Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 38

Thread: wajam and browserdefender.exe

  1. #11
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not sure why your getting that error, looks like that file is in the folders its supposed to be in. It looks like the OTL fix did what it was supposed to do

    Lets try running AdwCleaner in Safemode and see if it will run

    To Enter Safemode
    • Go to Start> Shut off your Computer> Restart
    • As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
      this will bring up a menu.
    • Use the Up and Down Arrow Keys to scroll up to Safemode
    • Then press the Enter Key on your Keyboard

    Tutorial if you need it How to boot into Safemode


    If it runs post the log please. Either way boot back to normal windows and run a new scan with OTL and post the log, there wont be any extra log so dont drive yourself crazy looking for it
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  2. #12
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Take your time with the instructions, I will be offline until this evening
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default otl and adwcleaner logs

    Hi,

    Thanks for your time today.

    Adwcleaner worked in safe mode! On completion it asked for a restart and came back to normal mode with the log file. The logs say that the folder C:\ProgramData\BrowserDefender has been deleted but it is still there.


    # AdwCleaner v2.303 - Logfile created 06/23/2013 at 18:39:04
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Owner - OWNER-PC
    # Boot Mode : Safe mode with networking
    # Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\Speedbit
    Deleted on reboot : C:\ProgramData\~0
    Deleted on reboot : C:\ProgramData\BrowserDefender
    Deleted on reboot : C:\ProgramData\Speedbit
    Deleted on reboot : C:\Users\Owner\AppData\Local\PackageAware
    Deleted on reboot : C:\Users\Owner\AppData\LocalLow\Speedbit
    Deleted on reboot : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16490

    [OK] Registry is clean.

    -\\ Mozilla Firefox v21.0 (en-US)

    File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncek8pao.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [400 octets] - [23/06/2013 13:13:25]
    AdwCleaner[S2].txt - [9524 octets] - [23/06/2013 13:17:35]
    AdwCleaner[S3].txt - [1389 octets] - [23/06/2013 18:39:04]

    ########## EOF - C:\AdwCleaner[S3].txt - [1449 octets] ##########


    ****************************************
    OTL Log:
    ****************************************
    OTL logfile created on: 06/23/2013 6:44:38 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

    3.96 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 60.03% Memory free
    6.84 Gb Paging File | 5.12 Gb Available in Paging File | 74.89% Paging File free
    Paging file location(s): c:\pagefile.sys 3072 10240 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 288.29 Gb Total Space | 23.66 Gb Free Space | 8.21% Space Free | Partition Type: NTFS
    Drive E: | 9.77 Gb Total Space | 3.09 Gb Free Space | 31.65% Space Free | Partition Type: NTFS
    Drive H: | 2.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
    PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited )
    PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    PRC - C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe (IDT, Inc.)
    SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe (Andrea Electronics Corporation)
    SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (yksvc) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited )
    SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
    SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
    SRV - (sprtsvc_O2DA) -- C:\Program Files (x86)\O2 Assistant\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (tgsrvc_O2DA) -- C:\Program Files (x86)\O2 Assistant\bin\tgsrvc.exe (SupportSoft, Inc.)
    SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- c:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\Drivers\RapportKE64.sys (Trusteer Ltd.)
    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
    DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (NBVol) -- C:\Windows\SysNative\DRIVERS\NBVol.sys (Nero AG)
    DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\DRIVERS\NBVolUp.sys (Nero AG)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (OA009Vid) -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys (Creative Technology Ltd.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (OA009Ufd) -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys (Creative Technology Ltd.)
    DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\DRIVERS\mcdbus.sys (MagicISO, Inc.)
    DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
    DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
    DRV:64bit: - (Ext2fs) -- C:\Windows\SysNative\DRIVERS\ext2fs.sys (Stephan Schreiber)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys (Marvell)
    DRV:64bit: - (IfsMount) -- C:\Windows\SysNative\DRIVERS\ifsmount.sys (Stephan Schreiber)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys (Western Digital Technologies)
    DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
    DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
    DRV - (RapportCerberus_53984) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus64_53984.sys ()
    DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
    DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
    DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=4090115
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - No CLSID value found
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_en
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..\SearchScopes\{A730567D-0EC7-4037-B5FC-0704BD2EE0F9}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/05/18 21:54:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/06 23:15:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/14 22:08:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Owner\AppData\Roaming\IDM\idmmzcc5 [2012/05/26 15:59:49 | 000,000,000 | ---D | M]

    [2013/06/06 23:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2009/04/23 06:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\eclipse\extensions
    [2013/06/16 20:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncek8pao.default\Extensions
    [2013/06/11 18:58:33 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncek8pao.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/06/16 20:09:20 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ncek8pao.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2013/06/07 22:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
    [2013/06/06 23:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/06/06 23:18:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Docs = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/06/23 15:15:11 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
    O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [O2DA] C:\Program Files (x86)\O2 Assistant\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/02/08 23:21:31 | 000,000,000 | -H-D | M]
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
    O8:64bit: - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()
    O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..Trusted Domains: tcs.com ([inchnm02] https in Trusted sites)
    O15 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..Trusted Domains: ultimatix.net ([]https in Trusted sites)
    O15 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..Trusted Domains: ultimatix.net ([icalms] https in Trusted sites)
    O15 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..Trusted Domains: ultimatix.net ([knowmax] https in Trusted sites)
    O15 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..Trusted Domains: ultimatix.net ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..Trusted Domains: ultimatix.net ([www.ultimatix.net] https in Trusted sites)
    O15 - HKU\S-1-5-21-4275679545-3703437013-2739024288-1000\..Trusted Domains: ultimatix.org ([apps] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://uklonm01.tcs.com/dwa8W.cab (Domino Web Access 8 Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.21.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7048C7E9-9A2F-4825-B151-15CA3894F710}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A00907A-4E1C-411B-B75F-A19814F9BAEE}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\gopher - No CLSID value found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{3c28a8b1-be87-11df-b471-0023ae13f647}\Shell\AutoRun\command - "" = sysusb/usbdur.exe
    O33 - MountPoints2\{3c28a8b1-be87-11df-b471-0023ae13f647}\Shell\explore\command - "" = sysusb/usbdur.exe
    O33 - MountPoints2\{3c28a8b1-be87-11df-b471-0023ae13f647}\Shell\open\command - "" = sysusb/usbdur.exe
    O33 - MountPoints2\{477984e5-1788-11e0-badd-0023ae13f647}\Shell - "" = AutoRun
    O33 - MountPoints2\{477984e5-1788-11e0-badd-0023ae13f647}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell - "" = AutoRun
    O33 - MountPoints2\{b2611ab1-d674-11de-80ca-0023ae13f647}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/06/23 15:10:54 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/06/23 13:43:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/06/23 13:42:59 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/23 13:37:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/06/23 13:36:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
    [2013/06/23 00:13:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ProcAlyzer Dumps
    [2013/06/17 20:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
    [2013/06/17 20:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MPC-HC
    [2013/06/17 19:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKV File Player
    [2013/06/17 19:07:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV File Player
    [2013/06/14 19:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack (64-bit)
    [2013/06/14 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mythicsoft
    [2013/06/14 10:12:18 | 000,000,000 | ---D | C] -- C:\New Folder (2)
    [2013/06/14 08:41:42 | 000,000,000 | ---D | C] -- C:\London tour
    [2013/06/13 08:32:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2013/06/13 08:32:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2013/06/13 08:31:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/06/13 08:31:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/06/13 08:31:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2013/06/13 08:31:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2013/06/13 08:31:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2013/06/13 08:31:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2013/06/13 08:31:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2013/06/13 08:31:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2013/06/13 08:31:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/06/13 08:31:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/06/13 08:31:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/06/13 08:31:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/06/13 08:31:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2013/06/12 13:56:48 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
    [2013/06/12 13:56:46 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
    [2013/06/12 13:56:44 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/06/12 13:56:43 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/06/12 13:56:42 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
    [2013/06/12 13:56:39 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
    [2013/06/12 13:55:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
    [2013/06/12 13:55:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
    [2013/06/12 13:55:35 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/06/12 13:55:34 | 000,443,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/06/12 13:55:33 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\printcom.dll
    [2013/06/12 00:34:23 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2013/06/12 00:33:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\malware removal process
    [2013/06/12 00:30:37 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2013/06/11 23:54:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Owner\Desktop\erunt-setup.exe
    [2013/06/11 09:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/06/11 08:32:50 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/06/11 08:31:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/06/11 08:31:39 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/06/11 08:31:39 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/07 00:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/06/07 00:11:27 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/06/07 00:11:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/06/06 23:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/06/06 23:18:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/06/05 15:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
    [2013/06/05 15:54:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
    [2013/06/05 10:22:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solid Savings
    [2013/06/05 10:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
    [2013/05/30 21:25:03 | 000,000,000 | ---D | C] -- C:\tamil songs
    [2013/05/25 22:10:34 | 000,000,000 | ---D | C] -- C:\europe tour
    [2013/05/24 23:15:04 | 000,000,000 | ---D | C] -- C:\B4 Euro Trip Canon
    [2013/05/24 22:54:07 | 000,000,000 | ---D | C] -- C:\B4 EuroTrip Sony
    [1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/06/23 18:43:06 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000UA.job
    [2013/06/23 18:41:37 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/06/23 18:41:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/23 18:41:12 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/23 18:40:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/23 18:39:20 | 000,001,337 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/23 15:15:11 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/06/23 15:10:20 | 000,165,376 | ---- | M] () -- C:\Users\Owner\Desktop\SystemLook_x64.exe
    [2013/06/23 13:37:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2013/06/23 13:36:36 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Owner\Desktop\JRT.exe
    [2013/06/23 13:11:33 | 000,648,201 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2013/06/23 10:22:38 | 000,011,141 | ---- | M] () -- C:\Users\Owner\Desktop\dds.zip
    [2013/06/22 21:43:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4275679545-3703437013-2739024288-1000Core.job
    [2013/06/21 09:39:30 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/06/18 16:14:30 | 000,236,688 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
    [2013/06/17 20:07:19 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\MPC-HC.lnk
    [2013/06/17 19:07:16 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\MKV File Player.lnk
    [2013/06/17 10:10:14 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2013/06/17 10:10:14 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2013/06/14 19:23:35 | 000,805,550 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/06/14 19:23:35 | 000,677,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/06/14 19:23:35 | 000,132,124 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/06/12 00:30:44 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/06/12 00:00:27 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
    [2013/06/11 23:58:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2013/06/11 23:55:57 | 000,000,746 | ---- | M] () -- C:\Users\Owner\Desktop\ERUNT.lnk
    [2013/06/11 23:53:54 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Owner\Desktop\erunt-setup.exe
    [2013/06/11 08:28:36 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/11 08:28:22 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/06/11 08:28:22 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/06/11 08:28:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/06/11 08:28:17 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/06/11 08:28:17 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/06/10 21:29:59 | 000,000,732 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
    [2013/06/07 22:38:38 | 000,002,051 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/06/07 22:38:29 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/06/07 00:11:41 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/06/06 23:18:57 | 000,000,914 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/06/06 23:18:57 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2013/06/06 20:13:34 | 000,001,045 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/06/05 23:42:59 | 000,001,356 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [1 C:\Users\Owner\AppData\Local\*.tmp files -> C:\Users\Owner\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/23 15:10:16 | 000,165,376 | ---- | C] () -- C:\Users\Owner\Desktop\SystemLook_x64.exe
    [2013/06/23 13:14:15 | 000,001,337 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/06/23 13:11:47 | 000,648,201 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2013/06/23 10:22:38 | 000,011,141 | ---- | C] () -- C:\Users\Owner\Desktop\dds.zip
    [2013/06/17 20:07:19 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\MPC-HC.lnk
    [2013/06/17 19:07:16 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\MKV File Player.lnk
    [2013/06/11 23:55:57 | 000,000,746 | ---- | C] () -- C:\Users\Owner\Desktop\ERUNT.lnk
    [2013/06/07 00:12:11 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/06/07 00:12:09 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/06/07 00:12:02 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/06/07 00:11:41 | 000,001,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/06/07 00:11:41 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/06/06 23:39:23 | 000,002,051 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/06/06 23:39:23 | 000,002,027 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2013/06/06 23:18:57 | 000,000,914 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/06/06 23:18:57 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/06/06 23:18:57 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/11/10 21:48:52 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/09/08 22:15:52 | 000,054,694 | ---- | C] () -- C:\Windows\SysWow64\pthreadGC.dll
    [2012/05/02 16:50:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2011/12/19 03:14:09 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
    [2011/12/19 03:14:09 | 000,090,784 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
    [2009/12/01 12:36:46 | 000,000,732 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
    [2009/08/20 01:35:48 | 000,024,226 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
    [2009/08/05 05:02:30 | 000,008,248 | ---- | C] () -- C:\Users\Owner\AppData\Local\en.ini
    [2009/08/05 05:02:29 | 000,006,747 | ---- | C] () -- C:\Users\Owner\AppData\Local\doc_viewer_HTML_EN.zip
    [2009/07/23 13:13:55 | 000,000,311 | ---- | C] () -- C:\Users\Owner\Owner - Shortcut.lnk
    [2009/07/08 05:03:19 | 000,001,356 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
    [2009/04/23 13:44:07 | 000,000,700 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
    [2009/04/19 03:17:54 | 000,084,992 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2010/11/01 14:47:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2010/11/01 14:47:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2011/04/03 01:35:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Abine
    [2012/12/09 16:26:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
    [2011/11/22 02:22:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\avidemux
    [2011/02/28 02:55:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Colasoft MAC Scanner
    [2011/02/28 02:55:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Colasoft Packet Builder
    [2012/07/12 01:17:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DesktopReminder
    [2011/12/06 05:39:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DMCache
    [2009/08/15 04:48:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Eltima Software
    [2011/05/22 15:47:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Fit3DLive
    [2009/07/27 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FlashGet
    [2012/12/01 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GrabPro
    [2012/05/17 03:05:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IDM
    [2009/04/23 06:45:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lotus
    [2010/05/02 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MRTalk
    [2012/06/03 16:49:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NCH Swift Sound
    [2012/12/17 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Orbit
    [2010/12/02 23:20:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
    [2012/12/01 22:01:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ProgSense
    [2010/01/14 10:03:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Propellerhead Software
    [2010/12/27 03:11:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Scooter Software
    [2011/09/08 05:31:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
    [2012/03/10 17:51:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeamViewer
    [2009/05/10 07:10:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
    [2010/10/02 23:16:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Trusteer
    [2012/11/13 21:31:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ulead Systems
    [2013/04/04 21:19:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
    [2011/11/05 06:00:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Wireshark
    [2013/03/31 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ZIP RAR ACE Password Recovery

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:553CA6CA
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:BC359956
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

    < End of report >

  4. #14
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    I'm back earlier than i thought

    First run this free scan and make sure it fixes whatever it finds

    Please download Malwarebytes Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



    The log can also be found here:

    Windows 2000 & Windows XP:
    C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

    Windows Vista & Win7:
    C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs




    Then run SystemLook one more time using this script

    Code:
    :folderfind
    BrowserDefender
    :filefind
    BrowserDefender
    :regfind
    BrowserDefender
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default browdefender still there ...

    Hi,

    I am sorry. I didnt notice that you had replied. I ran the malwarebytes and it fixed two - 1 file and 1 registry. The file was a valid file that I use to see my wifi details not sure if it false alarm or was it really infected. Anyway I know where to download it so I will take it later. The systemlook results are more than I expected I just thought it was in one place but it seems to be in lot of places. Logs as requested. I am in GMT+1 zone and its almost 12:30 AM here. I may go to sleep and may not be able to post any replies immediately. Sorry. I will look at your response in morning and reply to it. Thanks for spending your sunday helping me out.

    Malwarebytes log

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.23.06

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Owner :: OWNER-PC [administrator]

    Protection: Enabled

    06/23/2013 11:49:02 PM
    mbam-log-2013-06-23 (23-49-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223641
    Time elapsed: 9 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Owner\Downloads\wirelesskeyview-x64.zip (PUP.WirelessKeyView) -> Quarantined and deleted successfully.

    (end)

    ******************************************************
    SystemLook Log
    ******************************************************
    SystemLook 30.07.11 by jpshortstuff
    Log created at 00:00 on 24/06/2013 by Owner
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "BrowserDefender"
    C:\ProgramData\BrowserDefender d------ [09:21 05/06/2013]
    C:\Users\All Users\BrowserDefender d------ [09:21 05/06/2013]

    ========== filefind ==========

    Searching for "BrowserDefender"
    No files found.

    ========== regfind ==========

    Searching for "BrowserDefender"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_CURRENT_USER\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68294DFC-01A7-400F-BC7D-B1527DBE3C5F}]
    "Path"="\BrowserDefendert"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}]
    "DllName"="PCTBrowserDefender.dll"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Microsoft\Internet Explorer\TypedURLs]
    "url4"="C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000\Software\Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"
    [HKEY_USERS\S-1-5-21-4275679545-3703437013-2739024288-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe"="Application Manager"

    -= EOF =-

  6. #16
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Info for you

    Files Detected: 1
    C:\Users\Owner\Downloads\wirelesskeyview-x64.zip (PUP.WirelessKeyView) -> Quarantined and deleted successfully.

    This is flagged as potentially unwanted programs, as they can be used to get passwords from a machine



    Use ERUNT to make a back up of your registry, if you have problems with it use this one instead

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-



    • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-



    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.





    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      
      :Services
      
      :Reg
      [-HKEY_CURRENT_USER\Software\BrowserDefender]
      [-HKEY_LOCAL_MACHINE\SOFTWARE\BrowserDefender]	
      
      :Files
      C:\ProgramData\BrowserDefender
      C:\Users\All Users\BrowserDefender
      
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces
    Last edited by ken545; 2013-06-24 at 05:51.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #17
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default OTL log and blank white screen during pc boot

    Hi,

    I took a registry backup using ERUNT and ran the OTL run fix. The BrowserDefender folders have been deleted. I notice a new issue , whenever I restart / turn on the PC i get a blank white screen for about 30 seconds before my desktop appears. My laptop used to slow but I was able to see at least the wallpaper when the startup apps (like avast,adaware..) were starting but now its only a white screen and then after 20 or 30 seconds my wallpaper loads. This started appearing only from yesterday, is this because of malwarebytes anti malware installation or something normal during the cleanup process?

    Thanks for the info about Wirelesskeyview. I live in a hostel like environment and we have lots of wifi's and I switch between rooms often so I use this to see the plain pwd and new roommates need these details often. If this application is sending back the info to server then I am worried but I dont think this app does any such thing.

    ********************************
    OTL LOG
    ********************************

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\BrowserDefender\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\BrowserDefender\ not found.
    ========== FILES ==========
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings folder moved successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension folder moved successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} folder moved successfully.
    C:\ProgramData\BrowserDefender\2.6.1339.144 folder moved successfully.
    C:\ProgramData\BrowserDefender folder moved successfully.
    File\Folder C:\Users\All Users\BrowserDefender not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 168210 bytes
    ->Temporary Internet Files folder emptied: 2901425 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 5537992 bytes
    ->Google Chrome cache emptied: 18636826 bytes
    ->Flash cache emptied: 506 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 95006556 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 117.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 06242013_141746

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

  8. #18
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    That file that Malwarebytes removed looks like it was just the set up file and not the entire program, Google it and see what comes up and you can decide to remove it or not.

    We removed some junk from your computer, not sure about the white screen, try rebooting a few times and see if it changes. It may have to do with removing BrowserDefender
    Outside of that any other issues ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Member
    Join Date
    Sep 2007
    Posts
    42

    Default system boot normal...

    I restarted the pc and the white screen didnt come this time. The system is normal and I don't see any other issues. I cant see the browserdefender anywhere
    Thank you.

  10. #20
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Just for a double check, run SystemLook and input this script



    Code:
    :folderfind
    BrowserDefender
    :filefind
    BrowserDefender
    :regfind
    BrowserDefender
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •