also @ TechSpot: AMD A4-5000 Review: Kabini, the affordable ultraportable APU

GAC_64 desktop.ini and Win:64.a(?) infection

Discussion in 'Virus and Malware Removal' started by djhitman, Sep 5, 2012.

Post New Reply
Page 2 of 3

  1. djhitman TechSpot Member Posts: 52

    Yes, I did both steps.. Those files show up in windows explorer, just not when I have to browse from the site.
    djhitman, Sep 10, 2012
    #21

  2. Broni Malware Annihilator Posts: 39,375   +177

    Copy the file to to your desktop and upload it from there.
    Broni, Sep 10, 2012
    #22

  3. djhitman TechSpot Member Posts: 52

    [IMG]
    SHA256: 0261683c6dc2706dce491a1cdc954ac9c9e649376ec30760bb4e225e18dc5273
    SHA1: 954d59eaeadc36cb19a224a5dddfa1edcfdc49ce
    MD5: 02062c0b390b7729edc9e69c680a6f3c
    File size: 23.6 KB ( 24128 bytes )
    File name: atapi.sys
    File type: unknown
    Detection ratio: 0 / 41
    Analysis date: 2012-09-11 19:46:18 UTC ( 0 minutes ago )
    [IMG]
    0

    0

    More details
    AntivirusResultUpdate
    AhnLab-V3 - 20120910
    AntiVir - 20120910
    Antiy-AVL - 20120910
    Avast - 20120910
    AVG - 20120910
    BitDefender - 20120910
    ByteHero - 20120907
    CAT-QuickHeal - 20120910
    ClamAV - 20120910
    Commtouch - 20120909
    Comodo - 20120910
    DrWeb - 20120910
    Emsisoft - 20120910
    eSafe - 20120907
    ESET-NOD32 - 20120910
    F-Prot - 20120909
    F-Secure - 20120910
    Fortinet - 20120830
    GData - 20120910
    Ikarus - 20120910
    Jiangmin - 20120910
    K7AntiVirus - 20120907
    Kaspersky - 20120910
    McAfee - 20120910
    McAfee-GW-Edition - 20120910
    Microsoft - 20120910
    Norman - 20120909
    nProtect - 20120910
    Panda - 20120910
    Rising - 20120910
    Sophos - 20120910
    SUPERAntiSpyware - 20120910
    Symantec - 20120910
    TheHacker - 20120910
    TotalDefense - 20120910
    TrendMicro - 20120910
    TrendMicro-HouseCall - 20120910
    VBA32 - 20120910
    VIPRE - 20120910
    ViRobot - 20120910
    VirusBuster - 20120910
    djhitman, Sep 11, 2012
    #23

  4. Broni Malware Annihilator Posts: 39,375   +177

    Very well.
    It looks like Combofix was wrong.

    How is computer doing?

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
    Broni, Sep 11, 2012
    #24

  5. djhitman TechSpot Member Posts: 52

    OTL logfile created on: 9/11/2012 8:23:36 PM - Run 2
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Hitman\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 43.71% Memory free
    3.87 Gb Paging File | 2.59 Gb Available in Paging File | 66.89% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 216.44 Gb Total Space | 163.46 Gb Free Space | 75.52% Space Free | Partition Type: NTFS
    Drive D: | 16.14 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
    Drive F: | 3.76 Gb Total Space | 3.22 Gb Free Space | 85.65% Space Free | Partition Type: FAT32

    Computer Name: HITMAN-HP | User Name: Hitman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/11 20:10:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Hitman\Desktop\OTL.exe
    PRC - [2012/09/03 23:18:53 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    PRC - [2012/08/26 13:01:45 | 001,695,776 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe
    PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2010/11/02 00:34:33 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
    PRC - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
    PRC - [2010/04/13 23:13:52 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
    PRC - [2006/06/21 13:14:50 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/26 13:01:45 | 002,046,496 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.dll
    MOD - [2012/08/26 13:01:45 | 001,695,776 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe
    MOD - [2006/06/21 13:14:50 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2010/06/18 19:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2010/04/19 21:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
    SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/09/03 23:18:53 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
    SRV - [2012/08/26 13:01:45 | 001,695,776 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.exe -- (Browser Manager)
    SRV - [2012/08/15 16:25:04 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Start_Pending] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/04/20 21:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/05/21 04:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/03 23:18:56 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/07/20 22:04:51 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/22 21:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/02/04 23:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{8FD99F57-AC6B-4458-B491-9B90252659DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{A54EC669-549C-4465-83AD-8010043F618D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{B8E26E4F-704C-45BD-86E0-5E73DF87830B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{FF083B22-79EE-41DE-ABC4-39C6B961DF19}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{8FD99F57-AC6B-4458-B491-9B90252659DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{A54EC669-549C-4465-83AD-8010043F618D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{B8E26E4F-704C-45BD-86E0-5E73DF87830B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE - HKLM\..\SearchScopes\{FF083B22-79EE-41DE-ABC4-39C6B961DF19}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes,DefaultScope = {45B8B8C8-FF91-400B-B28C-B7FDA1A8269D}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=eebd28f90000000000001c659d04fb3e
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/ble...120520D7CE4FC6B8BCC4AECA7D503C&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{45B8B8C8-FF91-400B-B28C-B7FDA1A8269D}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{8FD99F57-AC6B-4458-B491-9B90252659DD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...2f7094a6156&lang=en&ds=AVG&pr=pr&d=2012-06-19 07:41:52&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{A54EC669-549C-4465-83AD-8010043F618D}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{B8E26E4F-704C-45BD-86E0-5E73DF87830B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{D7A16101-E9C7-4369-BC7B-A9030ED8C0CB}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms}
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\SearchScopes\{FF083B22-79EE-41DE-ABC4-39C6B961DF19}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11..._ss&mntrId=eebd28f90000000000001c659d04fb3e&q="
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11..._ss&mntrId=eebd28f90000000000001c659d04fb3e&q="
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=11...HP_ss&mntrId=eebd28f90000000000001c659d04fb3e"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=11..._ss&mntrId=eebd28f90000000000001c659d04fb3e&q="
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnI=I'm Feeling Lucky&ie=UTF-8&oe=UTF-8&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Hitman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hitman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hitman\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\Firefox [2010/08/17 04:56:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/17 04:56:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_12_1
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/15 16:19:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/05 11:22:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/08/15 16:19:18 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles/zly12i6x.default\extensions\specialsavings@superfish.com [2012/08/26 12:29:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/08/26 13:01:45 | 000,000,000 | ---D | M]

    [2012/05/19 14:54:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Extensions
    [2012/09/03 22:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions
    [2012/09/03 22:21:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be}
    [2012/08/26 12:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\ffxtlbr@babylon.com
    [2012/08/26 12:29:45 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\specialsavings@superfish.com
    [2012/08/26 12:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\Extensions\staged
    [2012/06/05 11:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7\
    [2012/04/20 21:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/03 23:18:37 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/08/26 12:30:37 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/04/20 21:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 21:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    djhitman, Sep 11, 2012
    #25

  6. djhitman TechSpot Member Posts: 52

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.24_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.43_0\
    CHR - Extension: No name found = C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/09/09 20:41:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (FreeWorkz Games) - {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Users\Hitman\AppData\Local\FreeWorkz\FreeWorkzIE.dll File not found
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
    O4 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002..\Run: [Facebook Update] C:\Users\Hitman\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9980562D-1032-44AB-A486-681219EA5379}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\22580~1.182\{16CDF~1\brwmngr.dll) - c:\ProgramData\Browser Manager\2.2.580.182\{16cdff19-861d-48e3-a751-d99a27784753}\brwmngr.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/11 20:10:02 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Hitman\Desktop\OTL.exe
    [2012/09/11 15:45:29 | 000,024,128 | ---- | C] (Microsoft Corporation) -- C:\Users\Hitman\Desktop\atapi.sys
    [2012/09/09 20:41:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/09 20:40:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/09 20:27:05 | 000,000,000 | ---D | C] -- C:\Users\Hitman\Desktop\rkill
    [2012/09/09 20:23:31 | 001,629,088 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Hitman\Desktop\iExplore.exe
    [2012/09/09 20:22:13 | 004,747,716 | R--- | C] (Swearware) -- C:\Users\Hitman\Desktop\Dave_Starr.exe
    [2012/09/08 13:17:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/08 13:17:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/08 13:17:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/08 13:17:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/08 13:16:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/08 12:52:57 | 010,901,120 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Hitman\Desktop\AppRemover.exe
    [2012/09/06 03:04:35 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/05 19:35:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hitman\Desktop\dds.com
    [2012/09/03 23:18:56 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/03 22:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blekkotb_soc
    [2012/09/03 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\Malwarebytes
    [2012/09/03 20:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/03 20:48:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/03 20:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/03 20:48:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/03 14:58:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
    [2012/09/03 14:58:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
    [2012/09/03 11:28:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/09/03 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\781287A802B36D01D0823CC64F147CE7
    [2012/08/26 13:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2012/08/26 13:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
    [2012/08/26 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/08/26 13:01:57 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Local\Conduit
    [2012/08/26 13:01:49 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    [2012/08/26 13:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
    [2012/08/26 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\PerformerSoft
    [2012/08/26 12:29:57 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
    [2012/08/26 12:29:38 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PCPerformer
    [2012/08/17 03:03:08 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/08/17 03:03:08 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/08/17 03:03:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/08/17 03:03:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/08/17 03:03:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/08/17 03:03:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/08/17 03:03:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/08/17 03:03:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/08/17 03:03:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/08/17 03:03:02 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/08/17 03:03:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/08/17 03:02:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/08/17 03:02:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/08/15 16:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
    [2012/08/15 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\HP
    [2012/08/15 16:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    [2012/08/15 16:20:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    [2012/08/15 16:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\HpUpdate
    [2012/08/15 16:06:14 | 000,000,000 | ---D | C] -- C:\Users\Hitman\AppData\Roaming\SUPERAntiSpyware.com
    [2012/08/15 16:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/08/15 16:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/08/15 16:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/08/15 16:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
    [2012/08/15 15:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
    [2012/08/15 15:59:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
    [2012/08/15 15:57:59 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l70v.dll
    [2012/08/15 15:56:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/08/15 15:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2012/08/15 15:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/08/15 15:46:04 | 001,403,904 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p02c.dll
    [2012/08/15 15:46:04 | 000,880,640 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p02c.dll
    [2012/08/15 15:46:04 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
    [2012/08/15 15:46:04 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
    [2012/08/15 15:46:03 | 000,515,072 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p02a.dll
    [2012/08/14 22:29:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
    [2012/08/14 22:29:30 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2012/08/14 22:29:30 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2012/08/14 22:26:06 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2012/08/14 22:25:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
    [2012/08/14 22:25:15 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
    [2012/08/14 22:25:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
    [2012/08/14 22:24:25 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/09/11 20:24:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/11 20:20:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    [2012/09/11 20:10:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Hitman\Desktop\OTL.exe
    [2012/09/11 18:57:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002UA.job
    [2012/09/11 13:20:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    [2012/09/10 21:57:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3215210023-636172019-1926784146-1002Core.job
    [2012/09/09 23:24:03 | 000,165,376 | ---- | M] () -- C:\Users\Hitman\Desktop\SystemLook_x64.exe
    [2012/09/09 20:51:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/09 20:51:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/09 20:41:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/09/09 20:40:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/09 20:40:41 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/09 20:23:31 | 001,629,088 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Hitman\Desktop\iExplore.exe
    [2012/09/09 20:22:14 | 004,747,716 | R--- | M] (Swearware) -- C:\Users\Hitman\Desktop\Dave_Starr.exe
    [2012/09/08 12:52:57 | 010,901,120 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Hitman\Desktop\AppRemover.exe
    [2012/09/08 12:46:45 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHitman.job
    [2012/09/08 12:41:47 | 079,998,836 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm.prepare
    [2012/09/05 23:15:54 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/05 23:15:54 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/05 23:15:54 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/05 19:35:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Hitman\Desktop\dds.com
    [2012/09/05 16:20:00 | 000,302,592 | ---- | M] () -- C:\Users\Hitman\Desktop\67x870q6.exe
    [2012/09/03 23:18:56 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/09/03 20:48:12 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/26 13:02:01 | 000,000,009 | ---- | M] () -- C:\END
    [2012/08/26 12:59:14 | 000,000,336 | ---- | M] () -- C:\Windows\game.ini
    [2012/08/26 12:30:50 | 000,001,893 | ---- | M] () -- C:\user.js
    [2012/08/17 03:27:24 | 000,286,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/08/16 19:47:02 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/08/15 16:31:37 | 000,208,080 | ---- | M] () -- C:\Windows\hpoins43.dat
    [2012/08/15 16:25:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/15 16:25:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/08/15 16:18:42 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    [2012/08/15 16:05:58 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/08/15 16:00:29 | 000,208,347 | ---- | M] () -- C:\Windows\hpoins43.dat.temp
    [2012/08/15 16:00:05 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/08/15 15:59:42 | 000,002,059 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

    ========== Files Created - No Company Name ==========

    [2012/09/09 23:24:03 | 000,165,376 | ---- | C] () -- C:\Users\Hitman\Desktop\SystemLook_x64.exe
    [2012/09/08 13:17:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/08 13:17:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/08 13:17:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/08 13:17:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/08 13:17:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/05 16:19:59 | 000,302,592 | ---- | C] () -- C:\Users\Hitman\Desktop\67x870q6.exe
    [2012/09/03 20:48:12 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/26 13:02:01 | 000,000,009 | ---- | C] () -- C:\END
    [2012/08/26 12:59:14 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
    [2012/08/15 16:18:41 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Shop for HP Supplies.lnk
    [2012/08/15 16:15:40 | 000,208,347 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
    [2012/08/15 16:15:40 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
    [2012/08/15 16:05:58 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/08/15 16:00:05 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/08/15 15:59:42 | 000,002,059 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2012/08/15 15:55:27 | 000,208,080 | ---- | C] () -- C:\Windows\hpoins43.dat
    [2012/08/15 15:55:27 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
    [2012/05/19 20:26:45 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/05/11 19:38:40 | 000,066,832 | ---- | C] () -- C:\Users\Hitman\AppData\Roaming\UserTile.png
    [2011/10/14 20:37:09 | 000,007,602 | ---- | C] () -- C:\Users\Hitman\AppData\Local\Resmon.ResmonCfg

    ========== Files - Unicode (All) ==========
    [2012/09/08 13:05:21 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?%) -- C:\Windows\SysNative\륀%
    [2012/09/08 13:05:21 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?%) -- C:\Windows\SysNative\륀%
    [2012/06/19 07:45:06 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?¾) -- C:\Windows\SysNative\륀¾
    [2012/06/19 07:45:06 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?¾) -- C:\Windows\SysNative\륀¾
    [2012/04/05 13:07:18 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?À) -- C:\Windows\SysNative\륀À
    [2012/04/05 13:07:18 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?À) -- C:\Windows\SysNative\륀À
    < End of report >
    djhitman, Sep 11, 2012
    #26
     

  7. djhitman TechSpot Member Posts: 52

    OTL Extras logfile created on: 9/11/2012 8:11:06 PM - Run 1
    OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\Hitman\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.22% Memory free
    3.87 Gb Paging File | 2.62 Gb Available in Paging File | 67.76% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 216.44 Gb Total Space | 163.46 Gb Free Space | 75.52% Space Free | Partition Type: NTFS
    Drive D: | 16.14 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS
    Drive F: | 3.76 Gb Total Space | 3.22 Gb Free Space | 85.65% Space Free | Partition Type: FAT32

    Computer Name: HITMAN-HP | User Name: Hitman | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{F3D7AC17-1FF4-41A8-BB18-3FC39C65AEB9}" = RtVOsd
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Shop for HP Supplies" = Shop for HP Supplies
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{222A544B-E6B7-496F-B4D7-6FE74FF0E616}" = Bing Bar Platform
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2E510276-F614-4AC5-9ACC-465735484A4F}" = Show Presenter
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5E4B86E5-CD0E-4D3D-BE21-45A30326850A}" = Microsoft Search Enhancement Pack
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
    "{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
    "{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
    "{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "HP Photo Creations" = HP Photo Creations
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NIS" = Norton Internet Security
    "PC Speed Maximizer_is1" = PC Speed Maximizer v3.0
    "WildTangent hp Master Uninstall" = HP Games
    "WildTangent wildgames Master Uninstall" = WildTangent Games
    "Winamp" = Winamp (remove only)
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087335" = Build-a-lot 2
    "WT087342" = Dora's Carnival Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087373" = Jewel Quest 3
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087513" = Virtual Villagers - The Secret City
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WTA-3b06dc08-b771-41c9-8b6f-5bcd4ea2c454" = RollerCoaster Tycoon 3: Platinum

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/27/2012 7:59:52 PM | Computer Name = Hitman-HP | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 8/27/2012 8:26:05 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: ntdll.dll, version: 6.1.7600.16915,
    time stamp: 0x4ec49d10 Exception code: 0xc0000005 Fault offset: 0x00038df9 Faulting
    process id: 0xed8 Faulting application start time: 0x01cd84ae3efc81e0 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: f3e4694e-f0a6-11e1-be07-60eb69299f4f

    Error - 8/28/2012 7:03:02 AM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: ntdll.dll, version: 6.1.7600.16915,
    time stamp: 0x4ec49d10 Exception code: 0xc0000005 Fault offset: 0x00038df9 Faulting
    process id: 0x17e0 Faulting application start time: 0x01cd850c964a08c5 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: eee0c0ee-f0ff-11e1-be07-60eb69299f4f

    Error - 8/28/2012 8:25:43 PM | Computer Name = Hitman-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 14dc Start
    Time: 01cd850cb16d85f3 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 8/28/2012 8:26:18 PM | Computer Name = Hitman-HP | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 8/28/2012 8:26:53 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: MSHTML.dll, version: 9.0.8112.16448,
    time stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x00439633 Faulting
    process id: 0x864 Faulting application start time: 0x01cd857ce8af0258 Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\MSHTML.dll Report Id: 3ab59590-f170-11e1-be07-60eb69299f4f

    Error - 8/28/2012 9:31:15 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: BabylonToolbarsrv.exe, version: 1.6.9.0,
    time stamp: 0x5035f49f Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x3d450001 Faulting process id:
    0x14b0 Faulting application start time: 0x01cd857cfd66f998 Faulting application path:
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarsrv.exe
    Faulting
    module path: unknown Report Id: 3902168a-f179-11e1-be07-60eb69299f4f

    Error - 8/28/2012 9:32:09 PM | Computer Name = Hitman-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
    time stamp: 0x4fecf1b7 Faulting module name: MSHTML.dll, version: 9.0.8112.16448,
    time stamp: 0x4fecfb0e Exception code: 0xc0000005 Fault offset: 0x00439633 Faulting
    process id: 0x1c74 Faulting application start time: 0x01cd8585f350906d Faulting application
    path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
    C:\Windows\system32\MSHTML.dll Report Id: 5931ff8e-f179-11e1-be07-60eb69299f4f

    Error - 8/29/2012 7:08:33 PM | Computer Name = Hitman-HP | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 8/29/2012 8:25:52 PM | Computer Name = Hitman-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16448 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 2310 Start
    Time: 01cd8645b257a534 Termination Time: 11170 Application Path: C:\Program Files
    (x86)\Internet Explorer\iexplore.exe Report Id:

    [ Hewlett-Packard Events ]
    Error - 8/3/2012 5:24:37 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/17/2012 10:34:34 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/24/2012 6:42:51 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/31/2012 8:22:26 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/31/2012 8:25:52 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 9/7/2012 5:48:59 PM | Computer Name = Hitman-HP | Source = HPSF.exe | ID = 4000
    Description =

    [ HP Wireless Assistant Events ]
    Error - 4/28/2012 4:16:47 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/24/2012 6:01:28 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 6/21/2012 5:54:17 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 6/28/2012 2:02:04 AM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 7/21/2012 9:03:00 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 7/31/2012 4:05:54 PM | Computer Name = Hitman-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
    at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
    hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
    radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
    at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 9/1/2012 11:36:36 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception HardwareAccess hasn't been instantiated properly.
    at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

    Error - 9/8/2012 1:54:04 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception SendDesktopNotification() failed : e_GENERAL_EXCEPTION

    Error - 9/8/2012 1:55:41 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception SendDesktopNotification() failed : e_GENERAL_EXCEPTION

    Error - 9/8/2012 2:25:55 PM | Computer Name = Hitman-HP | Source = HP WA Application | ID = 0
    Description = System.Exception SendDesktopNotification() failed : e_GENERAL_EXCEPTION

    [ System Events ]
    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.

    Error - 6/26/2012 10:16:17 PM | Computer Name = Hitman-HP | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume C:.


    < End of report >
    djhitman, Sep 11, 2012
    #27

  8. Broni Malware Annihilator Posts: 39,375   +177

    You didn't say:
    [IMG]
    Broni, Sep 11, 2012
    #28

  9. djhitman TechSpot Member Posts: 52

    Seems to be doing better, I still need to dl my antivirus again.. then we'll see what it pops up for me,,, lol!
    I do appreciate all this information and help!
    djhitman, Sep 11, 2012
    #29

  10. Broni Malware Annihilator Posts: 39,375   +177

    Reinstall your AV program as soon as possible.
    I can see two AV programs on your system.
    If AVG is what you want to install you have to remove Norton using this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    =============================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
IE - HKU\S-1-5-21-3215210023-636172019-1926784146-1002\..\URLSearchHook: - No CLSID value found
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (FreeWorkz Games) - {D1ECD019-8423-43de-98D1-7892AF2DA309} - C:\Users\Hitman\AppData\Local\FreeWorkz\FreeWorkzIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
[2012/09/06 03:04:35 | 000,000,000 | ---D | C] -- C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Sep 11, 2012
    #30

  11. djhitman TechSpot Member Posts: 52

    Here's the results of the OtL SCAN... I had to do it a little differently, as internet eplorer kept closing for some reason! I can't keep a web page up...

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1ECD019-8423-43de-98D1-7892AF2DA309}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1ECD019-8423-43de-98D1-7892AF2DA309}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
    C:\FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U folder moved successfully.
    C:\FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L folder moved successfully.
    C:\FRST\Quarantine\{02815385-b3dc-aa2c-a083-2e509dc82d52} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    djhitman, Sep 12, 2012
    #31

  12. djhitman TechSpot Member Posts: 52

    Dupe
    djhitman, Sep 12, 2012
    #32

  13. djhitman TechSpot Member Posts: 52

    Results of screen317's Security Check version 0.99.50
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Internet Security 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.3.300.271 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    FSS
    Farbar Service Scanner Version: 06-08-2012
    Ran by Hitman (administrator) on 12-09-2012 at 16:28:01
    Running from "C:\Users\Hitman\Desktop"
    Microsoft Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-03-08 20:54] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-11 19:48] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll
    [2012-06-13 23:39] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    djhitman, Sep 12, 2012
    #33

  14. djhitman TechSpot Member Posts: 52

    # AdwCleaner v2.001 - Logfile created 09/12/2012 at 16:30:10
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Hitman - HITMAN-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Hitman\Desktop\adwcleaner.exe
    # Option [Search]

    ***** [Services] *****
    Found : Browser Manager
    ***** [Files / Folders] *****
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\user.js
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\Funmoods
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\blekko toolbars
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\ProgramData\Browser Manager
    Folder Found : C:\ProgramData\IBUpdaterService
    Folder Found : C:\ProgramData\Tarma Installer
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\ProgramData\WeCareReminder
    Folder Found : C:\Users\Hitman\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Hitman\AppData\Local\Conduit
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Folder Found : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
    Folder Found : C:\Users\Hitman\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Hitman\AppData\LocalLow\BabylonToolbar
    Folder Found : C:\Users\Hitman\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Hitman\AppData\LocalLow\Funmoods
    Folder Found : C:\Users\Hitman\AppData\LocalLow\searchquband
    Folder Found : C:\Users\Hitman\AppData\Roaming\Babylon
    Folder Found : C:\Users\Hitman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Found : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\extensions\ffxtlbr@babylon.com
    Folder Found : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\extensions\specialsavings@superfish.com
    Folder Found : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\extensions\staged
    ***** [Registry] *****
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AppDataLow\Software\I Want This
    Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\bProtector
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Funmoods
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\wecarereminder
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\bProtector
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Funmoods
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-3215210023-636172019-1926784146-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v12.0 (en-US)
    Profile name : default
    File : C:\Users\Hitman\AppData\Roaming\Mozilla\Firefox\Profiles\zly12i6x.default\prefs.js
    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_s[...]
    Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
    Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_s[...]
    Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babs[...]
    Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_[...]
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=KW_s[...]
    -\\ Google Chrome v21.0.1180.89
    File : C:\Users\Hitman\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.1] : homepage ={"backup":{"_signature":"kuySR84c9oI2LBxpRDNWnRIWPLAaNKhP5sFLG/Ceym0=","_version":2,"browser":{"show_home_button":false},"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","dhkplhfnhceodhffomolpfigojocbpcb","fdloijijlkoblmigdofommgnheckmaki","ippkomaaonokjnfjoikaemidanojkfmm","jmfkcklnlgedgbglfkkgedjfmejoahla","mpfapcdfbbledbojijcbcclmlieaoogk","pjkljhegncpnkpknbcohdijeoejaedia"]},"hxxp://search.babylon.com/?affID=110396&tt=201208_mnt_n_3412_6&babsrc=HP_ss&mntrId=eebd28f90000000000001c659d04fb3e","homepage_is_newtabpage":false,"session":{"restore_on_startup":5}},"browser":{"window_placement":{"bottom":718,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":728,"work_area_left":0,"work_area_right":1366,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"distribution":{"make_chrome_default_for_user":true},"dns_prefetching":{"host_referral_list":[2,["hxxp://d3m5drat5m0ays.cloudfront.net/",["hxxp://www.textsrv.com/",3.1902134496120]],["hxxp://search.babylon.com/",["hxxp://acx.babsrv.com/",3.594660999999999,"hxxp://d15gt9gwxw5wu0.cloudfront.net/",1.510422549821534,"hxxp://d3m5drat5m0ays.cloudfront.net/",2.617918092179347,"hxxp://search.babylon.com/",2.253509353589894,"hxxp://www.google-analytics.com/",1.868224884410987]],["hxxp://www.google.cl/",["hxxp://d15gt9gwxw5wu0.cloudfront.net/",2.27338020,"hxxp://d3m5drat5m0ays.cloudfront.net/",3.594660999999999,"hxxp://ssl.gstatic.com/",2.60370040,"hxxp://www.google.cl/",3.594660999999999]]],"startup_list":[1,"hxxp://addon.greetingmoods.com/","hxxp://cdn.montiera.com/","hxxp://cdn.we-care.com/","hxxp://d.servedtoyou.com/","hxxp://d15gt9gwxw5wu0.cloudfront.net/","hxxp://d3m5drat5m0ays.cloudfront.net/","hxxp://plugin.we-care.com/","hxxp://search.babylon.com/","hxxp://www.google-analytics.com/","hxxps://ssl.google-analytics.com/"]},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"12982011100325753"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://dhkplhfnhceodhffomolpfigojocbpcb/redirect.html"]},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"app_launcher_ordinal":"t","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":false,"install_time":"12982010589167674","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2_0","state":1},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"x","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":false,"install_time":"12982010600624921","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/?source=search_app"},"urls":["*://www.google.com/?source=search_app","*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.14"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.14_0","state":1},"dhkplhfnhceodhffomolpfigojocbpcb":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["hxxp://*/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010587797623","location":3,"manifest":{"background_page":"bg.html","browser_action":{"default_icon":"browser_icon_babylon48.png","default_title":"Babylon Toolbar"},"chrome_url_overrides":{"newtab":"redirect.html"},"content_scripts":[{"all_frames":true,"js":["cs.js"],"matches":["hxxp://*/*"]}],"description":"Babylon ToolBar","icons":{"128":"babylon48.png","48":"babylon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMHVuwST42pNWw6lNOUuLbpo+vO7TrD5Bp1HGFnjF/Z77GdGdkv0qeHtBHZdGcuTIzwsMoooA2yuKA9Xxs5WHpAUItq2L51IxrkzvdbomCdmVg+D95Yw2T6y86pM/ftZAoo1vqoTjWAl6oqLga1tfugMZ0q46tv8GwwDZMnYNEfQIDAQAB","name":"Babylon Toolbar","permissions":["tabs","hxxp://*/"],"plugins":[{"path":"BabylonChromeToolBar.dll","public":true}],"update_url":"hxxp://img.babylon.com/ext/chrome/update/update1.xml","version":"1.5"},"path":"dhkplhfnhceodhffomolpfigojocbpcb\\1.5_0","state":1},"fdloijijlkoblmigdofommgnheckmaki":{"ack_external":true,"active_permissions":{"api":["cookies","tabs"],"explicit_host":["hxxp://*.facebook.com/*","hxxp://*/*","hxxps://*.facebook.com/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010593244921","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"img/16.png","default_popup":"dropdown.html","default_title":"Post smileys to your wall!!!"},"description":"Enhance your facebook chat with smileys, emoticons, winks and much more...","icons":{"128":"img/128.png","16":"img/16.png","32":"img/32.png","48":"img/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4I2p+i3JuCwAiIsZ2ghWhEdSXVJO/OJazNk+bbGezy6ddEd+4eUpcmg8/x0akFoMlh/uPVNRMdXJ9siZSNrvbCHZ+qWNdtSGPU5SNW8YiZbiwRXTtRou6CX7nCVtQH1ZH9NPsE6BwMvuc1OW0oNIOmubTo+jV6rW+R3gJl+db0wIDAQAB","name":"Funmoods","permissions":["tabs","cookies","hxxp://*/*","hxxp://*.facebook.com/","hxxps://*.facebook.com/","hxxp://addon.greetingmoods.com"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"1.5.1"},"path":"fdloijijlkoblmigdofommgnheckmaki\\1.5.1_0","state":1},"ippkomaaonokjnfjoikaemidanojkfmm":{"ack_external":true,"active_permissions":{"api":["tabs","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["<all_urls>"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010592521749","location":3,"manifest":{"background_page":"bg.html","content_scripts":[{"js":["jquery-1.7.1.min.js","slider.js"],"matches":["<all_urls>"],"run_at":"document_end"}],"description":"Turn purchases from your favorite online merchants into donations to your nonprofit, school, or association -- at no cost to you.","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDgJYoH/aPXuci2cfTkwbzmd27xX08mA5SZfRQJOe+HxzblhJfwH5vrA+KYqYVN5sR8KENhYOfSJF9wjL0VSGt6quOxfR9ol/8SgEEjGcnmMC+IW536YkAL0PyGuQZjKnXNobzcj/Gf65ent8dA3n5G1E9oYIpRRiXX77f+j7m0vQIDAQAB","name":"We-Care Reminder","permissions":["tabs","hxxp://*/*","hxxps://*/*","webRequest","webRequestBlocking","webNavigation"],"update_url":"hxxp://plugin.we-care.com/chrome-updates.xml","version":"1.0.0.24"},"path":"ippkomaaonokjnfjoikaemidanojkfmm\\1.0.0.24_0","state":1},"jmfkcklnlgedgbglfkkgedjfmejoahla":{"ack_external":true,"active_permissions":{"api":["plugin"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010603849525","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["content/jquery-1.4.4.min.js","content/avgls-inline.js","content/searchengine.js","content/searchshield.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"}],"description":"Securing your clicks.","format_version":1,"icons":{"128":"content/Icons/128x128.png","16":"content/Icons/16x16.png","48":"content/Icons/48x48.png","64":"content/Icons/64x64.png"},"id":"881AC4EF96904f5fA0B49048C377CD59E8A84102","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB","minimum_chrome_version":"9","name":"AVG Safe Search","plugins":[{"path":"plugins/avgnpss.dll","public":true}],"version":"12.0.0.1901"},"path":"jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0","state":1},"mpfapcdfbbledbojijcbcclmlieaoogk":{"ack_external":true,"active_permissions":{"api":["contextMenus","cookies","notifications","tabs","unlimitedStorage","webRequest","webRequestBlocking"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["experimental.extension.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12982010594380921","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["js/lib/util.js","js/api/cookie.js","js/api/push.js","js/api/chrome.js","js/api/message.js","js/lib/async_api.js","js/lib/app_api.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"crossrider":{"InstallationThankYouPage":true,"InstallerParams":{"source_id":"14351","sub_id":"default","uzid":"14351&subid=&pid=1086"},"appID":2258,"background_script":"background.js","debug":false,"user_script":"extension.js"},"description":"I Want This!","icons":{"128":"/icons/icon128.png","16":"/icons/icon16.png","48":"/icons/icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDilguE5aMgqRCdmN63+ufcvoATtMjQwkg82gm7Kk+rEOrMMWpZLZhUqq/04ftn7wxYtLrV+Sn4727C0eS345rxaLfp1vimQ4xTKxsP8eDF9DpZNEPtBLTIYY0PQuuVb7tDfDmQ6JmZe2ncfgtL9IXFbMs/V9CorgjYvIxPMvj7ZQIDAQAB","name":"I Want This","permissions":["hxxp://*/*","hxxps://*/*","tabs","cookies","notifications","contextMenus","webRequest","webRequestBlocking","unlimitedStorage"],"update_url":"hxxps://crossrider.cotssl.net/plugin/chrome/update/2258.xml","version":"1.17.43"},"path":"mpfapcdfbbledbojijcbcclmlieaoogk\\1.17.43_0","state":1},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"w","events":["experimental.extension.onInstalled"],"from_bookmark":true,"from_webstore":false,"install_time":"12982010598462921","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png","24":"24.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"6.1.3"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\6.1.3_0","state":1}},"toolbar":["dhkplhfnhceodhffomolpfigojocbpcb","fdloijijlkoblmigdofommgnheckmaki"],"toolbarsize":-1},"hxxp://www.google.com/","homepage_is_newtabpage":false,"net":{"hxxp_server_properties":{"ssl.google-analytics.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true}}},"ntp":{"promo_resource_cache_update":"1337536837.22267"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\Application\\19.0.1084.46\\gcswf32.dll","version":"11,2,202,235"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Babylon ToolBar","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dhkplhfnhceodhffomolpfigojocbpcb\\1.5_0\\BabylonChromeToolBar.dll","version":"1, 0, 0, 0"},{"enabled":true,"name":"Babylon ToolBar"},{"enabled":true,"name":"AVG Internet Security","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0\\plugins/avgnpss.dll","version":"12.0.0.1901"},{"enabled":true,"name":"AVG Internet Security"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll","version":"9.5.0.270"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Exent® AOD Gecko Plugin","path":"C:\\Program Files (x86)\\Free Ride Games\\npExentCtl.dll","version":"07.00.00.03"},{"enabled":true,"name":"Exent® AOD Gecko Plugin"},{"enabled":true,"name":"Java(TM) Platform SE 6 U31","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Bing Bar","path":"C:\\Program Files (x86)\\MSN Toolbar\\Platform\\5.0.1438.0\\npwinext.dll","version":"5.0.1438.0"},{"enabled":true,"name":"Bing Bar"},{"enabled":true,"name":"Windows Live® Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"14.0.8117.0416_ship.wlx.w3m3 (ship)"},{"enabled":true,"name":"Windows Live® Photo Gallery"},{"enabled":true,"name":"Facebook Video Calling Plugin","path":"C:\\Users\\Hitman\\AppData\\Local\\Facebook\\Video\\Skype\\npFacebookVideoCalling.dll","version":"1.2.0.159"},{"enabled":true,"name":"Facebook Video Calling Plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Users\\Hitman\\AppData\\Local\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll","version":"1.3.21.111"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw.dll","version":"11.5.7r609"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.50401.0\\npctrl.dll","version":"4.0.50401.0"},{"enabled":true,"name":"Silverlight"}]},"profile":{"avatar_index":0,"content_settings":{"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"name":"First user"},"sync":{"suppress_start":false},"sync_promo":{"startup_count":3,"view_count":2},"translate_accepted_count":{"es":1},"translate_denied_count":{"es":0}}
    *************************
    AdwCleaner[R1].txt - [30573 octets] - [12/09/2012 16:30:10]
    ########## EOF - C:\AdwCleaner[R1].txt - [30634 octets] ##########
    djhitman, Sep 12, 2012
    #34

  15. djhitman TechSpot Member Posts: 52

    Dupe..
    djhitman, Sep 12, 2012
    #35

  16. djhitman TechSpot Member Posts: 52

    Dupe
    djhitman, Sep 12, 2012
    #36

  17. djhitman TechSpot Member Posts: 52

    As far as the internet explorer, I click it open and I get a message.. " a problem with the webpage caused internet explorer to close and reopen the tab" Ugh!
    djhitman, Sep 12, 2012
    #37

  18. Broni Malware Annihilator Posts: 39,375   +177

    Open IE, go Tools>Internet options>Advanced tab and click on "Reset" button.
    Restart IE.

    I still need Eset scan log.
    Broni, Sep 12, 2012
    #38

  19. djhitman TechSpot Member Posts: 52

    Do I have to have "remove found threats" checked? on eset?
    djhitman, Sep 12, 2012
    #39

  20. djhitman TechSpot Member Posts: 52

    I had to do it on google chrome, as my IE won't stay open... that's why I haven't done it yet..but I am ready..
    djhitman, Sep 12, 2012
    #40
Page 2 of 3

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.