Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Win32.downloader.gen

  1. #1
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default Win32.downloader.gen

    Spybot has located Win32.downloader.gen. I've run Spybot 1.6.2 as Administrator on Windows XP. I've reset the computer into Safe Mode and Spybot said it found nothing, but it was back when the computer was reset to boot normally. I've tried removing it twice this way.
    When following the New Post thread here, on the step where I ran aswMBR and it started to scan, I got a warning from AVG saying a file was infected and if I wanted to delete or ignore it. I chose to ignore it. Sorry I do not remember the specific file. Below are the DDS and aswMBR files with attach.zip attached.


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
    Run by Mark at 18:42:55 on 2013-03-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1817 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    \??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\SearchProtect\bin\CltMngSvc.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Mark\Application Data\SearchProtect\bin\cltmng.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    \??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    \??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://my.yahoo.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - <orphaned>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
    uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [chromium] c:\documents and settings\mark\local settings\application data\google\chrome\application\chrome.exe --no-startup-window
    uRun: [SearchProtect] c:\documents and settings\mark\application data\searchprotect\bin\cltmng.exe
    mRun: [GEST] <no file>
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://msn.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232699097709
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{BDAC2041-ECC5-4775-9311-2842368C243E} : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 255968]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
    R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-22 80392]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2013-03-17 21:38:12 -------- d-----w- c:\documents and settings\mark\application data\SearchProtect
    2013-03-17 08:19:38 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-14 21:12:01 -------- d-----w- c:\windows\pss
    2013-03-13 21:11:35 -------- d-----w- c:\program files\SearchProtect
    2013-03-13 21:10:23 -------- d-----w- c:\documents and settings\mark\local settings\application data\CRE
    2013-03-13 16:14:00 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
    2013-03-13 16:13:56 -------- d-----w- c:\program files\McAfee Security Scan
    .
    ==================== Find3M ====================
    .
    2013-03-19 22:58:09 16608 ----a-w- c:\windows\gdrv.sys
    2013-03-17 08:19:17 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-03-17 08:19:16 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-17 08:19:16 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-13 16:13:54 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-13 16:13:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    .
    ============= FINISH: 18:43:39.10 ===============



    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-19 18:49:01
    -----------------------------
    18:49:01.937 OS Version: Windows 5.1.2600 Service Pack 3
    18:49:01.937 Number of processors: 2 586 0x170A
    18:49:01.937 ComputerName: BIGCOMPY UserName: Mark
    18:49:02.843 Initialize success
    18:54:11.609 AVAST engine defs: 13031901
    19:05:16.750 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
    19:05:16.750 Disk 0 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476940MB BusType: 3
    19:05:16.750 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1f
    19:05:16.750 Disk 1 Vendor: ST380013AS 3.18 Size: 76318MB BusType: 3
    19:05:16.859 Disk 1 MBR read successfully
    19:05:16.859 Disk 1 MBR scan
    19:05:16.890 Disk 1 Windows XP default MBR code
    19:05:16.890 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
    19:05:16.906 Disk 1 scanning sectors +156296385
    19:05:16.937 Disk 1 scanning C:\WINDOWS\system32\drivers
    19:05:24.312 Service scanning
    19:05:36.500 Modules scanning
    19:05:40.234 Disk 1 trace - called modules:
    19:05:40.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    19:05:40.250 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a9d8ab8]
    19:05:40.250 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000070[0x8a9f49e8]
    19:05:40.250 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-1f[0x8a942d98]
    19:05:41.078 AVAST engine scan C:\WINDOWS
    19:05:56.015 AVAST engine scan C:\WINDOWS\system32
    19:08:43.687 AVAST engine scan C:\WINDOWS\system32\drivers
    19:08:54.156 AVAST engine scan C:\Documents and Settings\Mark
    19:18:16.437 File: C:\Documents and Settings\Mark\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54\7f06f7f6-2b588e6a **INFECTED** Win32:Trojan-gen
    19:44:10.765 AVAST engine scan C:\Documents and Settings\All Users
    19:54:35.984 Scan finished successfully
    21:42:36.421 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\Spybot Malware Programs\MBR.dat"
    21:42:36.421 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\Spybot Malware Programs\aswMBR.txt"
    Attached Files Attached Files

  2. #2
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,093

    Default

    Hi and welcome back to Safer Networking.

    Lets proceed as follows shall we...

    Temp' Disable TeaTimer:

    This is so it will not hinder the malware removal process, you may re-enable when I give the all clear.

    How to do so can be read here, scroll down to:-

    When Spybot-S&D version 1.6.2 is installed

    TeaTimer needs to be disabled so that its protection does not interfere with fixes.
    Scan with OTL:

    Please download OTL and save it to your Desktop.

    Alternate downloads are here and here.

    • Double-click on OTL.exe to start OTL.
    • Under Output, ensure that Standard Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan/Fixes box cut & paste this in:-

    netsvcs
    baseservices
    %systemdrive%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CreateRestorePoint

    • Now click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.

    When completed the above, please post back the following in the order asked for:

    • How is your computer performing now, any further symptoms and or problems encountered?
    • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
    Member of UNITE

  3. #3
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    Tea Timer is disabled.


    OTL logfile created on: 3/25/2013 5:35:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 69.98% Memory free
    4.84 Gb Paging File | 4.12 Gb Available in Paging File | 85.05% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 2.43 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
    Drive D: | 4.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 465.76 Gb Total Space | 357.99 Gb Free Space | 76.86% Space Free | Partition Type: NTFS

    Computer Name: BIGCOMPY | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/18 22:21:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
    PRC - [2013/03/17 03:19:19 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/03/10 19:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2013/03/06 07:36:54 | 002,731,296 | ---- | M] (Conduit) -- C:\Documents and Settings\Mark\Application Data\SearchProtect\bin\cltmng.exe
    PRC - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
    PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
    PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2008/07/11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    PRC - [2008/06/18 05:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/10 19:22:06 | 000,459,728 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
    MOD - [2013/03/10 19:22:04 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\pdf.dll
    MOD - [2013/03/10 19:21:18 | 000,596,944 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
    MOD - [2013/03/10 19:21:18 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\libegl.dll
    MOD - [2013/03/10 19:21:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
    MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
    MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    MOD - [2008/07/11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    MOD - [2007/12/07 15:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/03/17 03:19:19 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/03/13 11:13:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
    SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
    SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008/07/11 20:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/03/24 22:58:52 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
    DRV - [2008/06/26 22:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2007/11/22 16:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..keyword.URL: ""


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Mark\Application Data\nprhapengine.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/13 09:07:47 | 000,000,000 | ---D | M]

    [2009/11/04 14:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
    [2012/10/05 20:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions
    [2009/11/04 22:55:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/10/05 18:33:01 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com
    [2012/01/03 12:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/06 17:09:47 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2009/11/04 15:34:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
    [2010/09/18 02:45:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/24 11:32:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/17 20:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/17 20:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/18 01:44:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/11/19 21:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/12/13 09:07:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2010/01/23 03:43:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
    [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN42288082829407223&ctid=CT2260173&UM=2
    CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/Suggest.ashx?q=[{searchTerms}]
    CHR - homepage: http://search.conduit.com/?ctid=CT22...829407223&UM=2
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
    CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Swag Bucks = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak\10.14.370.524_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Google = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgofaaaecjeipajcnnlmjgjpdnhknhcc\2012.7.14.49491_0\
    CHR - Extension: Baby First Site, Baby Toys and Safe Free Games, Early Childhood Education, Toddler Videos = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\illfniciejnibhkehgfnooocobminglb\2012.7.23.54503_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: Click to call with Skype = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
    CHR - Extension: dooce\u00AE = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhdeobfjaijkcclmbbamkebmmjpdfleb\2012.9.12.53915_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Drew Curtis' FARK.com = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjmkekjlibdaabhgegkjmlahanicpmni\2012.2.8.9882_0\

    O1 HOSTS File: ([2013/03/17 12:35:14 | 000,446,160 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15325 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [GEST] File not found
    O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [chromium] C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [SearchProtect] C:\Documents and Settings\Mark\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O15 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..Trusted Domains: democraticunderground.com ([www] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://msn.worldwinner.com/games/v47...amesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.8.110.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1232699097709 (WUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDAC2041-ECC5-4775-9311-2842368C243E}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/22 23:45:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/06/07 03:12:33 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell - "" = AutoRun
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell - "" = AutoRun
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/21 19:53:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
    [2013/03/21 19:53:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
    [2013/03/19 18:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\Spybot Malware Programs
    [2013/03/19 18:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/03/19 18:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/03/19 18:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/03/18 22:21:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
    [2013/03/17 16:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\SearchProtect
    [2013/03/17 03:19:53 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/03/17 03:19:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/03/17 03:19:38 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/03/17 03:19:38 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/03/15 11:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
    [2013/03/15 11:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
    [2013/03/14 16:12:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
    [2013/03/13 16:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\CRE
    [2013/03/13 11:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    [2013/03/13 11:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/08/10 21:14:20 | 005,117,694 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7061.jpg
    [2013/07/28 02:37:28 | 005,515,350 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7050.jpg
    [2013/07/20 03:37:50 | 039,570,896 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7039.avi
    [2013/07/19 00:42:52 | 005,954,345 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7034.jpg
    [2013/07/16 22:05:42 | 005,037,675 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7033.jpg
    [2013/04/25 01:20:20 | 005,354,455 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\DSCF7009.jpg
    [2013/04/17 16:17:32 | 004,733,737 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\DSCF7008.jpg
    [2013/03/25 17:16:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
    [2013/03/25 17:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/25 16:42:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1644491937-839522115-1004UA.job
    [2013/03/25 15:42:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1644491937-839522115-1004Core.job
    [2013/03/25 08:24:39 | 114,487,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2013/03/25 00:10:05 | 000,194,627 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/03/25 00:09:47 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/24 22:58:52 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
    [2013/03/24 22:58:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/24 22:57:59 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2013/03/24 21:08:21 | 000,000,245 | RHS- | M] () -- C:\boot.ini
    [2013/03/24 09:27:13 | 002,519,274 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\file34.bmp
    [2013/03/23 23:24:26 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/03/22 13:49:05 | 000,048,949 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Pikachu2.jpg
    [2013/03/20 22:35:46 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Win32.downloader.gen - Safer-Networking Forums (2).url
    [2013/03/19 21:44:45 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
    [2013/03/19 17:47:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/03/18 22:22:54 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Can't remove Win32.Downloader.gen (2).url
    [2013/03/18 22:21:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
    [2013/03/17 20:46:41 | 000,320,303 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\barnaby.jpg
    [2013/03/17 12:35:14 | 000,446,160 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/03/17 03:19:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/03/17 03:19:17 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/03/17 03:19:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/03/17 03:19:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/03/17 03:19:17 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/03/17 03:19:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/03/17 03:19:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/03/15 11:16:02 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2013/03/15 11:16:02 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2013/03/14 16:23:11 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\spider.sav
    [2013/03/13 15:45:44 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/03/13 11:13:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/03/13 11:13:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/03/13 03:02:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/03/12 17:46:38 | 000,278,319 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2013/03/10 10:39:42 | 000,494,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/10 10:39:42 | 000,084,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/28 21:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/08/10 21:14:20 | 005,117,694 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7061.jpg
    [2013/07/28 02:37:28 | 005,515,350 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7050.jpg
    [2013/07/20 03:37:50 | 039,570,896 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7039.avi
    [2013/07/19 00:42:52 | 005,954,345 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7034.jpg
    [2013/07/16 22:05:40 | 005,037,675 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7033.jpg
    [2013/04/25 01:20:18 | 005,354,455 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\DSCF7009.jpg
    [2013/04/17 16:17:30 | 004,733,737 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\DSCF7008.jpg
    [2013/03/24 09:27:12 | 002,519,274 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\file34.bmp
    [2013/03/22 17:33:53 | 000,048,949 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Pikachu2.jpg
    [2013/03/20 22:35:46 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Win32.downloader.gen - Safer-Networking Forums (2).url
    [2013/03/19 21:44:45 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
    [2013/03/18 22:22:54 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Can't remove Win32.Downloader.gen (2).url
    [2013/03/17 20:46:40 | 000,320,303 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\barnaby.jpg
    [2013/03/13 11:13:57 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2013/03/13 11:13:57 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2012/12/07 19:00:42 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\mcs.rma
    [2012/12/07 19:00:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\7CFF17
    [2012/06/24 19:04:26 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2009/02/09 03:08:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2009/06/04 02:56:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Base Services ==========
    SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
    SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
    SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
    SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
    SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
    SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
    SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
    SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
    SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
    SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
    SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
    SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
    SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
    SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
    SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
    SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
    SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
    SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
    SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
    SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
    SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
    SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
    SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
    SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
    SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
    SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
    SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
    SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
    SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
    SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
    SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
    SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
    SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
    SRV - [2008/05/19 02:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
    SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
    No service found with a name of Wmi
    SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
    SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
    SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

    < %systemdrive%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: SERVICES >
    [2002/08/29 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

    < MD5 for: SERVICES.CFG >
    [2012/12/18 09:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
    [2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

    < MD5 for: SERVICES.EXE >
    [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/04 02:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

    < MD5 for: SERVICES.LNK >
    [2009/01/23 01:11:05 | 000,001,602 | ---- | M] () MD5=53A2135C5403602F0568B2F2AA4B1949 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

    < MD5 for: SERVICES.MSC >
    [2002/08/29 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

    < MD5 for: SERVICES.SBS >
    [2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

    < MD5 for: SVCHOST.EXE >
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < MD5 for: WINSOCK.DLL >
    [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
    [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

    < End of report >

  4. #4
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    OTL Extras logfile created on: 3/25/2013 5:35:53 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 69.98% Memory free
    4.84 Gb Paging File | 4.12 Gb Available in Paging File | 85.05% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 2.43 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
    Drive D: | 4.12 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 465.76 Gb Total Space | 357.99 Gb Free Space | 76.86% Space Free | Partition Type: NTFS

    Computer Name: BIGCOMPY | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
    "8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
    "8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
    "8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
    "8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
    "8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
    "8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
    "8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
    "8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
    "8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
    "8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
    "8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
    "8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
    "8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
    "8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
    "8383:TCP" = 8383:TCP:*:Enabled:League of Legends Launcher
    "8383:UDP" = 8383:UDP:*:Enabled:League of Legends Launcher

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3
    "E:\Games\LoL\Riot Games\League of Legends\air\LolClient.exe" = E:\Games\LoL\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
    "E:\Games\LoL\Riot Games\League of Legends\game\League of Legends.exe" = E:\Games\LoL\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
    "E:\UT3\Binaries\UT3.exe" = E:\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "E:\Steam\Steam.exe" = E:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:Free File Viewer Update Checker -- (Bitberry Software)
    "E:\Games\World of Warcraft\Launcher.exe" = E:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
    "E:\Games\StarCraft II\StarCraft II.exe" = E:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "E:\Games\StarCraft II\Versions\Base15405\SC2.exe" = E:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II
    "E:\Games\World of Warcraft\Launcher.patch.exe" = E:\Games\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "E:\Warcraft III\Warcraft III.exe" = E:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
    "E:\Games\World of Warcraft\BackgroundDownloader.exe" = E:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
    "E:\Games\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe" = E:\Games\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
    "E:\Steam\steamapps\common\thief_gold\THIEF.EXE" = E:\Steam\steamapps\common\thief_gold\THIEF.EXE:*:Enabled:Thief Gold -- (Looking Glass Studios)
    "E:\Games\World of Warcraft\Temp\WoW-4.3-5.0.15890-enUS-Downloader.exe" = E:\Games\World of Warcraft\Temp\WoW-4.3-5.0.15890-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
    "E:\Games\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe" = E:\Games\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
    "E:\Games\StarCraft II\StarCraft II Public Test.exe" = E:\Games\StarCraft II\StarCraft II Public Test.exe:*:Enabled:StarCraft II Public Test -- (Blizzard Entertainment)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle Corporation)
    "C:\Documents and Settings\Mark\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Mark\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.119.08260
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
    "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.2.14
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{55115B99-1B96-479E-AFD6-CE17FC9F94B5}" = AVG 2011
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
    "{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
    "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9013B370-99D4-404B-9DB9-779B51CEB5FF}" = LeapFrog My Pals Plugin
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
    "{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C892C691-99DC-4B49-BEAA-65B96BB3460D}" = The Last Starfighter
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2BDE71B-4622-418D-8B39-118D987B5D80}" = LeapFrog MyOwnLeaptop Plugin
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
    "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "{F0E10150-790C-469E-882D-3EFA82542D2E}" = AVG 2011
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
    "{FB6908C2-2138-4D6E-9CAF-11D7AE6C3909}" = Doom 3
    "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
    "7-Zip" = 7-Zip 4.65
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "AVG" = AVG 2011
    "Baldur's Gate II_is1" = Baldur's Gate II
    "Canon MP280 series User Registration" = Canon MP280 series User Registration
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "comtypes-py2.5" = Python 2.5 comtypes-0.5.2
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "Duke Nukem 3D_is1" = Duke Nukem 3D
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ERUNT_is1" = ERUNT 1.1j
    "FreeFileViewer_is1" = Free File Viewer 2010
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{04347DFD-87B6-4E30-B14D-5DF2888AD8F5}" = DOOM 3: Resurrection of Evil
    "InstallShield_{C892C691-99DC-4B49-BEAA-65B96BB3460D}" = The Last Starfighter
    "InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
    "InterVideo WinDVD" = InterVideo WinDVD
    "IrfanView" = IrfanView (remove only)
    "JumpStart Art for Fun" = JumpStart Art for Fun
    "LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
    "Master Of Magic_is1" = Master Of Magic
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Megarace_is1" = Megarace
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
    "Origin" = Origin
    "PIL-py2.5" = Python 2.5 PIL-1.1.6
    "psyco-py2.5" = Python 2.5 psyco-1.6
    "pywin32-py2.5" = Python 2.5 pywin32-212
    "Rhapsody" = Rhapsody
    "SearchProtect" = Search Protect by conduit
    "ST5UNST #1" = Visual Basic 5.0
    "StarCraft II" = StarCraft II
    "Steam App 105600" = Terraria
    "Steam App 211600" = Thief Gold
    "Steam App 400" = Portal
    "Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
    "Unreal" = Unreal
    "Unreal 2 – The Awakening Special Edition_is1" = Unreal 2 – The Awakening Special Edition
    "Unreal Gold_is1" = Unreal Gold
    "UPCShell" = LeapFrog Connect
    "Vid-Saver" = Vid-Saver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint
    "Warcraft III" = Warcraft III: All Products

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 3/24/2013 12:22:52 AM | Computer Name = BIGCOMPY | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 3/24/2013 12:22:55 AM | Computer Name = BIGCOMPY | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 3/24/2013 12:22:57 AM | Computer Name = BIGCOMPY | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 3/24/2013 12:23:00 AM | Computer Name = BIGCOMPY | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 3/24/2013 12:23:03 AM | Computer Name = BIGCOMPY | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.

    Error - 3/24/2013 10:59:39 PM | Computer Name = BIGCOMPY | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 3/24/2013 11:11:39 PM | Computer Name = BIGCOMPY | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 3/24/2013 11:12:39 PM | Computer Name = BIGCOMPY | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 3/24/2013 11:59:00 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 3/25/2013 1:10:41 AM | Computer Name = BIGCOMPY | Source = System Error | ID = 1003
    Description = Error code c000021a, parameter1 e258f338, parameter2 c0000006, parameter3
    00000000, parameter4 00000000.


    < End of report >

  5. #5
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,093

    Default

    Hi.

    Tea Timer is disabled.
    Acknowledged...

    Hard-Drive Free Space Advice:

    Drive C: | 74.53 Gb Total Space | 2.43 Gb Free Space | 3.25% Space Free | Partition Type: NTFS
    This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

    I advise you choose to uninstall some software you do not need and or move any documents/files/pictures etc to a form of removable media and or too what appears to be a second installed Hard-Drive for example.

    This is just my friendly advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic and your machine may even cease to boot up in the worst case scenario!

    Java Advice:

    There has been a recent severe exploitation of this software(actually still on-going), further information can be read here. The aforementioned article will also explain on how to disable the plugins, though my advice would be to uninstall all if you do not use anything Java related. The actual infection you are seeking assistance with is actually due to Java and it's cache.

    At present I do not even have anything Java related installed on my machines nor intend to for the foreseeable future. The below is currently all Java related you have installed:-

    JavaFX 2.1.1
    Java Auto Updater
    Java 7 Update 17
    Java(TM) 6 Update 29
    J2SE Runtime Environment 5.0 Update 17

    Next:

    It looks like there may be a problem with your machines optical drive:-

    Error - 3/24/2013 12:22:52 AM | Computer Name = BIGCOMPY | Source = Cdrom | ID = 262151
    Description = The device, \Device\CdRom0, has a bad block.
    It may just be the media inserted at the time is damaged/scratch's on the surface etc and or the drive is about to fail. If you do notice any problems you could try reinstalling the driver for the hardware if sure it is not the actual media at fault.

    Next:

    Let myself know when freed up some Hard-Drive Free Space and what you decided to do about Java. Post a new OTL log and we will then go from there, thank you.
    Member of UNITE

  6. #6
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    -Hard Drive space: Now have 18Gb free. 24% free space. Speed has also increased.

    -For Java I went to Windows XP Control Panel, Add or Remove Programs, and uninstalled all the Java files.

    -Optical Drive just had an old scratched DVD game that does sometimes have problems reading. I took it out.

    Sorry, it's making me split the OTL.txt to two posts.
    New OTL Logs:
    OTL logfile created on: 3/29/2013 5:43:21 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.16% Memory free
    4.34 Gb Paging File | 3.52 Gb Available in Paging File | 81.13% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 18.02 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 363.60 Gb Free Space | 78.07% Space Free | Partition Type: NTFS

    Computer Name: BIGCOMPY | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/18 22:21:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
    PRC - [2013/03/10 19:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2013/03/06 07:36:54 | 002,731,296 | ---- | M] (Conduit) -- C:\Documents and Settings\Mark\Application Data\SearchProtect\bin\cltmng.exe
    PRC - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
    PRC - [2013/02/05 10:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
    PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/11/12 13:04:12 | 000,268,640 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2010/03/24 21:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2008/07/11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    PRC - [2008/06/18 05:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/10 19:22:06 | 000,459,728 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
    MOD - [2013/03/10 19:22:04 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\pdf.dll
    MOD - [2013/03/10 19:21:18 | 000,596,944 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
    MOD - [2013/03/10 19:21:18 | 000,124,368 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\libegl.dll
    MOD - [2013/03/10 19:21:16 | 001,552,848 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
    MOD - [2011/09/14 10:19:06 | 008,500,224 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
    MOD - [2011/09/14 10:19:06 | 002,348,544 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
    MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
    MOD - [2008/09/18 00:55:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
    MOD - [2008/07/11 20:00:06 | 000,080,392 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    MOD - [2007/12/07 15:24:56 | 000,117,256 | ---- | M] () -- C:\Program Files\GIGABYTE\EnergySaver\ycc.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2013/03/13 11:13:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
    SRV - [2013/02/05 10:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
    SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/04/05 14:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
    SRV - [2008/07/11 20:00:06 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/03/29 01:59:15 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2009/05/01 00:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 23:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2009/04/30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI)
    DRV - [2008/06/26 22:24:56 | 004,742,656 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2007/11/22 16:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
    FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..keyword.URL: ""


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Mark\Application Data\nprhapengine.dll File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/04 07:33:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/13 09:07:47 | 000,000,000 | ---D | M]

    [2009/11/04 14:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
    [2009/11/04 14:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2012/10/05 20:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions
    [2009/11/04 22:55:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/10/05 18:33:01 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com
    [2012/01/03 12:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/06 17:09:47 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2009/11/04 15:34:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
    [2010/01/23 03:43:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    [2010/09/18 02:45:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/24 11:32:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/17 20:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/17 20:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/18 01:44:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/11/19 21:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/12/13 09:07:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
    [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/06/07 12:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
    [2010/11/19 08:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2010/11/19 08:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2010/11/19 08:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2010/11/19 08:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2010/11/19 08:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2010/11/19 08:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2010/11/19 08:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

    ========== Chrome ==========

    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN42288082829407223&ctid=CT2260173&UM=2
    CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/Suggest.ashx?q=[{searchTerms}]
    CHR - homepage: http://search.conduit.com/?ctid=CT22...829407223&UM=2
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
    CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: Swag Bucks = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apjkpjchfbckhjhokinlgdbmibpbbjak\10.15.0.562_0\
    CHR - Extension: YouTube = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Google = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hgofaaaecjeipajcnnlmjgjpdnhknhcc\2012.7.14.49491_0\
    CHR - Extension: Baby First Site, Baby Toys and Safe Free Games, Early Childhood Education, Toddler Videos = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\illfniciejnibhkehgfnooocobminglb\2012.7.23.54503_0\
    CHR - Extension: AVG Safe Search = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: Click to call with Skype = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\
    CHR - Extension: dooce\u00AE = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mhdeobfjaijkcclmbbamkebmmjpdfleb\2012.9.12.53915_0\
    CHR - Extension: Gmail = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: Drew Curtis' FARK.com = C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjmkekjlibdaabhgegkjmlahanicpmni\2012.2.8.9882_0\

    O1 HOSTS File: ([2013/03/17 12:35:14 | 000,446,160 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15325 more lines...
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O3 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [GEST] File not found
    O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [chromium] C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [Google Update] C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKU\S-1-5-21-789336058-1644491937-839522115-1004..\Run: [SearchProtect] C:\Documents and Settings\Mark\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..Trusted Domains: democraticunderground.com ([www] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://msn.worldwinner.com/games/v47...amesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/ho...vex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/ca..._2.3.8.110.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1232699097709 (WUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDAC2041-ECC5-4775-9311-2842368C243E}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
    O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
    O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
    O24 - Desktop Components:0 (My Current Home Page) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mark\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/22 23:45:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell - "" = AutoRun
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell - "" = AutoRun
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/29 04:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\SearchProtect
    [2013/03/26 21:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\Baldu
    [2013/03/25 21:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\Mark's Cell
    [2013/03/21 19:53:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
    [2013/03/21 19:53:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
    [2013/03/19 18:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\Spybot Malware Programs
    [2013/03/19 18:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2013/03/19 18:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2013/03/19 18:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
    [2013/03/18 22:21:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
    [2013/03/15 11:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
    [2013/03/15 11:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
    [2013/03/14 16:12:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2013/03/13 16:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
    [2013/03/13 16:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\CRE
    [2013/03/13 11:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
    [2013/03/13 11:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

  7. #7
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    ========== Files - Modified Within 30 Days ==========

    [2013/08/10 21:14:20 | 005,117,694 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7061.jpg
    [2013/07/28 02:37:28 | 005,515,350 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7050.jpg
    [2013/07/20 03:37:50 | 039,570,896 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7039.avi
    [2013/07/19 00:42:52 | 005,954,345 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7034.jpg
    [2013/07/16 22:05:42 | 005,037,675 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\DSCF7033.jpg
    [2013/04/25 01:20:20 | 005,354,455 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\DSCF7009.jpg
    [2013/04/17 16:17:32 | 004,733,737 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\DSCF7008.jpg
    [2013/03/29 05:42:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1644491937-839522115-1004UA.job
    [2013/03/29 05:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/29 04:25:20 | 000,194,627 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2013/03/29 01:59:15 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
    [2013/03/29 01:59:15 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Free File Viewer Update Checker.job
    [2013/03/29 01:58:59 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/29 01:58:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/28 15:42:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1644491937-839522115-1004Core.job
    [2013/03/28 09:29:52 | 114,900,889 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2013/03/28 00:04:54 | 000,009,863 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\imagesCAVLYYW6.jpg
    [2013/03/27 17:22:55 | 000,286,275 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2013/03/27 16:57:53 | 000,000,245 | RHS- | M] () -- C:\boot.ini
    [2013/03/25 21:57:17 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/03/24 22:57:59 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
    [2013/03/24 09:27:13 | 002,519,274 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\file34.bmp
    [2013/03/22 13:49:05 | 000,048,949 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Pikachu2.jpg
    [2013/03/22 03:02:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/03/20 22:35:46 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Win32.downloader.gen - Safer-Networking Forums (2).url
    [2013/03/19 21:44:45 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
    [2013/03/19 17:47:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/03/18 22:22:54 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Can't remove Win32.Downloader.gen (2).url
    [2013/03/18 22:21:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe
    [2013/03/17 20:46:41 | 000,320,303 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\barnaby.jpg
    [2013/03/17 12:35:14 | 000,446,160 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/03/17 03:19:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/03/17 03:19:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/03/15 11:16:02 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2013/03/15 11:16:02 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2013/03/14 16:23:11 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\Mark\My Documents\spider.sav
    [2013/03/13 15:45:44 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/03/13 11:13:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/03/13 11:13:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/03/10 10:39:42 | 000,494,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/10 10:39:42 | 000,084,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/28 21:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/08/10 21:14:20 | 005,117,694 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7061.jpg
    [2013/07/28 02:37:28 | 005,515,350 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7050.jpg
    [2013/07/20 03:37:50 | 039,570,896 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7039.avi
    [2013/07/19 00:42:52 | 005,954,345 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7034.jpg
    [2013/07/16 22:05:40 | 005,037,675 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\DSCF7033.jpg
    [2013/04/25 01:20:18 | 005,354,455 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\DSCF7009.jpg
    [2013/04/17 16:17:30 | 004,733,737 | ---- | C] () -- C:\Documents and Settings\Mark\My Documents\DSCF7008.jpg
    [2013/03/28 00:06:27 | 000,009,863 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\imagesCAVLYYW6.jpg
    [2013/03/24 09:27:12 | 002,519,274 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\file34.bmp
    [2013/03/22 17:33:53 | 000,048,949 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Pikachu2.jpg
    [2013/03/20 22:35:46 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Win32.downloader.gen - Safer-Networking Forums (2).url
    [2013/03/19 21:44:45 | 000,000,263 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance) - Safer-Networking Forums.url
    [2013/03/18 22:22:54 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Can't remove Win32.Downloader.gen (2).url
    [2013/03/17 20:46:40 | 000,320,303 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\barnaby.jpg
    [2013/03/13 11:13:57 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
    [2013/03/13 11:13:57 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2012/12/07 19:00:42 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\mcs.rma
    [2012/12/07 19:00:42 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\7CFF17
    [2012/06/24 19:04:26 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ka.ini
    [2009/02/09 03:08:58 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2009/06/04 02:56:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Base Services ==========
    SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
    SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
    SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
    SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
    SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
    SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
    SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
    SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
    SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
    SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
    SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
    SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
    SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
    SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
    SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
    SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
    SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
    SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
    SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
    SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
    SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
    SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
    SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
    SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
    SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
    SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
    SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
    SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
    SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
    SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
    SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
    SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
    SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
    SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
    SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
    SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
    SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
    SRV - [2008/05/19 02:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
    SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
    No service found with a name of Wmi
    SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
    SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
    SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

    < %systemdrive%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2004/08/04 02:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: SERVICES >
    [2002/08/29 07:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

    < MD5 for: SERVICES.CFG >
    [2012/12/18 09:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
    [2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

    < MD5 for: SERVICES.EXE >
    [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
    [2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
    [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
    [2004/08/04 02:56:55 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

    < MD5 for: SERVICES.LNK >
    [2009/01/23 01:11:05 | 000,001,602 | ---- | M] () MD5=53A2135C5403602F0568B2F2AA4B1949 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

    < MD5 for: SERVICES.MSC >
    [2002/08/29 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

    < MD5 for: SERVICES.SBS >
    [2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

    < MD5 for: SVCHOST.EXE >
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
    [2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
    [2004/08/04 02:56:57 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2004/08/04 02:56:57 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2004/08/04 02:56:57 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < MD5 for: WINSOCK.DLL >
    [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
    [2002/08/29 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

    < End of report >

  8. #8
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    OTL Extras logfile created on: 3/29/2013 5:43:21 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Mark\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.50 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 69.16% Memory free
    4.34 Gb Paging File | 3.52 Gb Available in Paging File | 81.13% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.53 Gb Total Space | 18.02 Gb Free Space | 24.17% Space Free | Partition Type: NTFS
    Drive E: | 465.76 Gb Total Space | 363.60 Gb Free Space | 78.07% Space Free | Partition Type: NTFS

    Computer Name: BIGCOMPY | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "8375:TCP" = 8375:TCP:*:Enabled:League of Legends Launcher
    "8375:UDP" = 8375:UDP:*:Enabled:League of Legends Launcher
    "8376:TCP" = 8376:TCP:*:Enabled:League of Legends Launcher
    "8376:UDP" = 8376:UDP:*:Enabled:League of Legends Launcher
    "8377:TCP" = 8377:TCP:*:Enabled:League of Legends Launcher
    "8377:UDP" = 8377:UDP:*:Enabled:League of Legends Launcher
    "8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
    "8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
    "8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
    "8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
    "8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
    "8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
    "8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
    "8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "8382:TCP" = 8382:TCP:*:Enabled:League of Legends Launcher
    "8382:UDP" = 8382:UDP:*:Enabled:League of Legends Launcher
    "8383:TCP" = 8383:TCP:*:Enabled:League of Legends Launcher
    "8383:UDP" = 8383:UDP:*:Enabled:League of Legends Launcher

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe" = C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3
    "E:\Games\LoL\Riot Games\League of Legends\air\LolClient.exe" = E:\Games\LoL\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
    "E:\Games\LoL\Riot Games\League of Legends\game\League of Legends.exe" = E:\Games\LoL\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
    "E:\UT3\Binaries\UT3.exe" = E:\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
    "E:\Steam\Steam.exe" = E:\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe" = C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:Free File Viewer Update Checker -- (Bitberry Software)
    "E:\Games\World of Warcraft\Launcher.exe" = E:\Games\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
    "E:\Games\StarCraft II\StarCraft II.exe" = E:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
    "E:\Games\StarCraft II\Versions\Base15405\SC2.exe" = E:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II
    "E:\Games\World of Warcraft\Launcher.patch.exe" = E:\Games\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "E:\Warcraft III\Warcraft III.exe" = E:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
    "E:\Games\World of Warcraft\BackgroundDownloader.exe" = E:\Games\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
    "E:\Games\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe" = E:\Games\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
    "E:\Steam\steamapps\common\thief_gold\THIEF.EXE" = E:\Steam\steamapps\common\thief_gold\THIEF.EXE:*:Enabled:Thief Gold -- (Looking Glass Studios)
    "E:\Games\World of Warcraft\Temp\WoW-4.3-5.0.15890-enUS-Downloader.exe" = E:\Games\World of Warcraft\Temp\WoW-4.3-5.0.15890-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe:*:Enabled:Blizzard Agent
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
    "E:\Games\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe" = E:\Games\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe:*:Enabled:Blizzard Downloader
    "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
    "E:\Games\StarCraft II\StarCraft II Public Test.exe" = E:\Games\StarCraft II\StarCraft II Public Test.exe:*:Enabled:StarCraft II Public Test -- (Blizzard Entertainment)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
    "C:\Documents and Settings\Mark\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Mark\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.119.08260
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
    "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.2.14
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{55115B99-1B96-479E-AFD6-CE17FC9F94B5}" = AVG 2011
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{760E3EF8-577D-483E-9CB2-E759880AD82E}" = League of Legends
    "{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
    "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{9013B370-99D4-404B-9DB9-779B51CEB5FF}" = LeapFrog My Pals Plugin
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C892C691-99DC-4B49-BEAA-65B96BB3460D}" = The Last Starfighter
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2BDE71B-4622-418D-8B39-118D987B5D80}" = LeapFrog MyOwnLeaptop Plugin
    "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
    "{F0E10150-790C-469E-882D-3EFA82542D2E}" = AVG 2011
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
    "{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
    "7-Zip" = 7-Zip 4.65
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "AVG" = AVG 2011
    "Canon MP280 series User Registration" = Canon MP280 series User Registration
    "CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "comtypes-py2.5" = Python 2.5 comtypes-0.5.2
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "Duke Nukem 3D_is1" = Duke Nukem 3D
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "ERUNT_is1" = ERUNT 1.1j
    "FreeFileViewer_is1" = Free File Viewer 2010
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{C892C691-99DC-4B49-BEAA-65B96BB3460D}" = The Last Starfighter
    "InterVideo WinDVD" = InterVideo WinDVD
    "IrfanView" = IrfanView (remove only)
    "JumpStart Art for Fun" = JumpStart Art for Fun
    "LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
    "Master Of Magic_is1" = Master Of Magic
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
    "Origin" = Origin
    "PIL-py2.5" = Python 2.5 PIL-1.1.6
    "psyco-py2.5" = Python 2.5 psyco-1.6
    "pywin32-py2.5" = Python 2.5 pywin32-212
    "Rhapsody" = Rhapsody
    "SearchProtect" = Search Protect by conduit
    "ST5UNST #1" = Visual Basic 5.0
    "StarCraft II" = StarCraft II
    "Steam App 105600" = Terraria
    "Steam App 211600" = Thief Gold
    "Steam App 400" = Portal
    "Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
    "Unreal" = Unreal
    "Unreal 2 – The Awakening Special Edition_is1" = Unreal 2 – The Awakening Special Edition
    "UPCShell" = LeapFrog Connect
    "Vid-Saver" = Vid-Saver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint
    "Warcraft III" = Warcraft III: All Products

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/27/2013 7:58:42 AM | Computer Name = BIGCOMPY | Source = Microsoft Management Console | ID = 1000
    Description =

    [ System Events ]
    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/26/2013 10:15:30 PM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 3/27/2013 8:11:14 AM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 3/29/2013 2:59:30 AM | Computer Name = BIGCOMPY | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2


    < End of report >

  9. #9
    Security Expert Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,093

    Default

    Hi.

    -Hard Drive space: Now have 18Gb free. 24% free space. Speed has also increased.

    -For Java I went to Windows XP Control Panel, Add or Remove Programs, and uninstalled all the Java files.

    -Optical Drive just had an old scratched DVD game that does sometimes have problems reading. I took it out.
    Acknowledged, lets proceed as follows shall we...

    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

    Code:
    "C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\sn-backup
    and then click on OK.

    Uninstall Program:

    Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

    SearchProtect <-- Has undesirable characteristics.

    To do so, click once on each of the above in turn to highlight and then click on the Remove button.

    Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

    Custom OTL Script:

    • Double-click on OTL.exe to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :Commands
    [CreateRestorePoint]
    
    :OTL
    SRV - [2013/03/17 03:19:19 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/03/06 07:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
    IE - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
    F - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
    FF - prefs.js..extensions.enabledItems: :1.0
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    [2012/10/05 18:33:01 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com
    [2009/11/04 15:34:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
    [2010/09/18 02:45:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/24 11:32:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/17 20:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/17 20:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/18 01:44:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/11/19 21:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2012/12/13 09:07:47 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2010/01/23 03:43:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{635ABD67-4FE9-1B23-4F01-E679FA7484C1}
    [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [GEST] File not found
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O15 - HKU\S-1-5-21-789336058-1644491937-839522115-1004\..Trusted Domains: democraticunderground.com ([www] https in Trusted sites)
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell - "" = AutoRun
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell - "" = AutoRun
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
    [2013/03/17 03:19:17 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/03/17 03:19:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/03/17 03:19:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/03/17 03:19:17 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/03/17 03:19:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/03/17 03:19:16 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    
    :Files
    ipconfig /flushdns /c 
    C:\Program Files\CheckPoint
    C:\Program Files\Java
    C:\Program Files\SearchProtect
    C:\Documents and Settings\Mark\Application Data\SearchProtect
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Alcmtrl"=-
    [HKEY_CURRENT_USER\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"=-
    [HKEY_CURRENT_USER\S-1-5-18\SOFTWARE\\Microsoft\Windows\CurrentVersion\RunOnce] 
    "RunNarrator"=-
    [HKEY_CURRENT_USER\S-1-5-18S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
    "chromium"=-
    "EA Core"=-
    "SearchProtect"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}]
    [-HKEY_CLASSES_ROOT\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [-HKEY_CLASSES_ROOT\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
    [-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
    [-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ]
    [-HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} ]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
    [-HKEY_CLASSES_ROOT\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    [-HKEY_CLASSES_ROOT\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Auto Updater]
    
    :Commands
    [EmptyTemp]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered.
    • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

    Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

    Malwarebytes Anti-Malware:

    Please download the installer for Malwarebytes' Anti-Malware to your desktop.

    Note: The installer will be randomly named, say for example something like 549od2jqai.exe

    • Double-click on the randomly named executable, then follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.

    When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please post that log in your next reply.

    The log can also be found here:

    • Launch Malwarebytes' Anti-Malware
    • Click on the Logs radio tab.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Next:

    When completed the above, please post back the following in the order asked for:

    • How is your computer performing now, any further symptoms and or problems encountered ?
    • OTL Log from the Custom Script.
    • Malwarebytes Anti-Malware Log.
    Member of UNITE

  10. #10
    Junior Member
    Join Date
    Nov 2008
    Posts
    26

    Default

    Computer is running fine now. The original symptoms, a window randomly popping up showing "Installing Windows Update", game windows minimizing on their own, and Spybot detecting it, are all gone.

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Error: No service named JavaQuickStarterService was found to stop!
    Service\Driver key JavaQuickStarterService not found.
    File C:\Program Files\Java\jre7\bin\jqs.exe not found.
    Error: No service named CltMngSvc was found to stop!
    Service\Driver key CltMngSvc not found.
    File C:\Program Files\SearchProtect\bin\CltMngSvc.exe not found.
    Registry key HKEY_USERS\S-1-5-21-789336058-1644491937-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Prefs.js: :1.0 removed from extensions.enabledItems
    Prefs.js: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2\ deleted successfully.
    C:\WINDOWS\system32\npDeployJava1.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2\ not found.
    File C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\skin folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\locale\en-US folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\locale folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\defaults folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\chrome\content folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com\chrome folder moved successfully.
    C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\npdtrmpu.default\extensions\crossriderapp3491@crossrider.com folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} folder moved successfully.
    C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\Components folder moved successfully.
    C:\PROGRAM FILES\AVG\AVG10\FIREFOX4\Chrome folder moved successfully.
    C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 folder moved successfully.
    Folder C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\ not found.
    C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
    File C:\Program Files\Java\jre7\bin\ssv.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    File C:\Program Files\Java\jre7\bin\jp2ssv.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
    File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
    File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    Registry key HKEY_USERS\S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\democraticunderground.com\www\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2abc04-f8ae-11df-b593-001fd0a1aafe}\ not found.
    File "F:\WD SmartWare.exe" autoplay=true not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77ebcfd7-6642-11e2-b64f-001fd0a1aafe}\ not found.
    File F:\KODAK_Camera_Setup_App.exe not found.
    File C:\WINDOWS\System32\javaws.exe not found.
    File C:\WINDOWS\System32\javaw.exe not found.
    File C:\WINDOWS\System32\java.exe not found.
    File C:\WINDOWS\System32\javacpl.cpl not found.
    File C:\WINDOWS\System32\npDeployJava1.dll not found.
    C:\WINDOWS\system32\deployJava1.dll moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Mark\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Mark\Desktop\cmd.txt deleted successfully.
    C:\Program Files\CheckPoint\ZAForceField folder moved successfully.
    C:\Program Files\CheckPoint folder moved successfully.
    C:\Program Files\Java\jre6\lib\ext folder moved successfully.
    C:\Program Files\Java\jre6\lib folder moved successfully.
    C:\Program Files\Java\jre6 folder moved successfully.
    C:\Program Files\Java folder moved successfully.
    File\Folder C:\Program Files\SearchProtect not found.
    File\Folder C:\Documents and Settings\Mark\Application Data\SearchProtect not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Alcmtrl not found.
    Registry key HKEY_CURRENT_USER\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce not found.
    Registry key HKEY_CURRENT_USER\S-1-5-18\SOFTWARE not found.
    Registry key HKEY_CURRENT_USER\S-1-5-18S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce not found.
    Registry key HKEY_CURRENT_USER\S-1-5-18S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce not found.
    Registry key HKEY_CURRENT_USER\S-1-5-18S-1-5-21-789336058-1644491937-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} \ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} \ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_CLASSES_ROOT\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Java Auto Updater\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Google Chrome cache emptied: 7458392 bytes
    ->Flash cache emptied: 56466 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56466 bytes

    User: LocalService
    ->Temp folder emptied: 2052552 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Mark
    ->Temp folder emptied: 103041258 bytes
    ->Temporary Internet Files folder emptied: 1070918254 bytes
    ->Java cache emptied: 43957726 bytes
    ->FireFox cache emptied: 48495960 bytes
    ->Google Chrome cache emptied: 259231911 bytes
    ->Flash cache emptied: 116128786 bytes

    User: NetworkService
    ->Temp folder emptied: 1985304 bytes
    ->Temporary Internet Files folder emptied: 1127996 bytes

    User: Ruth
    ->Temp folder emptied: 3168239 bytes
    ->Temporary Internet Files folder emptied: 333738330 bytes
    ->Java cache emptied: 22635974 bytes
    ->FireFox cache emptied: 6166479 bytes
    ->Flash cache emptied: 14673 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2402640 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5351097 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 506540006 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 57970 bytes
    RecycleBin emptied: 859906461 bytes

    Total Files Cleaned = 3,237.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 03312013_164015

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •