] CSegment:#7::Open, Connecting to server [21:43.43][iNFO] CSegment:#9:starting... [21:43.43][iNFO] CSegment:#10:starting... [21:43.43][iNFO] CSegment:#9::Open, Connecting to server [21:43.43][iNFO] CSegment:#2::Open, Connecting to server [21:43.43][iNFO] CSegment:#4::Open, Connecting to server [21:43.43][iNFO] CSegment:#6::Open, Connecting to server [21:43.43][iNFO] CSegment:#8::Open, Connecting to server [21:43.43][iNFO] CSegment:#10::Open, Connecting to server [21:43.43][iNFO] CSegment:#1:starting download... [21:43.43][iNFO] CSegment:#3:starting download... [21:43.43][iNFO] CSegment:#5:starting download... [21:43.43][iNFO] CSegment:#2:starting download... [21:43.43][iNFO] CSegment:#9:starting download... [21:43.43][iNFO] CSegment:#4:starting download... [21:43.43][iNFO] CSegment:#7:starting download... [21:43.43][iNFO] CSegment:#10:starting download... [21:43.43][iNFO] CSegment:#6:starting download... [21:43.43][iNFO] CSegment:#8:starting download... [21:44.07][iNFO] CSegment:#3:download complete, 24s left. [21:44.07][iNFO] CSegment:#1:download complete, 24s left. [21:44.07][iNFO] CSegment:#5:download complete, 24s left. [21:44.07][iNFO] CSegment:#9:download complete, 24s left. [21:44.07][iNFO] CSegment:#7:download complete, 24s left. [21:44.07][iNFO] CSegment:#10:download complete, 24s left. [21:44.07][iNFO] CSegment:#6:download complete, 24s left. [21:44.07][iNFO] CSegment:#8:download complete, 24s left. [21:44.07][iNFO] CSegment:#2:download complete, 24s left. [21:44.07][iNFO] CSegment:#4:download complete, 24s left. [21:44.07][iNFO] CDownloader:WaitAll, removing succed #4 segment [21:44.07][iNFO] CSegment:#4:Dispose, starting [21:44.07][iNFO] CSegment:#4:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #5 segment [21:44.07][iNFO] CSegment:#5:Dispose, starting [21:44.07][iNFO] CSegment:#5:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #6 segment [21:44.07][iNFO] CSegment:#6:Dispose, starting [21:44.07][iNFO] CSegment:#6:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #7 segment [21:44.07][iNFO] CSegment:#7:Dispose, starting [21:44.07][iNFO] CSegment:#7:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #8 segment [21:44.07][iNFO] CSegment:#8:Dispose, starting [21:44.07][iNFO] CSegment:#8:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #9 segment [21:44.07][iNFO] CSegment:#9:Dispose, starting [21:44.07][iNFO] CSegment:#9:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #10 segment [21:44.07][iNFO] CSegment:#10:Dispose, starting [21:44.07][iNFO] CSegment:#10:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #1 segment [21:44.07][iNFO] CSegment:#1:Dispose, starting [21:44.07][iNFO] CSegment:#1:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #2 segment [21:44.07][iNFO] CSegment:#2:Dispose, starting [21:44.07][iNFO] CSegment:#2:Dispose, complete [21:44.07][iNFO] CDownloader:WaitAll, removing succed #3 segment [21:44.07][iNFO] CSegment:#3:Dispose, starting [21:44.07][iNFO] CSegment:#3:Dispose, complete [21:44.07][iNFO] CDownloader:Download complete successfully [21:44.07][iNFO] CDownloader:Setting default options [21:44.07][iNFO] CDownloader:Started ThreadExecute [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000) [21:44.07][iNFO] CDownloader:ThreadExecute after CDlgDownload::m_hSection [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000) [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [21:44.07][iNFO] CDownloader::SetMaxRetires(5), succeed [21:44.07][iNFO] CDownloader::SetConnectionTimeout(500), succeed [21:44.07][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_2_en.png [21:44.07][iNFO] CDownloader:Command line for MainInstaller: -sp"/ConfigurationFile:C:\Temp\CloudAvBootstrap.xml" [21:44.07][iNFO] CDownloader::Close() [21:44.07][iNFO] CRequest::SetConnectionTimeout(500) [21:44.07][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [21:44.07][iNFO] CRequest::SetConnectionTimeout(500), succeed [21:44.07][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [21:44.07][iNFO] CRequest::SetConnectionTimeout(500) [21:44.07][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [21:44.07][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [21:44.07][iNFO] CDownloader::GetSession, Completed. [21:44.07][iNFO] CDownloader:Setting default options [21:44.07][iNFO] CDownloader:Connecting to server [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000) [21:44.07][iNFO] CConnection::Open, Connecting to server [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000) [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [21:44.07][iNFO] CDownloader::SetMaxRetires(5), succeed [21:44.07][iNFO] CDownloader::SetConnectionTimeout(500), succeed [21:44.07][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_3_en.png [21:44.07][iNFO] CDownloader::Close() [21:44.07][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [21:44.07][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [21:44.07][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [21:44.07][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [21:44.07][iNFO] CDownloader::GetSession, Completed. [21:44.07][iNFO] CDownloader:Setting default options [21:44.07][iNFO] CDownloader:Connecting to server [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000) [21:44.07][iNFO] CConnection::Open, Connecting to server [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000) [21:44.07][iNFO] CDownloader::SetConnectionTimeout(7000), succeed [21:44.07][iNFO] CDownloader::SetMaxRetires(5), succeed [21:44.07][iNFO] CDownloader::SetConnectionTimeout(500), succeed [21:44.07][iNFO] CDownloader:DownloadUrl: http://acs.pandasoftware.com/cloudantivirus/img/Page_4_en.png [21:44.07][iNFO] CDownloader::Close() [21:44.07][iNFO] CDownloader::GetSession, The web browser: firefox, detected as system default [21:44.07][iNFO] CDownloader::GetSession, Quering FireFox configuration settings... [21:44.07][iNFO] CDownloader::GetSession, Completed. The following: '' proxy server has been detected. [21:44.07][iNFO] CDownloader::GetSession, Creating session with dirrect connection. [21:44.07][iNFO] CDownloader::GetSession, Completed. [21:44.07][iNFO] CDownloader:Connecting to server [21:44.07][iNFO] CConnection::Open, Connecting to server [21:44.07][iNFO] CConnection::Open, complete [21:44.07][iNFO] CDownloader:File Name: [21:44.07][iNFO] CDownloader:{3B317497-FC4B-4ED9-AADD-DF76F69E3090}.png [21:44.07][iNFO] CDownloader:Testing Connection [21:44.07][iNFO] CDownloader:Starting download [21:44.07][iNFO] CDownloader:Runnig 1 segments... [21:44.07][iNFO] CSegment:#1:starting... [21:44.07][iNFO] CSegment:#1::Open, Connecting to server [21:44.07][iNFO] CConnection::Open, complete [21:44.07][iNFO] CDownloader:File Name: [21:44.07][iNFO] CDownloader:{5C58E17F-366A-499A-BE44-47434D8FD443}.png [21:44.07][iNFO] CDownloader:Testing Connection [21:44.07][iNFO] CDownloader:Starting download [21:44.07][iNFO] CDownloader:Runnig 1 segments... [21:44.07][iNFO] CSegment:#1:starting... [21:44.07][iNFO] CSegment:#1::Open, Connecting to server [21:44.07][iNFO] CConnection::Open, complete [21:44.07][iNFO] CDownloader:File Name: [21:44.07][iNFO] CDownloader:{1D371FC0-28E7-4090-9339-50F6D249D7DC}.png [21:44.07][iNFO] CSegment:#1:starting download... [21:44.07][iNFO] CSegment:#1:starting download... [21:44.07][iNFO] CDownloader:Testing Connection [21:44.07][iNFO] CDownloader:Starting download [21:44.07][iNFO] CDownloader:Runnig 1 segments... [21:44.07][iNFO] CSegment:#1:starting... [21:44.07][iNFO] CSegment:#1::Open, Connecting to server [21:44.07][iNFO] CDownloader:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{75BE390A-A773-4CCD-8452-1076FC932BB5}.exe [21:44.07][iNFO] CDownloader:Finish execute [21:44.07][iNFO] CSegment:#1:starting download... [21:44.07][iNFO] CSegment:#1:download complete, 0s left. [21:44.07][iNFO] CDownloader:WaitAll, removing succed #1 segment [21:44.07][iNFO] CSegment:#1:Dispose, starting [21:44.07][iNFO] CSegment:#1:Dispose, complete [21:44.07][iNFO] CDownloader:Download complete successfully [21:44.07][iNFO] CSegment:#1:download complete, 0s left. [21:44.07][iNFO] CDownloader:WaitAll, removing succed #1 segment [21:44.07][iNFO] CSegment:#1:Dispose, starting [21:44.07][iNFO] CSegment:#1:Dispose, complete [21:44.07][iNFO] CDownloader:Download complete successfully [21:44.07][iNFO] CSegment:#1:download complete, 0s left. [21:44.07][iNFO] CDownloader:WaitAll, removing succed #1 segment [21:44.07][iNFO] CSegment:#1:Dispose, starting [21:44.07][iNFO] CSegment:#1:Dispose, complete [21:44.07][iNFO] CDownloader:Download complete successfully [21:44.09][iNFO] CRequest::SetConnectionTimeout(500) [21:44.09][iNFO] CRequest::SetConnectionTimeout(500), succeed [21:44.09][iNFO] CRequest::SetConnectionTimeout(500) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:12:20 AM, on 1/11/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\Rtlservice.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWlan.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DllHost.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Sticky-Notes\stickynotes.exe C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\WINDOWS\system32\SearchProtocolHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sticky-Notes] C:\Program Files\Sticky-Notes\stickynotes.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [installIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun O4 - HKCU\..\Run: [winupd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp:winupd.exe O4 - HKUS\S-1-5-21-1644491937-823518204-1417001333-500\..\Run: [cdloader] "C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?') O4 - HKUS\S-1-5-21-1644491937-823518204-1417001333-500\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?') O4 - HKUS\S-1-5-21-1644491937-823518204-1417001333-500\..\Run: [sticky-Notes] C:\Program Files\Sticky-Notes\stickynotes.exe (User '?') O4 - HKUS\S-1-5-21-1644491937-823518204-1417001333-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-1644491937-823518204-1417001333-500\..\Run: [installIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun (User '?') O4 - HKUS\S-1-5-21-1644491937-823518204-1417001333-500\..\Run: [winupd] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp:winupd.exe (User '?') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: REALTEK RTL8185 Wireless LAN Utility.lnk = C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\RtWLan.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\prio.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: RealtekPCI - Realtek - C:\Program Files\REALTEK\RTL8185 Wireless LAN Utility\Rtlservice.exe O23 - Service: T-Mobile RcApp Svc (TMobileRcAppSvc) - SmithMicro Inc. - C:\Program Files\T-Mobile\Connection Manager\RcAppSvc.exe O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O24 - Desktop Component 0: (no name) - https://ibdswebp26-ext.pb.com/images/USPS/LabelFolders/Label19/fef648ce8-1561-4814-812d-4aa528a700e9_ebay.gif -- End of file - 9320 bytes Can someone help please?
  17. Here is the problem with that, the majority of things I try to run ask me to open with: but I did get a couple of things running with no problem, but you will see what happened to rkill. This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 11/30/2011 at 12:09:06. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: Rkill completed on 11/30/2011 at 12:09:06. Rkill completed on 11/30/2011 at 12:09:58. -------------------------------------------------------------------------------------------------------------------- This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 11/30/2011 at 12:09:06. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: Rkill completed on 11/30/2011 at 12:09:06. --------------------------------------------------------------------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Run by Administrator at 12:06:49 on 2011-11-30 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRun: [cdloader] "c:\documents and settings\administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [sticky-Notes] c:\program files\sticky-notes\stickynotes.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [2876587268] c:\documents and settings\administrator\local settings\application data\stw.exe uRun: [Privacy Protection] c:\documents and settings\all users\application data\privacy.exe mRun: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realte~1.lnk - c:\program files\realtek\rtl8185 wireless lan utility\RtWLan.exe uPolicies-explorer: NoResolveTrack = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) mPolicies-explorer: StartMenuFavorites = 0 (0x0) mPolicies-explorer: Start_ShowMyComputer = 1 (0x1) mPolicies-explorer: Start_ShowMyDocs = 1 (0x1) mPolicies-explorer: Start_ShowMyMusic = 0 (0x0) mPolicies-explorer: Start_ShowRun = 1 (0x1) mPolicies-explorer: Start_ShowSearch = 0 (0x0) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoResolveTrack = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) dPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: mswsock.dll DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.10.1 TCP: Interfaces\{607C3099-A9BC-4124-BF82-989DC656873E} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{C8594847-B134-4B4A-BBC6-B0944B6665CC} : DhcpNameServer = 192.168.10.1 TCP: Interfaces\{D6CFEB61-9D9F-456D-B940-7AD3FBC6CA95} : DhcpNameServer = 68.87.77.134 68.87.72.134 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\prio.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\t4to0dog.default\ FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p= FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2011-11-30 01:06:58 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-11-30 01:06:58 -------- d-----w- c:\program files\Trend Micro 2011-11-29 19:30:26 -------- d-----w- c:\documents and settings\administrator\application data\Panda Security 2011-11-08 19:35:46 -------- d-----w- c:\program files\Panda Security 2011-11-08 19:35:46 -------- d-----w- c:\documents and settings\all users\application data\Panda Security 2011-11-08 19:35:24 -------- d-----w- C:\temp 2011-11-06 07:04:27 -------- d-----w- C:\3d7a53254c345f56cdf1771f3baf 2011-11-05 14:49:17 -------- d-----w- c:\program files\Citrix 2011-11-05 14:48:59 72080 ----a-w- c:\documents and settings\administrator\g2mdlhlpx.exe 2011-11-02 00:56:02 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Opera . ==================== Find3M ==================== . 2011-11-16 05:44:51 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-23 07:49:50 256 --sha-w- c:\windows\system32\sbi_r107.sys 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 12:07:37.28 =============== attach.txt
  18. I was watching a movie online and then all hell broke loose. This XP Antivirus 2012 popped up and I can't get rid of it. It won't let me pull up my malwarebytes anti malware, it keeps taking me to Internet explorer to register it and it took over my AV and firewall. I am at a loss. Can someone help me?
  19. I don't think it shows the whole page, so I am trying again:
  20. It won't let me do a repair install, just a clean one. Can you make any sense of this:
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.