GAC_64 desktop.ini and Win:64.a(?) infection

Solved
By djhitman
Sep 5, 2012
  1. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.24_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.43_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/09/09 20:41:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FreeWorkz Games) - {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Users\Hitman\AppData\Local\FreeWorkz\FreeWorkzIE.dll File not found
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
    O4 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002..\Run: [Facebook Update] C:\Users\Hitman\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9980562D-1032-44AB-A486-681219EA5379}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\22580~1.182\{16CDF~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/11 20:10:02 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Hitman\Desktop\OTL.exe
    [2012/09/11 15:45:29 | 000,024,128 | ---- | C] (Microsoft Corporation) -- C:\Users\Hitman\Desktop\atapi.sys
    [2012/09/09 20:41:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/09 20:40:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/09 20:27:05 | 000,000,000 | ---D | C] -- C:\Users\Hitman\Desktop\rkill
    [2012/09/09 20:23:31 | 001,629,088 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Hitman\Desktop\iExplore.exe
    [2012/09/09 20:22:13 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Hitman\Desktop\Dave_Starr.exe
    [2012/09/08 13:17:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/08 13:17:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/08 13:17:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/08 13:17:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/08 13:16:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/08 12:52:57 | 010,901,120 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Hitman\Desktop\AppRemover.exe
    [2012/09/06 03:04:35 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/05 19:35:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hitman\Desktop\dds.com
    [2012/09/03 23:18:56 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/03 22:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb_soc
    [2012/09/03 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\Malwarebytes
    [2012/09/03 20:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/03 20:48:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/03 20:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/03 20:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/03 14:58:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
    [2012/09/03 14:58:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
    [2012/09/03 11:28:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/09/03 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\781287A802B36D01D0823CC64F147CE7
    [2012/08/26 13:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/08/26 13:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
    [2012/08/26 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/08/26 13:01:57 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Local\Conduit
    [2012/08/26 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    [2012/08/26 13:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2012/08/26 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\PerformerSoft
    [2012/08/26 12:29:57 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
    [2012/08/26 12:29:38 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCPerformer
    [2012/08/17 03:03:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/17 03:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/17 03:03:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/17 03:03:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/17 03:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/17 03:03:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/17 03:03:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/08/17 03:03:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/08/17 03:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/08/17 03:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/08/17 03:03:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/08/17 03:02:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/17 03:02:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/15 16:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
    [2012/08/15 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\HP
    [2012/08/15 16:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [2012/08/15 16:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    [2012/08/15 16:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\HpUpdate
    [2012/08/15 16:06:14 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\SUPERAntiSpyware.com
    [2012/08/15 16:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/08/15 16:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/08/15 16:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/08/15 16:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
    [2012/08/15 15:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
    [2012/08/15 15:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
    [2012/08/15 15:57:59 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70v.dll
    [2012/08/15 15:56:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/08/15 15:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/08/15 15:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/08/15 15:46:04 | 001,403,904 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p02c.dll
    [2012/08/15 15:46:04 | 000,880,640 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p02c.dll
    [2012/08/15 15:46:04 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
    [2012/08/15 15:46:04 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
    [2012/08/15 15:46:03 | 000,515,072 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p02a.dll
    [2012/08/14 22:29:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/14 22:29:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/14 22:29:30 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/14 22:26:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/14 22:25:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/14 22:25:15 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/14 22:25:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/14 22:24:25 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/09/11 20:24:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/11 20:20:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    [2012/09/11 20:10:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Hitman\Desktop\OTL.exe
    [2012/09/11 18:57:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    [2012/09/11 13:20:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    [2012/09/10 21:57:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    [2012/09/09 23:24:03 | 000,165,376 | ---- | M] () -- C:\Users\Hitman\Desktop\SystemLook_x64.exe
    [2012/09/09 20:51:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/09 20:51:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/09 20:41:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/09 20:40:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/09 20:40:41 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/09 20:23:31 | 001,629,088 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Hitman\Desktop\iExplore.exe
    [2012/09/09 20:22:14 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Hitman\Desktop\Dave_Starr.exe
    [2012/09/08 12:52:57 | 010,901,120 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Hitman\Desktop\AppRemover.exe
    [2012/09/08 12:46:45 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHitman.job
    [2012/09/08 12:41:47 | 079,998,836 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm.prepare
    [2012/09/05 23:15:54 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/05 23:15:54 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/05 23:15:54 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/05 19:35:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Hitman\Desktop\dds.com
    [2012/09/05 16:20:00 | 000,302,592 | ---- | M] () -- C:\Users\Hitman\Desktop\67x870q6.exe
    [2012/09/03 23:18:56 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/03 20:48:12 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/26 13:02:01 | 000,000,009 | ---- | M] () -- C:\END
    [2012/08/26 12:59:14 | 000,000,336 | ---- | M] () -- C:\Windows\game.ini
    [2012/08/26 12:30:50 | 000,001,893 | ---- | M] () -- C:\user.js
    [2012/08/17 03:27:24 | 000,286,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/16 19:47:02 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/08/15 16:31:37 | 000,208,080 | ---- | M] () -- C:\Windows\hpoins43.dat
    [2012/08/15 16:25:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/15 16:25:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/08/15 16:18:42 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    [2012/08/15 16:05:58 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/08/15 16:00:29 | 000,208,347 | ---- | M] () -- C:\Windows\hpoins43.dat.temp
    [2012/08/15 16:00:05 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/08/15 15:59:42 | 000,002,059 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    ========== Files Created - No Company Name ==========

    [2012/09/09 23:24:03 | 000,165,376 | ---- | C] () -- C:\Users\Hitman\Desktop\SystemLook_x64.exe
    [2012/09/08 13:17:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/08 13:17:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/08 13:17:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/08 13:17:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/08 13:17:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/05 16:19:59 | 000,302,592 | ---- | C] () -- C:\Users\Hitman\Desktop\67x870q6.exe
    [2012/09/03 20:48:12 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/26 13:02:01 | 000,000,009 | ---- | C] () -- C:\END
    [2012/08/26 12:59:14 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
    [2012/08/15 16:18:41 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    [2012/08/15 16:15:40 | 000,208,347 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
    [2012/08/15 16:15:40 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
    [2012/08/15 16:05:58 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/08/15 16:00:05 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/08/15 15:59:42 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/08/15 15:55:27 | 000,208,080 | ---- | C] () -- C:\Windows\hpoins43.dat
    [2012/08/15 15:55:27 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
    [2012/05/19 20:26:45 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/05/11 19:38:40 | 000,066,832 | ---- | C] () -- C:\Users\Hitman\AppData\Roaming\UserTile.png
    [2011/10/14 20:37:09 | 000,007,602 | ---- | C] () -- C:\Users\Hitman\AppData\Local\Resmon.ResmonCfg

    ========== Files - Unicode (All) ==========
    [2012/09/08 13:05:21 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?%) -- C:\Windows\SysNative\륀%
    [2012/09/08 13:05:21 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?%) -- C:\Windows\SysNative\륀%
    [2012/06/19 07:45:06 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?¾) -- C:\Windows\SysNative\륀¾
    [2012/06/19 07:45:06 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?¾) -- C:\Windows\SysNative\륀¾
    [2012/04/05 13:07:18 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?À) -- C:\Windows\SysNative\륀À
    [2012/04/05 13:07:18 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?À) -- C:\Windows\SysNative\륀À
    < End of report >
  2. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    OTL Extras logfile created on: 9/11/2012 8:11:06 PM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Hitman\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.22% Memory free
    3.87 Gb Paging File | 2.62 Gb Available in Paging File | 67.76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 216.44 Gb Total Space | 163.46 Gb Free Space | 75.52% Space Free | Partition Type: NTFS
    Drive D: | 16.14 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
    Drive F: | 3.76 Gb Total Space | 3.22 Gb Free Space | 85.65% Space Free | Partition Type: FAT32

    Computer Name: HITMAN-HP | User Name: Hitman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{222A544B-E6B7-496F-B4D7-6FE74FF0E616}" = Bing Bar Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2E510276-F614-4AC5-9ACC-465735484A4F}" = Show Presenter
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NIS" = Norton Internet Security
    "PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
    "WildTangent hp Master Uninstall" = HP Games
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "Winamp" = Winamp (remove only)
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WTA-3b06dc08-b771-41c9-8b6f-5bcd4ea2c454" = RollerCoaster Tycoon 3: Platinum

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/27/2012 7:59:52 PM | Computer Name = Hitman-HP | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 8/27/2012 8:26:05 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: ntdll.dll, version: 6.1.7600.16915,
    time stamp: 0x4ec49d10 Exception code: 0xc0000005 Fault offset: 0x00038df9 Faulting
    process id: 0xed8 Faulting application start time: 0x01cd84ae3efc81e0 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: f3e4694e-f0a6-11e1-be07-60eb69299f4f

    Error - 8/28/2012 7:03:02 AM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: ntdll.dll, version: 6.1.7600.16915,
    time stamp: 0x4ec49d10 Exception code: 0xc0000005 Fault offset: 0x00038df9 Faulting
    process id: 0x17e0 Faulting application start time: 0x01cd850c964a08c5 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: eee0c0ee-f0ff-11e1-be07-60eb69299f4f

    Error - 8/28/2012 8:25:43 PM | Computer Name = Hitman-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 14dc Start
    Time: 01cd850cb16d85f3 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 8/28/2012 8:26:18 PM | Computer Name = Hitman-HP | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 8/28/2012 8:26:53 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: MSHTML.dll, version: 9.0.8112.16448,
    time stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x00439633 Faulting
    process id: 0x864 Faulting application start time: 0x01cd857ce8af0258 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\MSHTML.dll Report Id: 3ab59590-f170-11e1-be07-60eb69299f4f

    Error - 8/28/2012 9:31:15 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: BabylonToolbarsrv.exe, version: 1.6.9.0,
    time stamp: 0x5035f49f Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x3d450001 Faulting process id:
    0x14b0 Faulting application start time: 0x01cd857cfd66f998 Faulting application path:
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe
    Faulting
    module path: unknown Report Id: 3902168a-f179-11e1-be07-60eb69299f4f

    Error - 8/28/2012 9:32:09 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: MSHTML.dll, version: 9.0.8112.16448,
    time stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x00439633 Faulting
    process id: 0x1c74 Faulting application start time: 0x01cd8585f350906d Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\MSHTML.dll Report Id: 5931ff8e-f179-11e1-be07-60eb69299f4f

    Error - 8/29/2012 7:08:33 PM | Computer Name = Hitman-HP | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 8/29/2012 8:25:52 PM | Computer Name = Hitman-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2310 Start
    Time: 01cd8645b257a534 Termination Time: 11170 Application Path: C:\Program Files
    (x86)\Internet Explorer\iexplore.exe Report Id:

    [ Hewlett-Packard Events ]
    Error - 8/3/2012 5:24:37 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/24/2012 6:42:51 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/31/2012 8:22:26 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/31/2012 8:25:52 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 9/7/2012 5:48:59 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    [ HP Wireless Assistant Events ]
    Error - 4/28/2012 4:16:47 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/24/2012 6:01:28 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 6/21/2012 5:54:17 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 6/28/2012 2:02:04 AM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 7/21/2012 9:03:00 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 7/31/2012 4:05:54 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
    at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
    hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
    radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
    at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 9/1/2012 11:36:36 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception HardwareAccess hasn't been instantiated properly.
    at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

    Error - 9/8/2012 1:54:04 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception SendDesktopNotification() failed : e_GENERAL_EXCEPTION

    Error - 9/8/2012 1:55:41 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception SendDesktopNotification() failed : e_GENERAL_EXCEPTION

    Error - 9/8/2012 2:25:55 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception SendDesktopNotification() failed : e_GENERAL_EXCEPTION

    [ System Events ]
    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.


    < End of report >
  3. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    You didn't say:
    [​IMG]
  4. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    Seems to be doing better, I still need to dl my antivirus again.. then we'll see what it pops up for me,,, lol!
    I do appreciate all this information and help!
  5. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Reinstall your AV program as soon as possible.
    I can see two AV programs on your system.
    If AVG is what you want to install you have to remove Norton using this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    =============================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\URLSearchHook: - No CLSID value found
      O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
      O2 - BHO: (FreeWorkz Games) - {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Users\Hitman\AppData\Local\FreeWorkz\FreeWorkzIE.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
      [2012/09/06 03:04:35 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  6. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    Here's the results of the OtL SCAN... I had to do it a little differently, as internet eplorer kept closing for some reason! I can't keep a web page up...

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1ECD019-8423-43de-98D1-7892AF2DA309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1ECD019-8423-43de-98D1-7892AF2DA309}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    C:\FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U folder moved successfully.
    C:\FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L folder moved successfully.
    C:\FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
  7. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

  8. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    Results of screen317's Security Check version 0.99.50
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Internet Security 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.3.300.271 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    FSS
    Farbar Service Scanner Version: 06-08-2012
    Ran by Hitman (administrator) on 12-09-2012 at 16:28:01
    Running from "C:\Users\Hitman\Desktop"
    Microsoft Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-03-08 20:54] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-11 19:48] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 23:39] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
  9. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    # AdwCleaner v2.001 - Logfile created 09/12/2012 at 16:30:10
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Hitman - HITMAN-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Hitman\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****
    Found : Browser Manager
    ***** [Files / Folders] *****
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\user.js
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\Funmoods
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\blekko toolbars
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\Browser Manager
    Folder Found : C:\ProgramData\IBUpdaterService
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\ProgramData\WeCareReminder
    Folder Found : C:\Users\Hitman\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Hitman\AppData\Local\Conduit
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    Folder Found : C:\Users\Hitman\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Hitman\AppData\LocalLow\BabylonToolbar
    Folder Found : C:\Users\Hitman\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Hitman\AppData\LocalLow\Funmoods
    Folder Found : C:\Users\Hitman\AppData\LocalLow\searchquband
    Folder Found : C:\Users\Hitman\AppData\Roaming\Babylon
    Folder Found : C:\Users\Hitman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Found : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\extensions\ffxtlbr@babylon.com
    Folder Found : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\extensions\specialsavings@superfish.com
    Folder Found : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\extensions\staged
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\I Want This
    Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\bProtector
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Funmoods
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\wecarereminder
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\bProtector
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Funmoods
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v12.0 (en-US)
    Profile name : default
    File : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\prefs.js
    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_s[...]
    Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
    Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_s[...]
    Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babs[...]
    Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_[...]
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_s[...]
    -\\ Google Chrome v21.0.1180.89
    File : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.1] : homepage ={"backup":{"_signature":"kuySR84c9oI2LBxpRDNWnRIWPLAaNKhP5sFLG/Ceym0=","_version":2,"browser":{"show_home_button":false},"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","dhkplhfnhceodhffomolpfigojocbpcb","fdloijijlkoblmigdofommgnheckmaki","ippkomaaonokjnfjoikaemidanojkfmm","jmfkcklnlgedgbglfkkgedjfmejoahla","mpfapcdfbbledbojijcbcclmlieaoogk","pjkljhegncpnkpknbcohdijeoejaedia"]},"hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=HP_ss&mntrId=eebd28f90000000000001c659d04fb3e","homepage_is_newtabpage":false,"session":{"restore_on_startup":5}},"browser":{"window_placement":{"bottom":718,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":728,"work_area_left":0,"work_area_right":1366,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"distribution":{"make_chrome_default_for_user":true},"dns_prefetching":{"host_referral_list":[2,["hxxp://d3m5drat5m0ays.cloudfront.net/",["hxxp://www.textsrv.com/",3.1902134496120]],["hxxp://search.babylon.com/",["hxxp://acx.babsrv.com/",3.594660999999999,"hxxp://d15gt9gwxw5wu0.cloudfront.net/",1.510422549821534,"hxxp://d3m5drat5m0ays.cloudfront.net/",2.617918092179347,"hxxp://search.babylon.com/",2.253509353589894,"hxxp://www.google-analytics.com/",1.868224884410987]],["hxxp://www.google.cl/",["hxxp://d15gt9gwxw5wu0.cloudfront.net/",2.27338020,"hxxp://d3m5drat5m0ays.cloudfront.net/",3.594660999999999,"hxxp://ssl.gstatic.com/",2.60370040,"hxxp://www.google.cl/",3.594660999999999]]],"startup_list":[1,"hxxp://addon.greetingmoods.com/","hxxp://cdn.montiera.com/","hxxp://cdn.we-care.com/","hxxp://d.servedtoyou.com/","hxxp://d15gt9gwxw5wu0.cloudfront.net/","hxxp://d3m5drat5m0ays.cloudfront.net/","hxxp://plugin.we-care.com/","hxxp://search.babylon.com/","hxxp://www.google-analytics.com/","hxxps://ssl.google-analytics.com/"]},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"12982011100325753"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://dhkplhfnhceodhffomolpfigojocbpcb/redirect.html"]},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"app_launcher_ordinal":"t","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":false,"install_time":"12982010589167674","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2_0","state":1},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"x","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":false,"install_time":"12982010600624921","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/?source=search_app"},"urls":["*://www.google.com/?source=search_app","*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.14"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.14_0","state":1},"dhkplhfnhceodhffomolpfigojocbpcb":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["hxxp://*/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010587797623","location":3,"manifest":{"background_page":"bg.html","browser_action":{"default_icon":"browser_icon_babylon48.png","default_title":"Babylon Toolbar"},"chrome_url_overrides":{"newtab":"redirect.html"},"content_scripts":[{"all_frames":true,"js":["cs.js"],"matches":["hxxp://*/*"]}],"description":"Babylon ToolBar","icons":{"128":"babylon48.png","48":"babylon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMHVuwST42pNWw6lNOUuLbpo+vO7TrD5Bp1HGFnjF/Z77GdGdkv0qeHtBHZdGcuTIzwsMoooA2yuKA9Xxs5WHpAUItq2L51IxrkzvdbomCdmVg+D95Yw2T6y86pM/ftZAoo1vqoTjWAl6oqLga1tfugMZ0q46tv8GwwDZMnYNEfQIDAQAB","name":"Babylon Toolbar","permissions":["tabs","hxxp://*/"],"plugins":[{"path":"BabylonChromeToolBar.dll","public":true}],"update_url":"hxxp://img.babylon.com/ext/chrome/update/update1.xml","version":"1.5"},"path":"dhkplhfnhceodhffomolpfigojocbpcb\\1.5_0","state":1},"fdloijijlkoblmigdofommgnheckmaki":{"ack_external":true,"active_permissions":{"api":["cookies","tabs"],"explicit_host":["hxxp://*.facebook.com/*","hxxp://*/*","hxxps://*.facebook.com/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010593244921","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"img/16.png","default_popup":"dropdown.html","default_title":"Post smileys to your wall!!!"},"description":"Enhance your facebook chat with smileys, emoticons, winks and much more...","icons":{"128":"img/128.png","16":"img/16.png","32":"img/32.png","48":"img/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4I2p+i3JuCwAiIsZ2ghWhEdSXVJO/OJazNk+bbGezy6ddEd+4eUpcmg8/x0akFoMlh/uPVNRMdXJ9siZSNrvbCHZ+qWNdtSGPU5SNW8YiZbiwRXTtRou6CX7nCVtQH1ZH9NPsE6BwMvuc1OW0oNIOmubTo+jV6rW+R3gJl+db0wIDAQAB","name":"Funmoods","permissions":["tabs","cookies","hxxp://*/*","hxxp://*.facebook.com/","hxxps://*.facebook.com/","hxxp://addon.greetingmoods.com"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"1.5.1"},"path":"fdloijijlkoblmigdofommgnheckmaki\\1.5.1_0","state":1},"ippkomaaonokjnfjoikaemidanojkfmm":{"ack_external":true,"active_permissions":{"api":["tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["<all_urls>"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010592521749","location":3,"manifest":{"background_page":"bg.html","content_scripts":[{"js":["jquery-1.7.1.min.js","slider.js"],"matches":["<all_urls>"],"run_at":"document_end"}],"description":"Turn purchases from your favorite online merchants into donations to your nonprofit, school, or association -- at no cost to you.","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgJYoH/aPXuci2cfTkwbzmd27xX08mA5SZfRQJOe+HxzblhJfwH5vrA+KYqYVN5sR8KENhYOfSJF9wjL0VSGt6quOxfR9ol/8SgEEjGcnmMC+IW536YkAL0PyGuQZjKnXNobzcj/Gf65ent8dA3n5G1E9oYIpRRiXX77f+j7m0vQIDAQAB","name":"We-Care Reminder","permissions":["tabs","hxxp://*/*","hxxps://*/*","webRequest","webRequestBlocking","webNavigation"],"update_url":"hxxp://plugin.we-care.com/chrome-updates.xml","version":"1.0.0.24"},"path":"ippkomaaonokjnfjoikaemidanojkfmm\\1.0.0.24_0","state":1},"jmfkcklnlgedgbglfkkgedjfmejoahla":{"ack_external":true,"active_permissions":{"api":["plugin"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010603849525","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["content/jquery-1.4.4.min.js","content/avgls-inline.js","content/searchengine.js","content/searchshield.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"}],"description":"Securing your clicks.","format_version":1,"icons":{"128":"content/Icons/128x128.png","16":"content/Icons/16x16.png","48":"content/Icons/48x48.png","64":"content/Icons/64x64.png"},"id":"881AC4EF96904f5fA0B49048C377CD59E8A84102","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB","minimum_chrome_version":"9","name":"AVG Safe Search","plugins":[{"path":"plugins/avgnpss.dll","public":true}],"version":"12.0.0.1901"},"path":"jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0","state":1},"mpfapcdfbbledbojijcbcclmlieaoogk":{"ack_external":true,"active_permissions":{"api":["contextMenus","cookies","notifications","tabs","unlimitedStorage","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010594380921","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["js/lib/util.js","js/api/cookie.js","js/api/push.js","js/api/chrome.js","js/api/message.js","js/lib/async_api.js","js/lib/app_api.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"crossrider":{"InstallationThankYouPage":true,"InstallerParams":{"source_id":"14351","sub_id":"default","uzid":"14351&subid=&pid=1086"},"appID":2258,"background_script":"background.js","debug":false,"user_script":"extension.js"},"description":"I Want This!","icons":{"128":"/icons/icon128.png","16":"/icons/icon16.png","48":"/icons/icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDilguE5aMgqRCdmN63+ufcvoATtMjQwkg82gm7Kk+rEOrMMWpZLZhUqq/04ftn7wxYtLrV+Sn4727C0eS345rxaLfp1vimQ4xTKxsP8eDF9DpZNEPtBLTIYY0PQuuVb7tDfDmQ6JmZe2ncfgtL9IXFbMs/V9CorgjYvIxPMvj7ZQIDAQAB","name":"I Want This","permissions":["hxxp://*/*","hxxps://*/*","tabs","cookies","notifications","contextMenus","webRequest","webRequestBlocking","unlimitedStorage"],"update_url":"hxxps://crossrider.cotssl.net/plugin/chrome/update/2258.xml","version":"1.17.43"},"path":"mpfapcdfbbledbojijcbcclmlieaoogk\\1.17.43_0","state":1},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"w","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":false,"install_time":"12982010598462921","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png","24":"24.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"6.1.3"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\6.1.3_0","state":1}},"toolbar":["dhkplhfnhceodhffomolpfigojocbpcb","fdloijijlkoblmigdofommgnheckmaki"],"toolbarsize":-1},"hxxp://www.google.com/","homepage_is_newtabpage":false,"net":{"hxxp_server_properties":{"ssl.google-analytics.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true}}},"ntp":{"promo_resource_cache_update":"1337536837.22267"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46\\gcswf32.dll","version":"11,2,202,235"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Babylon ToolBar","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dhkplhfnhceodhffomolpfigojocbpcb\\1.5_0\\BabylonChromeToolBar.dll","version":"1, 0, 0, 0"},{"enabled":true,"name":"Babylon ToolBar"},{"enabled":true,"name":"AVG Internet Security","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0\\plugins/avgnpss.dll","version":"12.0.0.1901"},{"enabled":true,"name":"AVG Internet Security"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll","version":"9.5.0.270"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Exent® AOD Gecko Plugin","path":"C:\\Program Files (x86)\\Free Ride Games\\npExentCtl.dll","version":"07.00.00.03"},{"enabled":true,"name":"Exent® AOD Gecko Plugin"},{"enabled":true,"name":"Java(TM) Platform SE 6 U31","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Bing Bar","path":"C:\\Program Files (x86)\\MSN Toolbar\\Platform\\5.0.1438.0\\npwinext.dll","version":"5.0.1438.0"},{"enabled":true,"name":"Bing Bar"},{"enabled":true,"name":"Windows Live® Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"14.0.8117.0416_ship.wlx.w3m3 (ship)"},{"enabled":true,"name":"Windows Live® Photo Gallery"},{"enabled":true,"name":"Facebook Video Calling Plugin","path":"C:\\Users\\Hitman\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll","version":"1.2.0.159"},{"enabled":true,"name":"Facebook Video Calling Plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll","version":"1.3.21.111"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw.dll","version":"11.5.7r609"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.50401.0\\npctrl.dll","version":"4.0.50401.0"},{"enabled":true,"name":"Silverlight"}]},"profile":{"avatar_index":0,"content_settings":{"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"name":"First user"},"sync":{"suppress_start":false},"sync_promo":{"startup_count":3,"view_count":2},"translate_accepted_count":{"es":1},"translate_denied_count":{"es":0}}
    *************************
    AdwCleaner[R1].txt - [30573 octets] - [12/09/2012 16:30:10]
    ########## EOF - C:\AdwCleaner[R1].txt - [30634 octets] ##########
  10. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

  11. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

     
  12. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    As far as the internet explorer, I click it open and I get a message.. " a problem with the webpage caused internet explorer to close and reopen the tab" Ugh!
  13. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Open IE, go Tools>Internet options>Advanced tab and click on "Reset" button.
    Restart IE.

    I still need Eset scan log.
  14. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    Do I have to have "remove found threats" checked? on eset?
  15. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    I had to do it on google chrome, as my IE won't stay open... that's why I haven't done it yet..but I am ready..
  16. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    As my instructions say.
  17. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    I'm sorry, I read your instructions.. I checked to scan archives, like you instructed.. The remove threats was already checked.. that's why I asked..
  18. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    If I didn't say anything about unchecking "remove threats" that means it stays as it is.
     
  19. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    I should've known..sorry for the dumb question.. :)
  20. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    No problem :)
  21. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    The scanners been running for almost 2 hrs now, 47% done.. 15 threats found. going to have to go to bed, and I'll post the results tomorrow. Thanks again for the help!
  22. Broni

    Broni Malware Annihilator Posts: 46,169   +251

  23. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    C:\Downloads\gkc5yWin32/InstallBrain applicationcleaned by deleting - quarantined
    C:\Downloads\Software\SoftonicDownloader_for_call-of-duty-4.exea variant of Win32/SoftonicDownloader.D applicationcleaned by deleting - quarantined
    C:\Downloads\Software\video_downloader(1).exea variant of Win32/InstallCore.T applicationcleaned by deleting - quarantined
    C:\Downloads\Software\video_downloader(2).exea variant of Win32/InstallCore.T applicationcleaned by deleting - quarantined
    C:\Downloads\Software\video_downloader.exea variant of Win32/InstallCore.T applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exea variant of Win32/SpeedingUpMyPC applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exeWin32/InstallBrain applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_342\uninstall.exea variant of Win32/InstallBrain.B applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_343\uninstall.exea variant of Win32/InstallBrain.B applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_358\uninstall.exeWin32/InstallBrain applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exea variant of Win32/InstallBrain.B applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_532\uninstall.exeWin32/InstallBrain applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_568\uninstall.exeWin32/InstallBrain applicationcleaned by deleting - quarantined
    C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exea variant of Win32/InstallBrain.B applicationcleaned by deleting - quarantined
    C:\Users\Hitman\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@freeworkz.com\components\FreeWorkzFirefox.dlla variant of Win32/Adware.Gamevance.CS applicationcleaned by deleting - quarantined
    C:\Windows\System32\sysprep\CRYPTSP.dll_a variant of Win32/Kryptik.ALII trojancleaned by deleting - quarantined
    C:\_OTL\MovedFiles\09122012_154546\C_FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantined
    C:\_OTL\MovedFiles\09122012_154546\C_FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantined
    C:\_OTL\MovedFiles\09122012_154546\C_FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantined
    C:\_OTL\MovedFiles\09122012_154546\C_FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@Win64/Sirefef.AP trojancleaned by deleting - quarantined
    C:\_OTL\MovedFiles\09122012_154546\C_FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@Win32/Sirefef.FD trojancleaned by deleting - quarantined
    C:\_OTL\MovedFiles\09122012_154546\C_FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@Win64/Sirefef.AN trojancleaned by deleting - quarantined
  24. djhitman

    djhitman TechSpot Member Topic Starter Posts: 52

    Do I delete quarantined files from eset before I close program?
  25. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Yes you can.

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ======================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =======================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =======================================

    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ======================================

    We have one corrupted registry key affecting Windows firewall.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Download Seven.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip the file.
    You'll find several files inside.
    Double click on mpssvc.reg file and confirm the prompt.
    Restart computer.
    Post new FSS log.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.