a hijacker keeps reappearing with each S&D scan

O

outpouring

New member
I have been trying to keep my computer clean using different software like Advance System Care, Spybot S&D, Disc Clean Up, CCleaner. I however have a reaccuring hacker so to speak continue to reappear after the clean. It always showes up when I do the Spybot scan. I did a scan this morning, fixed it and did it again not to long ago and there it was again. this is what it says:

Search result list ---
IncrediBar: [SBI $43928D57] Program directory
C:\Documents and Settings\Authorized User\Local Settings\Temp\ImInstaller\

I saved a full .txt file of the S&R scan. I also have the DDS and the AswMBR.txt saved which I am attaching for you to review. I did not see anything like what I got from the S&R scan in the DDS or ASWMBR, but maybe I don't know what to be looking for.

I have downloaded ERUNT I have Windows XP Professional 32-bit SP3, Firefox vs 19.02 and IE8

I don't know how to keep the Incredibar ImInstaller from coming back. I have done much of what was suggested on this site but shy away from the registry. I did not find the word MyStart connected to the incredibar directory that S&R picked up.

thanks for your kind concideration.
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-06 16:11:47
-----------------------------
16:11:47.796 OS Version: Windows 5.1.2600 Service Pack 3
16:11:47.796 Number of processors: 2 586 0xF06
16:11:47.796 ComputerName: AUTHORIZ-28629F UserName: Authorized User
16:11:48.468 Initialize success
16:12:21.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12
16:12:21.234 Disk 0 Vendor: WDC_WD2500JS-00MHB0 02.01C03 Size: 238475MB BusType: 3
16:12:21.390 Disk 0 MBR read successfully
16:12:21.390 Disk 0 MBR scan
16:12:21.390 Disk 0 Windows XP default MBR code
16:12:21.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
16:12:21.406 Disk 0 scanning sectors +488376000
16:12:21.484 Disk 0 scanning C:\WINDOWS\system32\drivers
16:12:30.968 Service scanning
16:12:33.718 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
16:12:35.750 Service MpKsle761535a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EBE9935-4D22-4EDB-958C-DEF884A4DA44}\MpKsle761535a.sys **LOCKED** 32
16:12:35.921 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
16:12:36.859 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
16:12:39.031 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
16:12:42.296 Modules scanning
16:12:47.984 Disk 0 trace - called modules:
16:12:48.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:12:48.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f38ab8]
16:12:48.031 3 CLASSPNP.SYS[f75cefd7] -> nt!IofCallDriver -> \Device\0000006b[0x86f0d9e8]
16:12:48.031 5 ACPI.sys[f7445620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-12[0x86f3cb00]
16:12:48.046 Scan finished successfully
16:14:46.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Authorized User\Desktop\MBR.dat"
16:14:46.562 The log file has been saved successfully to "C:\Documents and Settings\Authorized User\Desktop\aswMBR.txt"
 
Last edited by a moderator:
:snwelcome:


Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR





Go here and download AdwCleaner to your desktop

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

AdwareCleaner.jpg








Download Junkware Removal Tool to your desktop

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.







OTL by OldTimer
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
 
AdwCleaner log

# AdwCleaner v2.200 - Logfile created 04/10/2013 at 21:15:06
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Authorized User - AUTHORIZ-28629F
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Authorized User\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\FCTB000060093
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060093.FCTB000060093Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060093.FCTB000060093Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060093.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060093.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060093.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\FCTB000060093
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\6ptvbrzt.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Blekko");
Deleted : user_pref("browser.search.selectedEngine", "Blekko");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=20[...]

File : C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\prefs.js

C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\user.js ... Deleted !

Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "Buzzdock,Buzzdock,");
Deleted : user_pref("extentions.y2layers.installId", "bcf3c70a-2e0a-4b22-b03c-63cf99312cb5");

-\\ Opera v [Unable to get version]

File : C:\Documents and Settings\Authorized User\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4165 octets] - [10/04/2013 21:12:18]
AdwCleaner[S1].txt - [4296 octets] - [10/04/2013 21:15:06]

########## EOF - C:\AdwCleaner[S1].txt - [4356 octets] ##########
 
JRT txt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Authorized User on Wed 04/10/2013 at 21:40:40.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-57989841-1897051121-725345543-1003\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\tasks\driverscanner.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\blekkotb_031"
Successfully deleted: [Folder] "C:\Documents and Settings\Authorized User\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Authorized User\Application Data\oovootb"
Successfully deleted: [Folder] "C:\Documents and Settings\Authorized User\Local Settings\Application Data\blekkotb_031"
Successfully deleted: [Folder] "C:\Program Files\bigfix"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\Program Files\oovootb"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Authorized User\Application Data\mozilla\firefox\profiles\mxj2tocu.default\prefs.js

user_pref("browser.startup.homepage", "hxxps://ixquick.com/eng/");
Emptied folder: C:\Documents and Settings\Authorized User\Application Data\mozilla\firefox\profiles\mxj2tocu.default\minidumps [15 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/10/2013 at 22:05:44.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL Logfile

OTL logfile created on: 4/10/2013 10:25:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Authorized User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.75 Mb Total Physical Memory | 414.64 Mb Available Physical Memory | 40.90% Memory free
3.82 Gb Paging File | 3.32 Gb Available in Paging File | 86.90% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.80 Gb Free Space | 81.50% Space Free | Partition Type: NTFS

Computer Name: AUTHORIZ-28629F | User Name: Authorized User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Authorized User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - c:\Program Files\IDT\IntelXPV_v83\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll ()
MOD - C:\Program Files\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (STacSV) -- c:\Program Files\IDT\IntelXPV_v83\WDM\stacsv.exe (IDT, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (bezmrzjs) -- System32\Drivers\bezmrzjs.sys File not found
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
DRV - (PsSdkLBF) -- C:\WINDOWS\system32\drivers\pssdklbf.drv (microOLAP Technologies LTD)
DRV - (PsSdk31) -- C:\WINDOWS\system32\drivers\pssdk31.drv (microOLAP Technologies LTD)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{86204eb2-384c-4dae-9595-38f95b9a8bd4}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60093&p={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes\{65119877-70E2-4C07-8FE7-D67BEAA5A0FD}: "URL" = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=english
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-57989841-1897051121-725345543-1006\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=902615"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC%7D:2.01
FF - prefs.js..extensions.enabledAddons: %7B99a0337c-6303-4879-b72e-500fd9aaca8c%7D:3.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/06 18:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/06 18:04:45 | 000,000,000 | ---D | M]

[2008/08/27 02:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Extensions
[2013/03/19 20:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions
[2010/08/27 15:15:33 | 000,000,000 | ---D | M] (Bible Fox Blue) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}
[2010/12/17 21:56:03 | 000,000,000 | ---D | M] (Bible Fox) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}
[2007/08/10 12:08:00 | 000,000,000 | ---D | M] (Bible Fox) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}(2)
[2008/01/12 04:18:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2008/06/24 11:08:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2008/07/06 23:22:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(4)
[2010/08/27 15:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/08/27 15:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/12/17 21:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/05/10 18:15:15 | 000,056,087 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC}.xpi
[2010/06/25 23:08:40 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallConfirm.css
[2010/06/25 23:08:40 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallItemGeneric.png
[2010/04/01 08:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2010/04/01 07:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2010/04/01 09:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2010/04/01 08:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2013/04/07 22:58:41 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\searchplugins\ixquick.xml
[2013/04/06 18:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/06 18:04:44 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2013/04/06 18:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)
[2013/04/06 18:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2013/04/06 18:05:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/19 22:10:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/19 22:10:37 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/16 00:19:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (TextAloud Toolbar) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll (NextUp.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-57989841-1897051121-725345543-1003..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-57989841-1897051121-725345543-1006..\Run: [ooVoo] C\ooVoo.exe /minimized File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Authorized User\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..Trusted Domains: google.com ([b.mail] https in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{839C5D34-0789-4D47-A5F4-D14E41364C1F}: DhcpNameServer = 192.168.123.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Authorized User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Authorized User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/31 09:29:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/10 21:40:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/10 21:40:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/06 18:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/04/06 18:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/06 18:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/31 22:37:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Authorized User\Recent
[2013/03/30 22:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\My Documents\Q-Sciences
[2013/03/22 19:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/19 20:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Desktop\Registration_sheets_for_November
[2013/03/19 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\PC_Drivers_Headquarters
[2013/03/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
[2013/03/19 20:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
[2013/03/19 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Application Data\Reason
[2013/03/19 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Start Menu\Programs\Boost
[2013/03/19 14:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2013/03/19 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2013/03/16 00:04:25 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2013/03/15 23:53:01 | 000,000,000 | ---D | C] -- C:\rei
[2013/03/15 23:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/03/15 23:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\join.me
[2007/09/01 10:49:23 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[43 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/10 22:27:00 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CF3510EA-7E82-4CDD-95EE-2B0EFB946C87}.job
[2013/04/10 22:21:55 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD28DB5B-3C98-4A5B-BDEB-170A25E647C8}.job
[2013/04/10 22:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/10 21:31:18 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/04/10 21:30:25 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/10 21:20:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/10 21:20:25 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/04/10 21:20:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/10 21:20:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/10 21:03:34 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\aswMBR.zip
[2013/04/10 20:50:59 | 000,004,702 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\DDS 04-6-2013 attach.zip
[2013/04/10 20:40:32 | 000,004,674 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\attach.zip
[2013/04/10 18:00:07 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/04/10 06:23:30 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 06:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/08 23:53:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/04/06 18:12:45 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\NTREGOPT.lnk
[2013/04/06 18:12:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\ERUNT.lnk
[2013/04/06 16:14:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\MBR.dat
[2013/04/02 03:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/03/31 00:25:52 | 000,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/31 00:25:52 | 000,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/29 15:50:19 | 000,208,997 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\Doreen PGE.pdf
[2013/03/22 19:32:19 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/22 09:29:33 | 000,142,199 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\IMG_9573.jpg
[2013/03/20 14:27:30 | 000,001,177 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\join.me.lnk
[2013/03/19 22:16:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/19 22:16:25 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/18 23:53:29 | 000,000,836 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2013/03/18 23:53:03 | 000,000,976 | ---- | M] () -- C:\WINDOWS\System32\SettingsFile
[2013/03/17 13:54:54 | 030,508,911 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Support_Info.zip
[2013/03/16 00:25:35 | 000,002,470 | ---- | M] () -- C:\WINDOWS\System32\reimage.nat
[2013/03/16 00:19:56 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript(2).dll
[2013/03/16 00:19:56 | 000,232,448 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecp.acm
[2013/03/16 00:19:50 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/03/16 00:19:48 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[43 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\etc\*.tmp files -> C:\WINDOWS\System32\drivers\etc\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/10 21:02:40 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\aswMBR.zip
[2013/04/10 20:42:54 | 000,004,702 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\DDS 04-6-2013 attach.zip
[2013/04/10 20:40:32 | 000,004,674 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\attach.zip
[2013/04/10 06:01:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/04/06 18:12:45 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\NTREGOPT.lnk
[2013/04/06 18:12:45 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\ERUNT.lnk
[2013/04/06 16:14:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\MBR.dat
[2013/03/30 20:58:22 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/29 15:50:19 | 000,208,997 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\Doreen PGE.pdf
[2013/03/22 19:32:19 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/22 09:29:30 | 000,142,199 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\IMG_9573.jpg
[2013/03/20 14:27:30 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\Authorized User\Start Menu\Programs\join.me.lnk
[2013/03/20 14:27:29 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\join.me.lnk
[2013/03/18 23:53:29 | 000,000,836 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2013/03/18 23:53:03 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\SettingsFile
[2013/03/17 13:54:52 | 030,508,911 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Support_Info.zip
[2013/03/16 01:26:35 | 000,000,412 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CF3510EA-7E82-4CDD-95EE-2B0EFB946C87}.job
[2013/03/16 00:21:30 | 000,002,470 | ---- | C] () -- C:\WINDOWS\System32\reimage.nat
[2013/03/16 00:18:08 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2013/03/16 00:18:08 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2013/03/16 00:18:06 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2013/03/16 00:18:06 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2013/03/16 00:18:06 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2013/03/16 00:17:30 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2013/03/16 00:17:30 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2013/03/16 00:17:30 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2013/03/16 00:17:30 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2013/03/16 00:17:30 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2013/03/16 00:17:29 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2013/03/15 23:53:09 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2012/12/18 17:32:36 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/08/13 11:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files\readme.html
[2012/05/08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012/03/31 23:10:36 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/03/15 20:57:42 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/14 15:17:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/03 13:52:46 | 000,127,589 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\census.cache
[2011/11/03 13:52:22 | 000,207,176 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\ars.cache
[2011/11/03 12:14:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\housecall.guid.cache
[2011/05/10 17:19:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/08/23 16:01:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\prvlcl.dat
[2009/12/09 01:33:52 | 000,000,408 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/11/30 16:52:42 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Authorized User\g2mdlhlpx.exe
[2008/05/08 14:28:55 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 04:07:41 | 000,005,663 | ---- | C] () -- C:\Documents and Settings\Authorized User\Application Data\PrimoPDFSet.xml
[2008/03/21 04:06:46 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Authorized User\Application Data\APUSet.xml
[2007/12/12 13:20:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/09/01 11:05:24 | 002,293,712 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2007/09/01 11:01:00 | 003,655,488 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe

========== ZeroAccess Check ==========

[2007/08/03 13:50:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
OTL Extras txt log

OTL Extras logfile created on: 4/10/2013 10:25:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Authorized User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.75 Mb Total Physical Memory | 414.64 Mb Available Physical Memory | 40.90% Memory free
3.82 Gb Paging File | 3.32 Gb Available in Paging File | 86.90% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.80 Gb Free Space | 81.50% Space Free | Partition Type: NTFS

Computer Name: AUTHORIZ-28629F | User Name: Authorized User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_USERS\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\Authorized User\Local Settings\Application Data\IM\Runtime\IncrediMail_Install.exe" = C:\Documents and Settings\Authorized User\Local Settings\Application Data\IM\Runtime\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AAEE65-C463-44B4-BF7E-FE099C2B44B3}" = Bible Explorer 4 Download Edition
"{118071AB-6572-4FAD-A1FD-67264C994350}" = e-Sword
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel(R) PRO Network Connections 11.2.0.69
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}" = Windows XP Winter Fun Pack Screensavers
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3F702F22-A623-4B6A-41BD-420700558223}_is1" = What's my computer doing 1.xx
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{48963B63-7A10-49D6-8B08-61E6132453D0}" = ViewSonic Monitor Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55CE417E-BCB2-47B6-86B5-B40860D81033}" = Nero 7 Essentials
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B189FD2-B936-4D8A-B329-48A5ECC89FD0}" = WebEx Recording Editor
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}" = e-Sword
"{877CDE57-EB63-4787-AFBA-722191439C09}" = URsearch 0.6.0
"{8EB39AA7-4019-4550-AF6C-BE51BB27B446}" = TC Web Conferencing
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0BCB4D2-73E5-4405-A48B-B805CCDD79DE}" = NextUp-Acapela Elan Ryan22 US English Voice
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B36B2813-018F-41EA-9704-8F403EDD7BE9}" = NextUp-Acapela Elan Heather22 US English Voice
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}" = Jasc Paint Shop Photo Album
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C8F753CF-C578-4138-A870-33149B689FFD}" = ISA 2 basic
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7F1A6E9-5A60-4573-AFBD-4A047A57635E}_is1" = Emphatic Diaglott New Testament (unorthodox - older jw) (edw or diaglott) (1942).bblx version 0
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE332C83-2BCE-4C36-B527-4BD409A8751E}_is1" = NET Bible First Edition 2009
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E23E9487-2B6B-42CA-AE8D-E2369563AB02}" = TRW conferencing
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F9AA6D78-CCE3-435F-9AB2-962A45EF41C8}" = TOA
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows XP Signed Files
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AnarkClient" = Anark Client 1.0
"AT&T Natural Voice Crystal_is1" = AT&T Natural Voices Crystal v. 1.4
"AT&T Natural Voice Mike_is1" = AT&T Natural Voices Mike v. 1.4
"Bible Explorer 4 Download Edition" = Bible Explorer 4 Download Edition
"CBrowser with C.C. A.E. Knoch" = CBrowser with C.C. A.E. Knoch 1.2.0
"CCleaner" = CCleaner
"Christian Research Library PDF_is1" = Early Christian Research Library in Adobe PDF
"CleanUp!" = CleanUp!
"ClickBook_is1" = ClickBook MMX
"Crazy Browser 3.1.0_is1" = Crazy Browser version 3.1.0
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Duplicate File Finder_is1" = Duplicate File Finder 1.1.0.0
"EPSON NX420 Series" = EPSON NX420 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"FoxTab PDF Converter" = FoxTab PDF Converter
"Hardware Helper_is1" = Hardware Helper
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"ISA 2 basic" = ISA 2 basic
"ISA 2.0 - YLT module" = ISA 2.0 - YLT module 1.2.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NewSaver" = NewSaver
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PrimoPDF4.0" = PrimoPDF
"PROSet" = Intel(R) PRO Network Connections Drivers
"ReaJPEG_is1" = ReaJPEG 3.9
"Recuva" = Recuva
"RegCure" = RegCure
"Replay Media Catcher2.10" = Replay Media Catcher
"Replay_Converter_1" = Replay Converter 2.8
"Revo Uninstaller" = Revo Uninstaller 1.94
"Simpo PDF Password Remover_is1" = Simpo PDF Password Remover 1.1.0.0
"Smart Defrag 2_is1" = Smart Defrag 2
"Speccy" = Speccy
"TextAloud3_is1" = TextAloud 3.0
"TU2F" = TU2F
"Will God Be All-In-All" = Will God Be All-In-All
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.92
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JoinMe" = join.me
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2013 4:06:01 PM | Computer Name = AUTHORIZ-28629F | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.1.0.129, faulting module
kernel32.dll, version 5.1.2600.6293, fault address 0x0000984e.

Error - 3/14/2013 7:57:08 PM | Computer Name = AUTHORIZ-28629F | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.1.0.129, faulting module
kernel32.dll, version 5.1.2600.6293, fault address 0x0000984e.

Error - 3/16/2013 4:50:06 PM | Computer Name = AUTHORIZ-28629F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/16/2013 4:50:06 PM | Computer Name = AUTHORIZ-28629F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/19/2013 2:53:28 AM | Computer Name = AUTHORIZ-28629F | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 3/19/2013 10:13:22 PM | Computer Name = AUTHORIZ-28629F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msmapi32.dll, version 11.0.5601.0, fault address 0x00003bba.

Error - 3/19/2013 10:47:35 PM | Computer Name = AUTHORIZ-28629F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msmapi32.dll, version 11.0.5601.0, fault address 0x00003bba.

Error - 4/6/2013 12:25:29 PM | Computer Name = AUTHORIZ-28629F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msmapi32.dll, version 11.0.5601.0, fault address 0x00003bba.

Error - 4/6/2013 2:15:30 PM | Computer Name = AUTHORIZ-28629F | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module msmapi32.dll, version 11.0.5601.0, fault address 0x00003bba.

Error - 4/11/2013 12:38:48 AM | Computer Name = AUTHORIZ-28629F | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.


< End of report >
 
Good Morning,

Open OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes\{86204eb2-384c-4dae-9595-38f95b9a8bd4}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60093&p={searchTerms}
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes\{65119877-70E2-4C07-8FE7-D67BEAA5A0FD}: "URL" = https://ixquick.com/do/search?query={searchTerms}&cat=web&pl=ie&language=english
[2013/04/07 22:58:41 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\searchplugins\ixquick.xml


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces




Then run a new scan with OTL and post a new log please, also let me know how things are running now ?
 
OTL log after Run Fix

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86204eb2-384c-4dae-9595-38f95b9a8bd4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86204eb2-384c-4dae-9595-38f95b9a8bd4}\ not found.
Registry key HKEY_USERS\S-1-5-21-57989841-1897051121-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{65119877-70E2-4C07-8FE7-D67BEAA5A0FD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65119877-70E2-4C07-8FE7-D67BEAA5A0FD}\ not found.
C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\searchplugins\ixquick.xml moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Authorized User\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Authorized User\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: All Users

User: Authorized User
->Temp folder emptied: 1588032 bytes
->Temporary Internet Files folder emptied: 8121935 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 144876932 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 7039 bytes
->Flash cache emptied: 9352 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 79666 bytes
->FireFox cache emptied: 2014709 bytes

User: NetworkService
->Temp folder emptied: 451226 bytes
->Temporary Internet Files folder emptied: 194146 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 41 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 16552738 bytes
%systemroot%\System32 .tmp files removed: 92311363 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 847727 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 585458054 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 5384952 bytes
RecycleBin emptied: 14976 bytes

Total Files Cleaned = 818.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04112013_023653

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
OTL Log new scan

OTL logfile created on: 4/11/2013 2:48:51 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Authorized User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.75 Mb Total Physical Memory | 390.17 Mb Available Physical Memory | 38.49% Memory free
3.82 Gb Paging File | 3.34 Gb Available in Paging File | 87.39% Paging File free
Paging file location(s): C:\pagefile.sys 3000 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 190.33 Gb Free Space | 81.73% Space Free | Partition Type: NTFS

Computer Name: AUTHORIZ-28629F | User Name: Authorized User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Authorized User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
PRC - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe (IObit)
PRC - C:\Program Files\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - c:\Program Files\IDT\IntelXPV_v83\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}\components\TextAloud3Adapter.dll ()
MOD - C:\Program Files\program\libxml2.dll ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl ()
MOD - C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\IObit\Smart Defrag 2\NtfsData.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdvancedSystemCareService6) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (spupdsvc) -- C:\WINDOWS\system32\spupdsvc.exe (Microsoft Corporation)
SRV - (STacSV) -- c:\Program Files\IDT\IntelXPV_v83\WDM\stacsv.exe (IDT, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SetupNTGLM7X) -- D:\NTGLM7X.sys File not found
DRV - (NTACCESS) -- D:\NTACCESS.sys File not found
DRV - (MSICPL) -- D:\install4\MSICPL.sys File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (GMSIPCI) -- D:\INSTALL\GMSIPCI.SYS File not found
DRV - (bezmrzjs) -- System32\Drivers\bezmrzjs.sys File not found
DRV - (MpKsl8e2a9956) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C52A8FCB-5ACD-4DA8-93D6-C35AB52FAE38}\MpKsl8e2a9956.sys (Microsoft Corporation)
DRV - (SmartDefragDriver) -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys ()
DRV - (PsSdkLBF) -- C:\WINDOWS\system32\drivers\pssdklbf.drv (microOLAP Technologies LTD)
DRV - (PsSdk31) -- C:\WINDOWS\system32\drivers\pssdk31.drv (microOLAP Technologies LTD)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1897051121-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-57989841-1897051121-725345543-1006\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=902615"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC%7D:2.01
FF - prefs.js..extensions.enabledAddons: %7B99a0337c-6303-4879-b72e-500fd9aaca8c%7D:3.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=902615&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/06 18:05:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/06 18:04:45 | 000,000,000 | ---D | M]

[2008/08/27 02:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Extensions
[2013/03/19 20:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions
[2010/08/27 15:15:33 | 000,000,000 | ---D | M] (Bible Fox Blue) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}
[2010/12/17 21:56:03 | 000,000,000 | ---D | M] (Bible Fox) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}
[2007/08/10 12:08:00 | 000,000,000 | ---D | M] (Bible Fox) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}(2)
[2008/01/12 04:18:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2008/06/24 11:08:02 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(3)
[2008/07/06 23:22:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(4)
[2010/08/27 15:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/08/27 15:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/12/17 21:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011/05/10 18:15:15 | 000,056,087 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC}.xpi
[2010/06/25 23:08:40 | 000,001,182 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallConfirm.css
[2010/06/25 23:08:40 | 000,001,937 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\mac\mozapps\xpinstall\xpinstallItemGeneric.png
[2010/04/01 08:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2010/04/01 07:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{0c2508e6-de4c-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2010/04/01 09:10:00 | 000,001,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallConfirm.css
[2010/04/01 08:51:04 | 000,001,362 | ---- | M] () (No name found) -- C:\Documents and Settings\Authorized User\Application Data\Mozilla\Firefox\Profiles\mxj2tocu.default\extensions\{646f1212-bb24-11db-8314-0800200c9a66}\chrome\win\mozapps\xpinstall\xpinstallItemGeneric.png
[2013/04/06 18:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/06 18:04:44 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2013/04/06 18:04:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}(2)
[2013/04/06 18:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com
[2013/04/06 18:05:19 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/19 22:10:37 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/19 22:10:37 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/11 02:36:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (TextAloud Toolbar) - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files\TextAloud\TAForIE.dll (NextUp.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-57989841-1897051121-725345543-1003..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-57989841-1897051121-725345543-1006..\Run: [ooVoo] C\ooVoo.exe /minimized File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Authorized User\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1897051121-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..Trusted Domains: google.com ([b.mail] https in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKU\S-1-5-21-57989841-1897051121-725345543-1003\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{839C5D34-0789-4D47-A5F4-D14E41364C1F}: DhcpNameServer = 192.168.123.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Authorized User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Authorized User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/31 09:29:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/11 02:36:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/10 21:40:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/10 21:40:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/06 18:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/04/06 18:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/04/06 18:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/31 22:37:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Authorized User\Recent
[2013/03/30 22:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\My Documents\Q-Sciences
[2013/03/22 19:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/19 20:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Desktop\Registration_sheets_for_November
[2013/03/19 20:23:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\PC_Drivers_Headquarters
[2013/03/19 20:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IncrediMail
[2013/03/19 20:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
[2013/03/19 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Application Data\Reason
[2013/03/19 17:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Start Menu\Programs\Boost
[2013/03/19 14:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2013/03/19 14:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\PCPitstop
[2013/03/16 00:04:25 | 000,000,000 | ---D | C] -- C:\ReimageUndo
[2013/03/15 23:53:01 | 000,000,000 | ---D | C] -- C:\rei
[2013/03/15 23:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/03/15 23:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\join.me
[2007/09/01 10:49:23 | 000,411,248 | ---- | C] (Applian Technologies Inc.) -- C:\Program Files\FLV PlayerRCSetup.exe
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/11 02:52:00 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CF3510EA-7E82-4CDD-95EE-2B0EFB946C87}.job
[2013/04/11 02:51:44 | 000,000,442 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AD28DB5B-3C98-4A5B-BDEB-170A25E647C8}.job
[2013/04/11 02:48:55 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/11 02:39:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/11 02:38:54 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefragUpdate.job
[2013/04/11 02:38:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/11 02:38:52 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/04/11 02:38:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/11 02:36:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/04/11 02:34:13 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\Shortcut to OTL.exe.lnk
[2013/04/11 02:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/10 21:03:34 | 000,001,116 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\aswMBR.zip
[2013/04/10 20:50:59 | 000,004,702 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\DDS 04-6-2013 attach.zip
[2013/04/10 20:40:32 | 000,004,674 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\attach.zip
[2013/04/10 18:00:07 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/04/10 06:23:30 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 06:06:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/08 23:53:00 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/04/06 18:12:45 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\NTREGOPT.lnk
[2013/04/06 18:12:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\ERUNT.lnk
[2013/04/06 16:14:46 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\MBR.dat
[2013/04/02 03:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/03/31 00:25:52 | 000,312,572 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/31 00:25:52 | 000,040,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/29 15:50:19 | 000,208,997 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\Doreen PGE.pdf
[2013/03/22 19:32:19 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/22 09:29:33 | 000,142,199 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\IMG_9573.jpg
[2013/03/20 14:27:30 | 000,001,177 | ---- | M] () -- C:\Documents and Settings\Authorized User\Desktop\join.me.lnk
[2013/03/19 22:16:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/19 22:16:25 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/18 23:53:29 | 000,000,836 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2013/03/18 23:53:03 | 000,000,976 | ---- | M] () -- C:\WINDOWS\System32\SettingsFile
[2013/03/17 13:54:54 | 030,508,911 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Support_Info.zip
[2013/03/16 00:25:35 | 000,002,470 | ---- | M] () -- C:\WINDOWS\System32\reimage.nat
[2013/03/16 00:19:56 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript(2).dll
[2013/03/16 00:19:56 | 000,232,448 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecp.acm
[2013/03/16 00:19:50 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[1 C:\WINDOWS\System32\drivers\etc\*.tmp files -> C:\WINDOWS\System32\drivers\etc\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/11 02:34:13 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\Shortcut to OTL.exe.lnk
[2013/04/10 21:02:40 | 000,001,116 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\aswMBR.zip
[2013/04/10 20:42:54 | 000,004,702 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\DDS 04-6-2013 attach.zip
[2013/04/10 20:40:32 | 000,004,674 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\attach.zip
[2013/04/10 06:01:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/04/06 18:12:45 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\NTREGOPT.lnk
[2013/04/06 18:12:45 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\ERUNT.lnk
[2013/04/06 16:14:46 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\MBR.dat
[2013/03/30 20:58:22 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/29 15:50:19 | 000,208,997 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\Doreen PGE.pdf
[2013/03/22 19:32:19 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/22 09:29:30 | 000,142,199 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\IMG_9573.jpg
[2013/03/20 14:27:30 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\Authorized User\Start Menu\Programs\join.me.lnk
[2013/03/20 14:27:29 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\Authorized User\Desktop\join.me.lnk
[2013/03/18 23:53:29 | 000,000,836 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2013/03/18 23:53:03 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\SettingsFile
[2013/03/17 13:54:52 | 030,508,911 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Support_Info.zip
[2013/03/16 01:26:35 | 000,000,412 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CF3510EA-7E82-4CDD-95EE-2B0EFB946C87}.job
[2013/03/16 00:21:30 | 000,002,470 | ---- | C] () -- C:\WINDOWS\System32\reimage.nat
[2013/03/16 00:18:08 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2013/03/16 00:18:08 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2013/03/16 00:18:06 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2013/03/16 00:18:06 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2013/03/16 00:18:06 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2013/03/16 00:17:30 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2013/03/16 00:17:30 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2013/03/16 00:17:30 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2013/03/16 00:17:30 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2013/03/16 00:17:30 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2013/03/16 00:17:29 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2013/03/15 23:53:09 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2012/12/18 17:32:36 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/08/13 11:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files\readme.html
[2012/05/08 15:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012/03/31 23:10:36 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/03/15 20:57:42 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2012/02/14 15:17:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/03 13:52:46 | 000,127,589 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\census.cache
[2011/11/03 13:52:22 | 000,207,176 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\ars.cache
[2011/11/03 12:14:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\housecall.guid.cache
[2011/05/10 17:19:36 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/08/23 16:01:31 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\prvlcl.dat
[2009/12/09 01:33:52 | 000,000,408 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/11/30 16:52:42 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Authorized User\g2mdlhlpx.exe
[2008/05/08 14:28:55 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Authorized User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/21 04:07:41 | 000,005,663 | ---- | C] () -- C:\Documents and Settings\Authorized User\Application Data\PrimoPDFSet.xml
[2008/03/21 04:06:46 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Authorized User\Application Data\APUSet.xml
[2007/12/12 13:20:00 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/09/01 11:05:24 | 002,293,712 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2007/09/01 11:01:00 | 003,655,488 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe

========== ZeroAccess Check ==========

[2007/08/03 13:50:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/03 08:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/08/25 11:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/10/02 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/25 10:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/10 12:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\clp
[2010/10/25 10:25:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/03 08:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2012/03/31 12:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/08/25 10:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HardwareHelper
[2012/12/22 00:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2008/05/19 13:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/05/19 10:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2013/03/07 19:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/10/02 00:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/12 09:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/11/07 10:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2013/03/19 15:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/02/27 19:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2009/11/21 10:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2007/08/10 12:13:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/01/12 04:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/30 00:44:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/07/26 02:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2008/07/26 02:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wsc
[2011/04/18 20:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/27 20:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/07/26 02:13:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CDF61231-6AD7-4969-B4DD-9E6C0F51DD5E}
[2012/04/03 14:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Acapela Group
[2008/11/05 11:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Audacity
[2010/01/07 14:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\AVG9
[2012/06/16 10:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\blekkotb_019
[2007/11/28 10:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Canon
[2008/10/29 01:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Crossword Compiler 8
[2008/06/21 17:56:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\DMCache
[2009/02/04 17:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\eBookPro6
[2008/06/17 15:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\EBookSys
[2007/09/27 11:30:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\eFax Messenger
[2012/03/06 18:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\EPSON
[2012/12/09 22:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\EurekaLog
[2013/01/23 01:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\GlarySoft
[2007/08/05 10:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\InterVideo
[2007/12/05 13:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\INVISUS
[2012/11/25 12:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\IObit
[2010/04/10 12:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\MsgCnf
[2012/03/24 17:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\MSNInstaller
[2010/05/21 00:29:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\MxBoost
[2010/04/13 20:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\MyShoppingGenie
[2010/06/30 19:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\ooVoo Details
[2009/12/11 17:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\OpenOffice.org
[2008/06/28 23:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Opera
[2011/03/12 09:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\ParetoLogic
[2009/11/23 01:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\ReaSoft
[2013/03/19 17:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Reason
[2010/02/26 10:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\TeamViewer
[2007/12/05 13:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\TuneUp Software
[2012/08/25 12:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Uniblue
[2012/01/26 01:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\uTorrent
[2011/09/23 15:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Windows Desktop Search
[2011/09/23 15:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Authorized User\Application Data\Windows Search
[2012/10/24 08:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\IObit

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
 
:bigthumb:

I need to look over your new log very carefully to make sure nothing was missed, I wont be back online until noon, in the meantime run this program


Please download Malwarebytes from Here or Here

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    MBAMCapture.jpg
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please


If nothing was found than no need for the log but post it if it did find threats, also let me know how your system is behaving now ??
 
MBZM log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.13.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Authorized User :: AUTHORIZ-28629F [administrator]

4/13/2013 5:12:11 PM
mbam-log-2013-04-13 (17-12-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258323
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.IBryte) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Authorized User\My Documents\Downloads\Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.

(end)

Seems like everything is running fine. Just curious why a PUP.lBryte just showed up after downloading Malwarebytes
 
Hi,

Looks like some of the other scanners likr DDS and OTL did not pick it up, Malwarebytes is a reputable program so not to worry


ESET Scanner Grahpics

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the
    esetOnline.png
    button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on
      esetSmartInstall.png
      to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the
      esetSmartInstallDesktopIcon.png
      icon on your desktop.
  4. Check
    esetAcceptTerms.png
  5. Click the
    esetStart.png
    button.
  6. Accept any security warnings from your browser.
  7. Check
    esetScanArchives.png
  8. Make sure that the option "Remove found threats" is Unchecked
  9. Push the Start button.
  10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  11. When the scan completes, push
    esetListThreats.png
  12. Push
    esetExport.png
    , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  13. Push the
    esetBack.png
    button.
  14. Push
    esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
 
Last edited:
Good Morning,

All ESET found was that bad file but it was in the Recovery folder in Spybot. Open Spybot and go to Recovery tab, open it and delete everything inside but not the folder itself. Let me know if you where able to do this.
 
Hi Ken got rid of the items in Spybot

Hi Ken
sorry it took so long to get back to you but my mother board died. Luckily my tech guy had a spare one that worked great for my computer. Just had to update some drivers. Don't know what happened. I guess it was just too old. Anyway, I went into Spybot and clicked on Recovery then selected everything in there and deleted all the selected items. I will run Spybot later to see how everything is. I have an appointment soon and it takes quite a while to do the scan. I'll let you know how it turns out soon ok.:)
 
Ok I ran the spybot scan and again it showed the incredimail HijackersC: IncrediBar: [SBI $43928D57] Program directory (Directory, nothing done)
C:\Documents and Settings\Authorized User\Local Settings\Temp\ImInstaller\

I even tried to delete the file from the ImInstaller folder, but it still comes back.
 
Sorry you had problems, just like cars computers start getting old and things start failing, you never know.

Is incredibar showing up for you to use, your just showing a file in a temp folder.


Boot to Safemode and open the temp folder and delete everything inside but not the folder itself.
C:\Documents and Settings\Authorized User\Local Settings\Temp

Still in safemode run this cleaner

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
 
You must log in or register to reply here.
Back
Top