Boot problems

**torreattack** · 2013-02-11, 03:39

Hi savanna :

It's ok, next time, if you are not sure, I hope you ask before you carry on to avoid make the problem worst.

Let's start with the easy methods:

1. Malwarebytes' Anti-Malware (MBAM)
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform Quick scan, then click on Scan
When done, you will be prompted. Click OK. If Items are found, then click on Show Results
Check all items then click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
Note: If MBAM doesn't return after an update, please start it again.

2. Search with AdwCleaner
Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run it.
Click on Search.
A logfile will automatically open after the scan has finished.
Close the adwCleaner window, click ok to the prompt.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

Thanks,
torreattack

**savanna** · 2013-02-11, 14:29

Thank you for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.11.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Bob :: INSPIRON [administrator]

2/11/2013 6:26:25 AM
mbam-log-2013-02-11 (06-26-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 339698
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 07:27:56
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Bob - INSPIRON
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Documents and Settings\Administrator.INSPIRON\Local Settings\Application Data\AVG Security Toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
Folder Found : C:\Documents and Settings\Bob\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Bob\Application Data\pdfforge
Folder Found : C:\Program Files\AskSearch
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\Program Files\IZArc\OpenCandy
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10211&home=1
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.searchcompletion.com/?si=10211&home=1
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.searchcompletion.com/?si=10211&home=1
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.searchcompletion.com/?si=10211&home=1

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\prefs.js

Found : user_pref("browser.search.order.1", "Blekko");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.twitternotifier.configuration", "{\"config\":{\"short_url_length_hxxps\":21,\"[...]
Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12[...]

File : C:\Documents and Settings\Administrator.INSPIRON\Application Data\Mozilla\Firefox\Profiles\36va78ll.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.1] : icon_url ={"backup":{"_version":3,"browser":{"show_home_button":true},"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","pjkljhegncpnkpknbcohdijeoejaedia"]},"homepage":"hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&tbp=homepage","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&tbp=homepage","hxxp://search.searchcompletion.com/?si=10211&home=1"]}},"browser":{"show_home_button":true,"window_placement":{"bottom":820,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":830,"work_area_left":0,"work_area_right":1152,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":false,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://cdn.eyewonder.com/",["hxxp://cdn.eyewonder.com/",2.60370]],["hxxp://platform.twitter.com/",["hxxp://cdn.api.twitter.com/",1.1019420,"hxxp://p.twitter.com/",1.1019420,"hxxp://r.twimg.com/",0.0681370]],["hxxp://tags.bluekai.com/",["hxxp://i.i.com.com/",0.4313680,"hxxp://rt.legolas-media.com/",0.4313680]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",1.7184420,"hxxp://pack.google.com/",2.60370,"hxxp://themes.googleusercontent.com/",1.7184420,"hxxp://tools.google.com/",2.5904880,"hxxp://www.google-analytics.com/",1.7184420,"hxxp://www.google.com/",2.8151050]],["hxxp://view.atdmt.com/",["hxxp://amch.questionmarket.com/",2.9340210,"hxxp://ec.atdmt.com/",2.273380]],["hxxp://www.cbs.com/",["hxxp://ad.yieldmanager.com/",2.273380,"hxxp://ads.revsci.net/",2.60370,"hxxp://platform.twitter.com/",7.3140660,"hxxp://static.ak.facebook.com/",3.9249810,"hxxp://tags.bluekai.com/",3.2643410,"hxxp://www.cbs.com/",26.6281530,"hxxp://www.facebook.com/",7.8623980,"hxxp://wwwimage.cbs.com/",3.2643410,"hxxps://plusone.google.com/",5.2462620,"hxxps://s-static.ak.facebook.com/",3.2643410]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",1.6761590]],["hxxp://www.google.com/",["hxxp://ajax.googleapis.com/",0.9902840000000001,"hxxp://fonts.googleapis.com/",0.9902840000000001,"hxxp://id.google.com/",0.9902840000000001,"hxxp://ssl.gstatic.com/",1.1341720,"hxxp://www.google.com/",4.5874710]],["hxxps://plusone.google.com/",["hxxps://apis.google.com/",0.3659740,"hxxps://plusone.google.com/",0.7014750]]],"startup_list":[1,"hxxp://ajax.googleapis.com/","hxxp://fonts.googleapis.com/","hxxp://id.google.com/","hxxp://pack.google.com/","hxxp://ssl.gstatic.com/","hxxp://themes.googleusercontent.com/","hxxp://tools.google.com/","hxxp://www.cbs.com/","hxxp://www.google-analytics.com/","hxxp://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"12982289327505250","next_check":"12982306133925250"},"blacklistupdate":{"lastpingday":"12982229989834250","version":"0.0.0.105"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"t","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12982289329815250","lastpingday":"12982229989942250","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"x","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12982289331849250","lastpingday":"12982229989942250","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"w","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12982289330748250","lastpingday":"12982229989942250","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}}},"homepage":"","homepage_is_newtabpage":false,"net":{"hxxp_server_properties":{"clients2.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"ssl.gstatic.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true}}},"ntp":{"pref_version":1,"promo_build":11,"promo_closed":false,"promo_end":1333353540,"promo_feature_mask":0,"promo_group":49,"promo_group_max":99,"promo_group_timeslice":0,"promo_is_logged_in_to_plus":false,"promo_line":"New! Browse the web with twice the mice. <a href=\"hxxp://google.com/chrome/multitask\">Try Chrome Multitask Mode</a>","promo_platform":15,"promo_resource_cache_update":"1337815001.93775","promo_start":1333267260,"promo_views":0,"promo_views_max":15,"shown_sections":29,"tips_cache":{"current_tip":0,"tips":["Click and hold down the back button to see your browsing history.","Customize Google Chrome with themes! Check out designs at the <a href=\"hxxps://tools.google.com/chrome/intl/en/themes/index.html\" target=\"_blank\">Themes Gallery</a>.","Customize Google Chrome with themes! Check out special artist themes at the <a href=\"hxxps://tools.google.com/chrome/intl/en/themes/index.html\" target=\"_blank\">Themes Gallery</a>.\n","Get the latest Google Chrome news at the <a href=\"hxxp://chrome.blogspot.com\">Google Chrome blog</a>.","Press Ctrl+Shift+B to open the bookmark manager. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Whenever you use the find bar, yellow markings on the scrollbar help you quickly locate matches on the page. Learn more about using the <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95635&ctx=tip\">find bar</a>.","Search your bookmarks and browsing history from the address bar. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95440&ctx=tip\">Learn more</a>","To rearrange the order of your tabs, simply click a tab and drag it to different position along the top of the browser window. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95622&ctx=tip\">using tabs</a>.","Quickly resize a tab by dragging it to a docking position on your monitor or browser window. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95622#resize&ctx=tip\">Learn more</a>","Drag a link to the tab strip at the top of your browser window to open it in a new tab.","Press Ctrl+T to open a new tab. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press Ctrl+N to open a new browser window. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","To search a site from the address bar, start typing the site's web address and press Tab when prompted. Then type your search term and press Enter. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95655&ctx=tip\">search tips</a>.\n","Create address bar keywords for search engines you frequently use. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95653&ctx=tips\">Learn how</a>","Press Ctrl and + to enlarge a page; Ctrl and - to make the page smaller; and Ctrl and 0 to return the page to its normal size. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Want to quickly search the page you're viewing? Press Ctrl+F to open the find bar. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95635&ctx=tip\">using the find bar</a>.\n","Press Ctrl+S to save your current webpage. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press Ctrl+P to print your current webpage. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press Ctrl+J to see a list of files you've downloaded. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press Ctrl+H to see your browsing history. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","You can click a tab and drag it out of the tab strip to open it in a new window. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95622&ctx=tips\">using tabs</a>. \n","Press Ctrl+Shift+N to open a new window in incognito mode. Pages you visit while in incognito mode aren't stored in your browsing history. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95464&ctx=tip\">Learn more</a>","Press Ctrl+O to open a file in the browser. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press F11 to go full screen. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Click the star next to the address bar to bookmark the page you're viewing. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95739&ctx=tip\">bookmarking tricks</a>.\n","Place shortcuts for your favorite sites on your computer desktop. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95710&ctx=tip\">Learn more</a>","Want to hide the thumbnails on the New Tab page? Click the thumbnails icon at the top of the page. Learn more about <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95451&ctx=tip\">customizing the display of the page</a>.","Did you know you can drag the star to the bookmarks bar to create a bookmark for the page? Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95739&ctx=tip\">bookmarking tricks</a>.","Did you know you can drag a link to the bookmarks bar to create an instant bookmark? Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95739&ctx=tip\">bookmarking tricks</a>.","Press Ctrl+Shift+T to reopen the last tab you closed. Use this shortcut repeatedly to reopen even more closed tabs. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Don't want to leave traces of your browsing history? Browse in incognito mode. <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95464&ctx=tip\">Learn more</a>","Accidentally closed a window full of tabs? Find it again in the Recently closed section of the New Tab page.","Don't see a home button next to the address bar? Learn how to <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95314&ctx=tip\">add one</a> to get easy access to your home page.","Search directly from the address bar. Type in a search term and press Enter to see immediate search results. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95655&ctx=tip\">search tips</a>.\n","Press Ctrl+B to dock (or undock) your bookmarks bar under the address bar. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>.","Press F6 to quickly place your cursor in the address bar. Learn more <a href=\"hxxp://www.google.com/support/chrome/bin/answer.py?answer=95743&ctx=tip\">keyboard shortcuts</a>."],"topic_id":"24013"},"tips_cache_update":"1257730513.322125","tips_server":"hxxps://clients2.google.com/tools/service/npredir?r=chrometips_win&hl=en-US"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Chrome\\Application\\19.0.1084.52\\gcswf32.dll","version":"11,2,202,235"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32_11_2_202_235.dll","version":"11,2,202,235"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.1.33"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.300.12","path":"C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.300.12"},{"enabled":true,"name":"Java(TM) Platform SE 6 U30","path":"C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.300.12"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Microsoft® Windows Media Player Firefox Plugin","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\np-mswmp.dll","version":"1.0.0.8"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\WINDOWS\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.6.1r629"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"ActiveTouch General Plugin Container","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npatgpc.dll","version":"27, 20, 2010, 715"},{"enabled":true,"name":"ActiveTouch General Plugin Container"},{"enabled":true,"name":"QuickTime Plug-in 7.6.4","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.6.4 (1327.73)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npdrmv2.dll","version":"9.00.00.4503"},{"enabled":true,"name":"Microsoft® DRM","path":"C:\\Program Files\\Windows Media Player\\npwmsdrm.dll","version":"9.00.00.4503"},{"enabled":true,"name":"Microsoft® DRM"},{"enabled":true,"name":"Google Update","path":"C:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll","version":"1.3.21.111"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files\\Microsoft Silverlight\\4.0.60831.0\\npctrl.dll","version":"4.0.60831.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Windows Presentation Foundation"}]},"profile":{"avatar_index":0,"content_settings":{"pref_version":1},"exited_cleanly":true,"id":"not-signed-in","name":"First user","nickname":"","shortcut_created":true},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&tbp=homepage","hxxp://search.searchcompletion.com/?si=10211&home=1"]},"sync_promo":{"startup_count":1,"view_count":1}}

*************************

AdwCleaner[R1].txt - [32807 octets] - [11/02/2013 07:27:56]

########## EOF - C:\AdwCleaner[R1].txt - [32868 octets] ##########

**torreattack** · 2013-02-12, 01:10

Hi savanna :

1. Fix with AdwCleaner
AdwCleaner

Close all open programs and internet browsers.
Right click on adwcleaner.exe and select " Run as administrator " to run it.
Click on Delete.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

2. re-scan with OTL
Please make sure OTL is on your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of OTL.txt ONLY in your next reply.

3. Please give me an update of your computer problem?

Thanks,
torreattack

**savanna** · 2013-02-12, 02:28

OTL.txt is attached as a compressed file.

Thank you for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 18:58:16
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - INSPIRON
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Zynga
Deleted on reboot : C:\Program Files\Zynga
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AskSearch
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files\IZArc\OpenCandy
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

*************************

AdwCleaner[S1].txt - [2698 octets] - [11/02/2013 18:58:16]

########## EOF - \AdwCleaner[S1].txt - [2758 octets] ##########

**torreattack** · 2013-02-12, 17:30

Hi savanna:

Please don't attach the logs unless instructed. You should post the log.

Please make sure you already create an backup of your registry with Erunt before you continue.

1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop

Double click on OTL.exe to run it.
Copy the following text... do not include the quote box title "Quote'

:OTL
PRC - C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
SRV - (stllssvr) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (GEARSecurity) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.INS\LOCALS~1\Temp\catchme.sys File not found
DRV - (AvgArCln) -- System32\DRIVERS\AvgArCln.sys File not found
DRV - (AVG Anti-Rootkit) -- System32\DRIVERS\avgarkt.sys File not found
DRV - (a7kun4k4) -- File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope =
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q="
[2012/02/02 13:22:45 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
[2013/02/07 09:45:31 | 000,555,564 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2011/12/28 17:17:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2011/07/15 07:48:10 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O34 - HKLM BootExecute: (lsdelete)
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548

:Files
C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe
C:\Documents and Settings\Bob\Application Data\ynafzasdaxazdvquptrju3hcert2xtb2\csrss.exe
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]
Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.

2. re-scan with OTL
Please make sure OTL is on your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of ONLY OTL.txt in your next reply.

3. Please give me an update of your computer problem?

thanks,
torreattack

**savanna** · 2013-02-12, 23:02

I tried to run the OTL.exe custom scan two times. Each time it would freeze up on the "C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" file. The first time I kept it running for an hour before I restarted the machine. On the second restart I got the text file that you see at the bottom of this post come up. The PC Alarm Clock software will not start now, but I think I can just re-install it once we are done cleaning the machine. Other programs seem to work OK.

What do you suggest I do next?

Thank you very much for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

**torreattack** · 2013-02-13, 02:22

Hi savanna:

I need to see the complete log, not portion of it. Please check whether there is a log at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.

Btw, let's try again without the "C:\DOCUME~1\Bob\LOCALS~1\Temp\ex132np1.exe" file.

1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop

Double click on OTL.exe to run it.
Copy the following text... do not include the quote box title "Quote'

:OTL
PRC - C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
SRV - (stllssvr) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- File not found
SRV - (GEARSecurity) -- File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (NLNdisPT) -- system32\DRIVERS\nlndis.sys File not found
DRV - (NLNdisMP) -- system32\DRIVERS\nlndis.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lbd) -- system32\DRIVERS\Lbd.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ADMINI~1.INS\LOCALS~1\Temp\catchme.sys File not found
DRV - (AvgArCln) -- System32\DRIVERS\AvgArCln.sys File not found
DRV - (AVG Anti-Rootkit) -- System32\DRIVERS\avgarkt.sys File not found
DRV - (a7kun4k4) -- File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.searchcompletion.com/?si=10211&home=1
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope =
FF - prefs.js..browser.search.defaultengine: "Complitly"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=12BAD2A56E715549578C1A4FD362E733&q="
[2012/02/02 13:22:45 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\DTToolbar@toolbarnet.com
[2013/02/07 09:45:31 | 000,555,564 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{40346aa9-a9d7-b1c4-ad87-bb0d0a1c10b8}.xpi
[2011/12/28 17:17:20 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\searchplugins\daemon-search.xml
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
[2013/02/06 06:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2011/07/15 07:48:10 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe (Aquarius Soft)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_30)
O34 - HKLM BootExecute: (lsdelete)
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548

:Files
ipconfig /flushdns /c

:Commands
[EmptyTemp]
[CreateRestorePoint]
Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK.
When the scan completes, Notepad will open with the scan results.
Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.

2. re-scan with OTL
Please make sure OTL is on your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Click the Scan All Users checkbox.
Leave the remaining selections to the default settings.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened, maximized
- Extras.txt <-- Will be minimized on task bar.
Please post the contents of ONLY OTL.txt in your next reply.

3. Please give me an update of your computer problem? Does it boot problem solve?

The PC Alarm Clock software will not start now, but I think I can just re-install it once we are done cleaning the machine.

I removed it, you might find more info here:
http://www.emsisoft.com/en/malware/A...ft-remove.aspx

thanks,
torreattack

**savanna** · 2013-02-13, 13:09

The same thing happened again, but this time it froze on the "ipconfig /flushdns /c" file. Both freeze ups were associated with "Processing 034 -HKLM Boot Execute (Isdelete)".

Are you suggesting that the Aquarius Soft PC Alarm Clock, which I purchased and have been using for over a year has some sort of malware in it. I run Spybot and Malwarebytes on a regular basis and they never flagged anything. Do you recommend that I remove it and never use it again?

Thank you for your help.

**torreattack** · 2013-02-14, 03:43

Hi savanna,

According to http://www.emsisoft.com/en/malware/A...ft-remove.aspx, the software is bundled with malware, it is not my opinion. Whether you want to use it or not, it it up to you. But only after we finish.

1. Let's forget about the fix and post a fresh OTL log.

2. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.
Next hold down Control then click on the following link to open a new window to ESET online scannner
Then click on Run ESET Online Scanner

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on Start.
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on Finish.
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

3. Does computer boot faster now?

4. Any other issue?

torreattack

**savanna** · 2013-02-15, 16:44

Yes, the computer does seem to boot a little faster now. Everything else seems to run fine too.

Eset found 6 threats. Should I re-scan and remove those threats?

Thank you for all your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 2/14/2013 6:03:48 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.16% Memory free
3.84 Gb Paging File | 3.25 Gb Available in Paging File | 84.80% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 30.27 Gb Free Space | 10.16% Space Free | Partition Type: NTFS
Drive F: | 2794.51 Gb Total Space | 569.86 Gb Free Space | 20.39% Space Free | Partition Type: NTFS

Computer Name: INSPIRON | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\e534d8e15df8611bc3174e5f2377a093\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\a5727a2f48522da538ac54d1127c3c4f\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\1799a304573e4faf5a8d9223e5e4fbb0\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0c6552cb44af800ced291796ff32b748\System.ServiceModel.Routing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8f02a194fe5bce225a63ca0587065830\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ab0b49150543e689844c607fe344057d\System.ServiceModel.Channels.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\db54a8a55271ac4ce8bbaa435f474ed6\System.ServiceModel.Activities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\90aa475ae4f67c45538cede327c086aa\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\68b0fc15aa862e54593dd85b59116998\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\d39d7af1c84535e19dbf92d804f906a2\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\72ed473252336750a7d22aff2558d51b\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\6e903ce8719e50acd783f8726b11249f\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f616e6911a3d461193cd0e6e003adca5\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fe0d8dda05b9d38bbb664432300b4f42\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3b7f418545abc074940776fea9ad635e\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\80383b3ebbbeb285cb6164b84d3e1e85\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\7256e28382f57416b828a0cc143b67b3\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\9a75548aa508a2645318308885b3eee0\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\25884c52a01d74137ffacdb51d8f2d04\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3ca69d589c23a0be94f3858f72e7a595\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a0db56351a1589e44868456609b01737\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6133e360071a2fa7ba7deb483816e585\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Program Files\My Lockbox\FSPFlt.dll ()
MOD - C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
MOD - C:\Program Files\IZArc\IZArcCM.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libeay32.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll ()
MOD - C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()

========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Seagate Dashboard Services) -- C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
SRV - (Guard Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (EaseUS Agent) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (a2kusuat) -- File not found
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (EUBKMON) -- C:\WINDOWS\system32\drivers\EUBKMON.sys ()
DRV - (EUFDDISK) -- C:\WINDOWS\system32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\WINDOWS\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUDSKACS) -- C:\WINDOWS\system32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys ()
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (FSProFilter) -- C:\WINDOWS\system32\drivers\FSPFltd.sys (FSPro Labs)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (TotRec7) -- C:\WINDOWS\system32\drivers\TotRec7.sys (High Criteria inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (symsnap) -- C:\WINDOWS\system32\drivers\symsnap.sys (StorageCraft)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (sonypvs1) -- C:\WINDOWS\system32\drivers\sonypvs1.sys (Sony Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.5
FF - prefs.js..extensions.enabledAddons: LogMeInClient%40logmein.com:1.0.0.1007
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Bob\Local Settings\Application Data\Citrix\Plugins\79\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/11 18:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 06:42:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4633C16E-71E6-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\Bob\Local Settings\Application Data\{4633C16E-71E6-11E1-826D-B8AC6F996F26}\ [2012/03/19 11:09:18 | 000,000,000 | ---D | M]

[2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions
[2009/01/30 07:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/02/12 14:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions
[2010/04/27 12:30:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2011/02/04 09:48:10 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/04/27 12:30:04 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(2)
[2011/02/17 10:31:26 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}(3)
[2013/01/15 10:28:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/02/17 10:31:25 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant(2).com
[2013/01/16 10:29:39 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\anttoolbar@ant.com
[2013/01/31 05:38:22 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\LogMeInClient@logmein.com
[2012/09/19 16:53:51 | 000,000,000 | ---D | M] (Echofon) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\twitternotifier@naan.net
[2012/12/23 10:23:12 | 000,030,502 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/09/05 14:43:52 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/02/12 14:48:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 06:42:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/19 14:22:47 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2012/04/19 14:10:00 | 000,586,040 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/08/20 17:58:13 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2011/05/19 14:22:19 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2012/08/30 05:21:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/16 07:10:46 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/19 15:34:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DBAgent] C:\Program Files\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [rfagent] C:\Junk Non-Backup\Registry First Aid Move\RFA\rfagent.exe (KsL Software)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [\\UPSTAIRS_PRECIS\EPSON NX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-602162358-1972579041-839522115-1003..\Run: [Uploader] C:\Program Files\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Bob\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-602162358-1972579041-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/Tec...cueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logmein.com/activex/RACtrl.cab (Remote Access ActiveX Client)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1349819256953 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pu...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A}: NameServer = 74.40.74.40,74.40.74.41
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Santa Fe Stucco.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/21 13:10:11 | 000,000,000 | ---D | M] - C:\Auto Repair -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 21:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 14:48:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/11 18:54:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/02/07 22:19:18 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/06 06:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/24 08:51:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/24 08:51:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/24 08:50:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2013/01/24 06:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\McAfee
[2013/01/22 10:52:08 | 000,000,000 | ---D | C] -- C:\THD
[2013/01/21 10:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\My Kindle Content
[2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Start Menu\Programs\Amazon
[2013/01/21 10:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\Local Settings\Application Data\Amazon
[2013/01/21 10:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/01/19 16:00:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/01/19 15:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/01/15 10:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\dwhelper
[2008/05/15 10:40:56 | 000,557,056 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Bob\GoToAssist_phone__317_en.exe
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/14 05:59:06 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\Bob Merge.job
[2013/02/14 05:58:53 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Bob.job
[2013/02/14 05:54:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/14 05:53:33 | 000,199,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/14 05:53:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/13 22:40:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 22:35:53 | 000,625,484 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 22:35:53 | 000,130,028 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/13 22:19:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/13 20:12:16 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
[2013/02/13 14:08:55 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/11 18:58:36 | 000,000,124 | ---- | M] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/02/11 18:55:35 | 000,587,659 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
[2013/02/11 18:54:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.exe
[2013/02/11 14:57:20 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2013/02/11 06:51:31 | 000,105,016 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Bob\Desktop\g2m_download.exe
[2013/02/07 22:19:45 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/07 22:19:45 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/07 22:19:26 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/02/02 18:25:07 | 001,097,433 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
[2013/01/30 10:32:08 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
[2013/01/29 14:02:43 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
[2013/01/28 18:59:59 | 000,006,198 | ---- | M] () -- C:\130129.html
[2013/01/28 18:59:24 | 000,006,198 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\130129.html
[2013/01/25 21:55:44 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013/01/23 18:02:32 | 000,000,334 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
[2013/01/22 17:47:11 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2013/01/22 15:01:46 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
[2013/01/21 10:32:45 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
[2013/01/20 00:30:56 | 000,004,096 | -HS- | M] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
[2013/01/19 21:54:27 | 000,306,176 | -HS- | M] () -- C:\EUMONBMP.SYS
[2013/01/19 18:23:58 | 000,249,385 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
[2013/01/19 15:34:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/19 11:28:19 | 000,000,257 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
[2013/01/15 14:56:11 | 000,000,319 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
[5 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 18:58:33 | 000,000,124 | ---- | C] () -- C:\WINDOWS\DeleteOnReboot.bat
[2013/02/11 18:55:36 | 000,587,659 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\adwcleaner.exe
[2013/02/02 18:25:03 | 001,097,433 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TSperform.pdf
[2013/01/30 10:32:08 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TS Gotchas.url
[2013/01/29 14:02:43 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradeStation Forum - Blocking trades after a loser..url
[2013/01/29 05:35:47 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/28 18:59:59 | 000,006,198 | ---- | C] () -- C:\130129.html
[2013/01/28 18:59:23 | 000,006,198 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\130129.html
[2013/01/22 15:01:46 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\TradersHelpDesk Videos.URL
[2013/01/21 10:32:45 | 000,001,679 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Kindle.lnk
[2013/01/20 00:30:56 | 000,004,096 | -HS- | C] () -- C:\{CAF53BCB-6014-4F5E-A49F-710FDD75DCF9}.CBM
[2013/01/19 20:49:13 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Malware Removal - Safer-Networking Forums.URL
[2013/01/19 18:23:56 | 000,249,385 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\VolumeAnalysis.pdf
[2013/01/19 11:28:19 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\Day Traders -- Price, Volume and low Risk (Los Angeles, CA) - Meetup.URL
[2013/01/15 14:56:11 | 000,000,319 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\New Guy Question = Difference between Buy Ask and Buy Bid - NinjaTrader.URL
[2012/11/21 18:24:36 | 000,017,420 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/10/11 06:31:15 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2012/08/29 21:07:36 | 000,161,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-602162358-1972579041-839522115-1003-0.dat
[2012/08/29 21:07:32 | 000,111,122 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/10 09:38:04 | 000,000,007 | RH-- | C] () -- C:\Documents and Settings\Bob\hwid
[2012/03/25 10:13:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/25 10:13:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/25 10:13:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/25 10:13:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/25 10:13:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/16 10:24:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 18:58:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/11/12 08:08:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/09 06:17:31 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Bob\CPI.csv
[2011/09/21 09:30:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/08/30 05:44:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat
[2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/29 15:53:33 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/07/29 15:53:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/27 10:10:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/07/24 05:38:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2011/06/11 07:58:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/06/11 07:58:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/06/08 22:12:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\NtDirect.dll
[2011/05/24 22:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/05/21 05:01:00 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/04/14 08:55:47 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\1.gif
[2011/04/04 07:27:25 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548r
[2011/04/04 07:27:25 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~19914548
[2011/03/07 06:33:12 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\mainhst.zgh
[2011/01/21 11:44:39 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/03 10:43:23 | 008,410,624 | ---- | C] () -- C:\Program Files\HTML Guardian 7.msi
[2009/08/23 09:44:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\PUTTY.RND
[2009/04/29 05:51:16 | 000,006,059 | ---- | C] () -- C:\Documents and Settings\Bob\r
[2009/01/17 09:07:58 | 012,124,160 | ---- | C] () -- C:\Documents and Settings\Bob\ntuser.bak
[2008/01/19 09:18:52 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\SAS7_000.DAT
[2008/01/14 09:55:30 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\FASTWiz.html
[2008/01/13 12:58:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/13 12:41:40 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/13 12:21:42 | 000,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

========== ZeroAccess Check ==========

[2008/03/18 09:34:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/11/01 14:35:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f820244970c2ac418f31792cb333a623
# engine=13161
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-02-15 01:53:32
# local_time=2013-02-15 07:53:32 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=189748
# found=6
# cleaned=0
# scan_time=6284
sh=7BC2C43D8F55AEC9CEB5FFB1749C52B385650A77 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\17\4fd08551-17cd532c"
sh=10825AE5BA011F2EC26F215B6E38809B9EA5241F ft=0 fh=0000000000000000 vn="a variant of Java/Agent.DN trojan" ac=I fn="C:\Documents and Settings\Bob\Application Data\Sun\Java\Deployment\cache\6.0\26\f41b55a-286701e8"
sh=5107448F7AF18FDD3B60A11FB5E90FE55E3FB3BD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Documents and Settings\Bob\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\6fdd73a9-3d85a2a0"
sh=7BCE65F98361339985D4E3B8F08AFC034D014499 ft=0 fh=0000000000000000 vn="probably a variant of Win32/Monitor.EmployeeActMon application" ac=I fn="C:\Junk\KeyLogger\S50G37P14T1081880F7345A92.zip"
sh=91EC186153FB33A4562204E4BE5631168C2BA206 ft=1 fh=eb969c333e6297d9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\System Volume Information\_restore{6068B9D1-1234-4DDA-9F1C-9B42EECF3E57}\RP355\A0060418.exe"
sh=8A017A234D9CBC7D6368A800E29119DBAE8712BA ft=1 fh=c71c00115837424f vn="Win32/OpenCandy application" ac=I fn="C:\System Volume Information\_restore{6068B9D1-1234-4DDA-9F1C-9B42EECF3E57}\RP381\A0068832.dll"

Thread: Boot problems

Thread Tools

Display

Posting Permissions