17 replies to this topic

[JJQ]

Hi

 

Information as requested ( I hope ! )

 

Many thanks

 

JJQ

 

Emergency Kit results

 

Emsisoft Emergency Kit - Version 3.0
Last update: 9/02/2013 3:08:57 PM

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\

Detect Riskware: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 9/02/2013 3:09:01 PM

Scanned 421169
Found 0

Scan end: 9/02/2013 3:46:15 PM
Scan time: 0:37:14

Attached Files

•  a2scan_130209-114557.txt   1.71K   6 downloads
•  Extras.Txt   72.76K   1 downloads
•  OTL.Txt   114.57K   3 downloads

[schrauber]

Hello, JJQ
Welcome to the Emsisoft Support Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:

• Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
• If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
• Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
• Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
• Please set your system to show all files.
  Click Start, open My Computer, select the Tools menu and click Folder Options.
  Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
  Uncheck: Hide file extensions for known file types
  Uncheck the Hide protected operating system files (recommended) option.
  Click Yes to confirm.

Next, download ComboFix Save to the Desktop

• Now, close all open windows
• Double-click combofix.exe to run the program
• Follow the prompts.
• If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
• When told that the RC is installed correctly, press YES to continue scanning for malware.
• ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
• CF may reboot the computer and resume running when it restarts.
• When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

[JJQ]

Hi Tom,

 

Hope this is correct !

 

Jenny

Attached Files

•  combifix log.txt   25.7K   1 downloads

[schrauber]

Hi Jenny,

 

yes that was correct. I see that this is the second run of Combofix. Please go to

 

C:\Qoobox\Combofix2.txt

 

and attach this logfile for my review

[JJQ]

Tom,

 

File as requested.

 

Thanks

Jenny

Attached Files

•  ComboFix2.txt   26.39K   1 downloads

[schrauber]

Hi Jenny

 

 

Please download AdwCleaner by Xplode onto your desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Search.
• A logfile will automatically open after the scan has finished.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

 

 

 

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• You will be prompted to restart your computer. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

 

 

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

Please attach those 3 logs, along with a fresh OTL logfile and tell me how the system is running.

[JJQ]

Hope this is everything !!!

Attached Files

•  AdwCleanerR1.txt   5.98K   2 downloads
•  AdwCleanerS1.txt   6.2K   2 downloads
•  log.txt   76bytes   4 downloads
•  1OTL.Txt   111.79K   3 downloads

[schrauber]

ESET log is empty, does it found something?

 

A few leftovers in the latest otl log. How is the system running?

[JJQ]

Hi Tom

 

I have attached another file - is this the correct one ?

System seems a lot better

Are the  leftovers  a problem ?

 

Thanks again,

 

Jenny

Attached Files

•  Scan.txt   842bytes   3 downloads

[schrauber]

We will remove them now
 
 
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
   
  

  :OTL
  IE - HKCU\..\SearchScopes\{9BEB2AC3-48DC-4B0E-B01E-D383836C033B}: "URL" = http://search.condui...&ctid=CT3220468
  FF - prefs.js..browser.search.selectedEngine: "blekko"
  FF - prefs.js..browser.search.selectedEngine,S: S", ""
  FF - prefs.js..browser.search.update: false
  FF - prefs.js..browser.startup.homepage: "http://blekko.com/ws...000000000000000"
  FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
  FF - prefs.js..browser.startup.homepage: ""
  [2013/01/04 17:20:27 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\ffxtlbr@babylon.com
  CHR - default_search_provider: Search the web (Babylon) (Enabled)
  CHR - default_search_provider: search_url = http://isearch.babyl...000000000000000
  CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
  CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
  [2013/02/05 12:04:40 | 014,381,616 | ---- | M] () -- C:\Windows\MSYHBD.tt2
  [2013/02/05 12:04:39 | 021,543,568 | ---- | M] () -- C:\Windows\MSYH.tt2
  [2013/02/05 12:04:36 | 014,343,024 | ---- | M] () -- C:\Windows\MSJHBD.tt2
  [2013/02/05 12:04:35 | 021,302,624 | ---- | M] () -- C:\Windows\MSJH.tt2
  [2013/02/09 15:07:27 | 000,000,112 | ---- | C] () -- C:\Users\user\Desktop\autorun.inf
  [2013/01/04 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
  :Commands
  [emptytemp]

   

• Then click the Run Fix button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

================================Follow up scan=================================

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

[JJQ]

All processes killed
Error: Unable to interpret <:OTLIE - HKCU\..\SearchScopes\{9BEB2AC3-48DC-4B0E-B01E-D383836C033B}: "URL" = http://search.condui...tid=CT3220468FF - prefs.js..browser.search.selectedEngine: "blekko"FF - prefs.js..browser.search.selectedEngine,S: S", ""FF - prefs.js..browser.search.update: falseFF - prefs.js..browser.startup.homepage: "http://blekko.com/ws...000000000000"FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""FF - prefs.js..browser.startup.homepage: ""[2013/01/04 17:20:27 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\ffxtlbr@babylon.comCHR - default_search_provider: Search the web (Babylon) (Enabled)CHR - default_search_provider: search_url = http://isearch.babyl...000000000000CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\user\AppD> in the current context!
Error: Unable to interpret <ata\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll[2013/02/05 12:04:40 | 014,381,616 | ---- | M] () -- C:\Windows\MSYHBD.tt2[2013/02/05 12:04:39 | 021,543,568 | ---- | M] () -- C:\Windows\MSYH.tt2[2013/02/05 12:04:36 | 014,343,024 | ---- | M] () -- C:\Windows\MSJHBD.tt2[2013/02/05 12:04:35 | 021,302,624 | ---- | M] () -- C:\Windows\MSJH.tt2[2013/02/09 15:07:27 | 000,000,112 | ---- | C] () -- C:\Users\user\Desktop\autorun.inf[2013/01/04 17:19:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon:Commands[emptytemp]> in the current context!

 

 
OTL by OldTimer - Version 3.2.69.0 log created on 02112013_154000

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

OTL logfile created on: 11/02/2013 3:55:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
2.99 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 65.52% Memory free
5.98 Gb Paging File | 4.34 Gb Available in Paging File | 72.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 201.10 Gb Free Space | 43.19% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: RESOLUTE-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Brother\BPRSP\resources\BrSupSsp.exe ()
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\skin.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Brother\BPRSP\resources\BrSupSsp.exe ()
MOD - C:\Program Files\VIA\VIAudioi\VDeck\VMicApi.dll ()
MOD - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
MOD - C:\Program Files\NETGEAR\WG311v3\WlanDll.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\user\AppData\Local\Temp\catchme.sys File not found
DRV - (MpKsl54d8eab2) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D237B34-27C9-44DD-B342-456DEE12B797}\MpKsl54d8eab2.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (MRV6X32P) -- C:\Windows\System32\drivers\MRVW13B.sys (Marvell Semiconductor, Inc)
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7DXTB_enAU514
IE - HKCU\..\SearchScopes\{9BEB2AC3-48DC-4B0E-B01E-D383836C033B}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\..\SearchScopes\{B256E0DA-B75D-4B76-BB92-A272D6F2B464}: "URL" = http://websearch.ask...D3-30C0F285C548
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...TF-8&oe=UTF-8="
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://blekko.com/ws...000000000000000"
FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.6.0.3
FF - prefs.js..extensions.enabledAddons: {7473b6bd-4691-4744-a82b-7854eb3d70b6}:10.13.40.15
FF - prefs.js..extensions.enabledAddons: extension21804@extension21804.com:0.87.11
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
 
 
FF - HKLM\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/10 20:17:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/11 14:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/11 14:03:42 | 000,000,000 | ---D | M]
 
[2011/01/25 08:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2010/05/10 13:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/25 08:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/02/11 15:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions
[2010/03/29 13:30:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/29 13:30:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/12/20 11:11:31 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2011/09/24 14:18:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/01/25 08:20:39 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}
[2012/12/15 15:16:49 | 000,000,000 | ---D | M] (wxDownload) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\50cc23e032078@50cc23e0320aa.com
[2013/01/04 17:20:27 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\ffxtlbr@babylon.com
[2010/03/29 13:30:38 | 000,000,000 | ---D | M] (Personas) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\bpalq8f2.default\extensions\personas@christopher.beard
[2012/12/29 12:42:43 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\bpalq8f2.default\extensions\torntv@torntv.com.xpi
[2012/11/07 16:54:08 | 000,169,792 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\bpalq8f2.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\bpalq8f2.default\searchplugins\askcom.xml
[2013/01/04 17:20:29 | 000,002,432 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\bpalq8f2.default\searchplugins\babylon1.xml
[2012/12/15 15:16:03 | 000,002,203 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\bpalq8f2.default\searchplugins\MyStart Search.xml
[2013/02/07 18:02:04 | 000,001,435 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\bpalq8f2.default\searchplugins\spamfreesearch.xml
[2012/10/15 16:30:46 | 000,003,915 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\bpalq8f2.default\searchplugins\sweetim.xml
[2013/02/11 14:19:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/17 17:28:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/08/10 08:44:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/11 14:19:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2011/12/17 17:28:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/26 11:38:50 | 001,825,680 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012/12/19 04:07:11 | 000,106,240 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2013/02/11 14:03:38 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2013/02/11 14:03:39 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2013/02/11 14:03:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2013/02/11 14:03:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2013/02/11 14:03:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2013/02/11 14:03:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2013/02/11 14:03:42 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2011/10/23 16:42:44 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/10/23 16:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/23 16:42:44 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/10/23 16:42:44 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/12/17 17:28:28 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/10/23 16:42:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/23 16:42:44 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://isearch.babyl...000000000000000
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: SweetIM GC Helper (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\mgHelperGCFB.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.13.20.29_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ABR_AUSkey Mozilla Plugin (Enabled) = C:\Program Files\ABR\Plug-In\bin\npAUSkeyPlugin.dll
CHR - plugin: CSI Mozilla Plugin (Enabled) = C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: wxDownload = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfcdfdolohdggbkdjchafcoeganfdiib\4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: wxDownload = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfcdfdolohdggbkdjchafcoeganfdiib\4_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2013/02/10 07:40:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.242.33 61.9.226.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{067C1FA4-4585-4A24-8101-A9C43776212D}: DhcpNameServer = 192.168.0.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70A28372-93B2-4562-8E73-4ABB600D6AEB}: DhcpNameServer = 10.4.182.20 10.4.81.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DA02EB4-7A72-4A25-900F-3F4E8FA57B21}: DhcpNameServer = 61.9.242.33 61.9.226.33
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\Windows\System32\MrvGINA.dll (Marvell®)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/11 15:40:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/11 14:55:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2013/02/11 14:55:11 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2013/02/11 14:55:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2013/02/11 14:55:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll
[2013/02/11 14:55:05 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2013/02/11 14:55:02 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/02/11 14:55:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2013/02/11 14:55:02 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2013/02/11 14:55:01 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/02/11 14:55:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2013/02/11 14:55:00 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpudd.dll
[2013/02/11 14:55:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpendp_winip.dll
[2013/02/11 14:55:00 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2013/02/11 14:54:59 | 000,317,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2013/02/11 14:54:55 | 002,739,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013/02/11 14:53:07 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013/02/11 14:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
[2013/02/11 14:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2013/02/11 14:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/11 14:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/02/11 14:19:17 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2013/02/11 14:19:17 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2013/02/11 14:19:17 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2013/02/11 14:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/11 14:03:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/02/11 14:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/02/10 15:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/10 07:41:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/10 05:46:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/10 05:46:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/10 05:46:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/10 05:45:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/10 05:44:43 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/10 05:43:57 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/02/09 15:07:21 | 001,593,776 | ---- | C] (Emsisoft GmbH) -- C:\Users\user\Desktop\start.exe
[2013/02/09 15:07:14 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Languages
[2013/02/09 15:07:11 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Run
[2013/02/09 15:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/09 15:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/09 14:52:11 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/02/09 14:40:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Reason Software Company Inc
[2013/02/09 14:36:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/09 11:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013/02/09 11:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2013/02/09 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Anti-Malware
[2013/02/09 11:41:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2013/02/09 10:17:06 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\BOOKS
[2013/02/08 10:01:48 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Brother
[2013/02/08 06:38:00 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\OneNote Notebooks
[2013/02/07 18:09:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/02/07 18:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/02/07 18:09:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/07 18:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reincubate
[2013/02/07 18:03:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\OpenCandy
[2013/02/07 18:01:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Coupon Companion Plugin
[2013/02/05 12:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/02/05 12:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013/02/05 12:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013/02/01 15:45:19 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\My eBooks
[2013/01/19 10:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/15 11:19:53 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Marg's Will
[2013/01/14 16:18:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WinZip Courier
[2013/01/14 15:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/01/14 15:46:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\assembly
[2013/01/14 15:44:55 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\15_Minute_Meals_optimized_(Jamie_Oliver)
[2013/01/14 15:41:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WinZip
[2013/01/14 15:40:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/14 15:40:33 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Add-in Express
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/11 15:52:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/02/11 15:50:06 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 15:50:06 | 000,014,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 15:44:19 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 15:42:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 15:42:29 | 2408,882,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 15:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/11 15:24:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 15:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2778954702-1641881619-3768207910-1000UA.job
[2013/02/11 14:36:29 | 000,002,483 | ---- | M] () -- C:\Users\Public\Desktop\Bonjour Printer Wizard.lnk
[2013/02/11 14:28:42 | 000,001,051 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/11 14:03:28 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/02/11 12:07:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2778954702-1641881619-3768207910-1000Core.job
[2013/02/11 07:12:06 | 000,000,406 | ---- | M] () -- C:\Windows\MYOBP.INI
[2013/02/11 07:11:51 | 000,000,042 | ---- | M] () -- C:\Windows\MYOB.INI
[2013/02/10 16:44:55 | 000,630,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/10 16:44:55 | 000,111,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/10 15:45:42 | 000,002,036 | -H-- | M] () -- C:\Users\user\Documents\Default.rdp
[2013/02/10 15:00:13 | 000,582,209 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013/02/10 07:40:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/10 05:44:13 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2013/02/09 15:04:51 | 238,955,943 | ---- | M] () -- C:\Users\user\Desktop\EmsisoftEmergencyKit.zip
[2013/02/09 11:42:00 | 000,001,077 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/02/09 11:42:00 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013/02/09 06:36:52 | 000,000,112 | ---- | M] () -- C:\Users\user\Desktop\autorun.inf
[2013/02/09 06:36:44 | 001,593,776 | ---- | M] (Emsisoft GmbH) -- C:\Users\user\Desktop\start.exe
[2013/02/09 06:36:28 | 000,000,056 | ---- | M] () -- C:\Users\user\Desktop\EmergencyKitScanner.bat
[2013/02/09 06:36:22 | 000,000,060 | ---- | M] () -- C:\Users\user\Desktop\CommandlineScanner.bat
[2013/02/08 17:29:39 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/08 17:29:39 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/08 06:38:03 | 000,001,252 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/02/05 12:04:40 | 014,381,616 | ---- | M] () -- C:\Windows\MSYHBD.tt2
[2013/02/05 12:04:39 | 021,543,568 | ---- | M] () -- C:\Windows\MSYH.tt2
[2013/02/05 12:04:36 | 014,343,024 | ---- | M] () -- C:\Windows\MSJHBD.tt2
[2013/02/05 12:04:35 | 021,302,624 | ---- | M] () -- C:\Windows\MSJH.tt2
[2013/02/03 11:21:44 | 000,001,017 | ---- | M] () -- C:\Users\user\Desktop\Dropbox.lnk
[2013/02/02 00:08:23 | 000,002,366 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2013/01/30 18:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/22 11:54:44 | 000,437,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/19 10:23:48 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/15 16:56:10 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2013/01/15 16:56:07 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2013/01/15 16:53:05 | 000,158,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2013/01/15 16:53:01 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2013/01/15 16:52:55 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2013/01/14 15:42:03 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/11 14:36:29 | 000,002,483 | ---- | C] () -- C:\Users\Public\Desktop\Bonjour Printer Wizard.lnk
[2013/02/11 14:28:42 | 000,001,051 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/02/11 14:03:28 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/02/11 13:55:33 | 000,001,753 | ---- | C] () -- C:\Users\user\Desktop\iTunes.lnk
[2013/02/10 15:00:03 | 000,582,209 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2013/02/10 05:46:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/10 05:46:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/10 05:46:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/10 05:46:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/10 05:46:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/09 15:07:27 | 000,000,112 | ---- | C] () -- C:\Users\user\Desktop\autorun.inf
[2013/02/09 15:07:15 | 000,000,056 | ---- | C] () -- C:\Users\user\Desktop\EmergencyKitScanner.bat
[2013/02/09 15:07:11 | 000,000,060 | ---- | C] () -- C:\Users\user\Desktop\CommandlineScanner.bat
[2013/02/09 14:58:39 | 238,955,943 | ---- | C] () -- C:\Users\user\Desktop\EmsisoftEmergencyKit.zip
[2013/02/09 11:42:00 | 000,001,077 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/02/09 11:42:00 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013/02/08 06:38:03 | 000,001,252 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2013/02/05 12:04:52 | 014,381,616 | ---- | C] () -- C:\Windows\MSYHBD.tt2
[2013/02/05 12:04:51 | 021,543,568 | ---- | C] () -- C:\Windows\MSYH.tt2
[2013/02/05 12:04:50 | 014,343,024 | ---- | C] () -- C:\Windows\MSJHBD.tt2
[2013/02/05 12:04:49 | 021,302,624 | ---- | C] () -- C:\Windows\MSJH.tt2
[2013/01/19 10:23:48 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/01/19 10:23:42 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/04 11:57:52 | 000,000,236 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/01/04 11:57:52 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/01/04 11:57:24 | 000,003,303 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/01/04 11:54:13 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/01/04 11:54:13 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/01/04 07:22:14 | 000,062,202 | ---- | C] () -- C:\Windows\hpqins01.dat
[2013/01/03 20:33:53 | 000,077,620 | ---- | C] () -- C:\Windows\hpqins05.dat
[2012/12/18 14:56:19 | 000,000,127 | ---- | C] () -- C:\Users\user\wxDownloadFast.ini
[2012/12/17 14:00:31 | 000,218,258 | ---- | C] () -- C:\Windows\hpwins14.dat
[2012/12/17 14:00:31 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2012/09/06 07:32:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/09/06 07:32:18 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/08/31 15:25:31 | 000,008,704 | ---- | C] () -- C:\Windows\System32\BHARegister.dll
[2012/07/19 16:03:04 | 000,002,271 | ---- | C] () -- C:\Windows\checkip.dat
[2011/07/19 14:29:12 | 000,218,258 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2011/07/19 14:29:12 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2011/07/05 11:05:45 | 000,000,357 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2011/07/05 11:03:51 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/07/01 19:28:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/01/21 14:02:45 | 000,007,621 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010/12/12 15:46:31 | 000,005,632 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/05 09:00:56 | 000,018,392 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/07/02 10:00:07 | 000,080,029 | ---- | C] () -- C:\Users\user\2873_001.pdf
[2009/07/01 12:03:27 | 000,012,030 | ---- | C] () -- C:\Users\user\CLAIM14_30.6.09.pdf
[2009/06/30 15:52:18 | 000,115,764 | ---- | C] () -- C:\Users\user\1105456.pdf
[2009/06/29 17:23:36 | 000,051,580 | ---- | C] () -- C:\Users\user\Paving-290609.pdf
[2009/06/29 15:14:31 | 000,107,120 | ---- | C] () -- C:\Users\user\ESale (10).pdf
[2009/06/29 09:19:45 | 000,065,129 | ---- | C] () -- C:\Users\user\ESale (9).pdf
[2009/06/26 08:22:30 | 000,066,317 | ---- | C] () -- C:\Users\user\2779_001.pdf
[2009/06/25 11:50:47 | 000,003,314 | ---- | C] () -- C:\Users\user\EStatement.pdf
[2009/06/24 10:08:24 | 000,019,663 | ---- | C] () -- C:\Users\user\dbrpincf (1).pdf
[2009/06/23 15:15:03 | 000,632,668 | ---- | C] () -- C:\Users\user\3167_001.pdf
[2009/06/22 09:06:14 | 000,064,865 | ---- | C] () -- C:\Users\user\ESale (.pdf
[2009/06/19 10:42:27 | 000,040,735 | ---- | C] () -- C:\Users\user\10142868.pdf
[2009/06/18 18:34:08 | 000,165,903 | ---- | C] () -- C:\Users\user\June 18 Update to Community.pdf
[2009/06/17 11:53:06 | 000,342,935 | ---- | C] () -- C:\Users\user\GCSLabour.pdf
[2009/06/16 14:13:23 | 000,107,080 | ---- | C] () -- C:\Users\user\ESale (7).pdf
[2009/06/12 17:00:48 | 000,202,898 | ---- | C] () -- C:\Users\user\CCE12062009_00000.pdf
[2009/06/12 13:34:51 | 000,053,841 | ---- | C] () -- C:\Users\user\20071219 Westopia Applecrossv23.pdf
[2009/06/12 08:17:27 | 001,135,104 | ---- | C] () -- C:\Users\user\Resolute Construction email.pdf
[2009/06/11 14:16:29 | 000,129,392 | ---- | C] () -- C:\Users\user\Inv00001313 PG8.pdf
[2009/06/10 13:20:59 | 000,389,509 | ---- | C] () -- C:\Users\user\_0610124549_001.pdf
[2009/06/10 07:41:20 | 000,017,120 | ---- | C] () -- C:\Users\user\EML6A7.RTF
[2009/06/10 07:40:50 | 000,016,617 | ---- | C] () -- C:\Users\user\EML693.RTF
[2009/06/10 07:40:03 | 000,016,631 | ---- | C] () -- C:\Users\user\EML667.RTF
[2009/06/09 12:24:04 | 000,071,253 | ---- | C] () -- C:\Users\user\91755.pdf
[2009/06/09 11:24:06 | 000,026,471 | ---- | C] () -- C:\Users\user\dbrsta (1).pdf
[2009/06/09 09:36:56 | 000,002,577 | ---- | C] () -- C:\Users\user\ESale (6).pdf
[2009/06/08 11:37:47 | 000,126,112 | ---- | C] () -- C:\Users\user\Year 9 drinks 2009 invite.pdf
[2009/06/08 10:37:55 | 000,008,383 | ---- | C] () -- C:\Users\user\Invoice.pdf
[2009/06/05 08:00:55 | 000,106,995 | ---- | C] () -- C:\Users\user\ESale (5).pdf
[2009/06/03 17:31:15 | 000,107,095 | ---- | C] () -- C:\Users\user\ESale (4).pdf
[2009/06/03 15:57:47 | 001,063,329 | ---- | C] () -- C:\Users\user\ATF BER Package.pdf
[2009/06/03 14:20:55 | 005,476,023 | ---- | C] () -- C:\Users\user\2406_001.pdf
[2009/06/02 11:37:43 | 000,458,838 | ---- | C] () -- C:\Users\user\ATFinal-020609.pdf
[2009/06/02 10:15:30 | 000,080,544 | ---- | C] () -- C:\Users\user\ETKT_Receipt (1).pdf
[2009/05/29 15:16:53 | 000,360,517 | ---- | C] () -- C:\Users\user\_0529135905_001.pdf
[2009/05/29 11:12:30 | 000,044,833 | ---- | C] () -- C:\Users\user\2385_001.pdf
[2009/05/26 16:17:54 | 000,002,499 | ---- | C] () -- C:\Users\user\ESale (3).pdf
[2009/05/26 16:17:40 | 000,098,385 | ---- | C] () -- C:\Users\user\IB Diploma - Letter to all parents.pdf
[2009/05/20 11:40:43 | 000,080,476 | ---- | C] () -- C:\Users\user\HRConstructionInvoice.pdf
[2009/05/19 07:33:24 | 000,069,544 | ---- | C] () -- C:\Users\user\RESOL00 15.05.09 Outstanding Account.pdf
[2009/05/15 14:46:06 | 000,106,881 | ---- | C] () -- C:\Users\user\ESale (2).pdf
[2009/05/14 09:09:40 | 000,090,440 | ---- | C] () -- C:\Users\user\WSTSD-2009_MessageFromPrimeMinisterKevinRudd.pdf
[2009/05/08 11:51:09 | 000,016,947 | ---- | C] () -- C:\Users\user\EML598.RTF
[2009/05/08 10:51:01 | 000,252,827 | ---- | C] () -- C:\Users\user\09 _Friday_meals.pdf
[2009/05/07 16:13:27 | 000,033,669 | ---- | C] () -- C:\Users\user\1848_001.pdf
[2009/05/06 11:50:27 | 000,068,608 | ---- | C] () -- C:\Users\user\election dayfor 2009 shortened version for posters.pub
[2009/05/05 10:23:53 | 000,044,244 | ---- | C] () -- C:\Users\user\State of Play.pdf
[2009/05/04 11:39:49 | 000,019,931 | ---- | C] () -- C:\Users\user\dbrpincf.pdf
[2009/05/01 14:14:37 | 000,042,294 | ---- | C] () -- C:\Users\user\email_0905011328598.pdf
[2009/04/30 16:32:26 | 000,011,953 | ---- | C] () -- C:\Users\user\CLAIM12_30.4.09.pdf
[2009/04/28 19:08:43 | 000,302,630 | ---- | C] () -- C:\Users\user\1821_001.pdf
[2009/04/19 13:33:48 | 000,019,671 | ---- | C] () -- C:\Users\user\Westland Contracting Claim 7 - preliminaries breakdown (2).pdf
[2009/04/17 11:07:36 | 000,318,241 | ---- | C] () -- C:\Users\user\1667_001.pdf
[2009/04/16 13:40:03 | 000,106,882 | ---- | C] () -- C:\Users\user\ESale (1).pdf
[2009/04/14 13:20:17 | 000,781,456 | ---- | C] () -- C:\Users\user\DARON00 30.06.08 FS.pdf
[2009/04/14 13:17:10 | 000,000,218 | ---- | C] () -- C:\Users\user\.recently-used.xbel
[2009/04/14 12:17:46 | 000,080,507 | ---- | C] () -- C:\Users\user\ETKT_Receipt.pdf
[2009/04/14 11:18:35 | 000,107,236 | ---- | C] () -- C:\Users\user\ESale.pdf
[2009/04/08 10:33:02 | 000,069,252 | ---- | C] () -- C:\Users\user\email_0904071436413.pdf
[2009/04/07 11:08:12 | 000,026,698 | ---- | C] () -- C:\Users\user\dbrsta.pdf
[2009/04/06 13:47:19 | 000,017,517 | ---- | C] () -- C:\Users\user\EML4FD.RTF
[2009/04/06 13:34:16 | 000,016,946 | ---- | C] () -- C:\Users\user\EML4B0.RTF
[2009/04/03 16:51:57 | 000,305,850 | ---- | C] () -- C:\Users\user\1507_001.pdf
[2009/04/03 13:12:08 | 000,503,646 | ---- | C] () -- C:\Users\user\Image0123.PDF
[2009/04/02 11:05:28 | 000,042,287 | ---- | C] () -- C:\Users\user\email_0904021101744.pdf
[2009/04/01 11:07:40 | 000,150,038 | ---- | C] () -- C:\Users\user\THEST01 01.04.09 Invoice 7588.pdf
[2009/03/31 14:36:01 | 000,007,456 | ---- | C] () -- C:\Users\user\THEST01 30.06.08 TB revised.pdf
[2009/03/30 17:15:44 | 000,078,805 | ---- | C] () -- C:\Users\user\RynatInvoice-300309.pdf
[2009/03/30 10:24:06 | 000,403,355 | ---- | C] () -- C:\Users\user\0267_001.pdf
[2009/03/30 10:20:08 | 000,037,814 | ---- | C] () -- C:\Users\user\0273_001.pdf
[2009/03/27 13:34:00 | 000,059,457 | ---- | C] () -- C:\Users\user\2009_rotary_fair_flyer.pdf
[2009/03/27 08:41:09 | 000,078,877 | ---- | C] () -- C:\Users\user\STEEN02 30.06.08 ITR.pdf
[2009/03/27 08:20:20 | 000,031,086 | ---- | C] () -- C:\Users\user\THEST01 30.06.08 FS.pdf
[2009/03/27 08:20:16 | 000,045,768 | ---- | C] () -- C:\Users\user\THEST01 30.06.08 TR Application of Trust Income.pdf
[2009/03/27 08:20:10 | 000,059,075 | ---- | C] () -- C:\Users\user\THEST01 30.06.08 Tax Summary.pdf
[2009/03/24 15:24:46 | 000,019,671 | ---- | C] () -- C:\Users\user\Westland Contracting Claim 7 - preliminaries breakdown (1).pdf
[2009/03/24 15:23:15 | 000,019,671 | ---- | C] () -- C:\Users\user\Westland Contracting Claim 7 - preliminaries breakdown.pdf
[2009/01/08 07:27:09 | 000,000,000 | ---- | C] () -- C:\Users\user\Ÿ9Ÿ9
[2007/03/22 17:48:57 | 000,000,171 | ---- | C] () -- C:\Users\user\default.pls
 
========== ZeroAccess Check ==========
 
[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 929 bytes -> C:\Users\user\Documents\RE_ HILLCREST PO 13301.eml:OECustomProperty

< End of report >

[schrauber]

Please attach all logfiles instead of posting them into the topic. Sorry, my fault, I saw the error in the instructions now

 

the fix did not work, please download the attached fix.txt to your desktop and drag/drop it into the scans/fixes box of OTl, then please click "Run scan". Attach this logfile along with a fresh OTL logfile.

Attached Files

•  fix.txt   1.65K   1 downloads

[JJQ]

Hi Tom

 

Scans as requested

 

Jenny

Attached Files

•  02112013_182629.log   11.3K   1 downloads
•  2OTL.Txt   146.26K   0 downloads

[schrauber]

Perfect. Before we cleanup our work, are there any problems left?

[JJQ]

Hi Tom

 

Thank you very much for all your help - everything seems OK now

 

Jenny

[schrauber]

Hi Jenny,

 

Please open ADwCleaner and hit the Uninstall-Button.

 

 

Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.

 

 

 

 

Please run OTL one more time and hit Cleanup. This will remove OTL and all helper tools.

 

 

 

 

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean

Hiding Hidden Files
Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Then go to Start > Run and type: Cleanmgr
• Click "OK".
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

• If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  
  
• If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  
  
• If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  
  
• If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software.
  
  There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  
  
• Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  
  
• Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  
  
• When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  
  
• Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  
  
• Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  
  
• DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


 

[JJQ]

All done

 

Thanks vey much for your help.

 

Jenny

[schrauber]

You're most welcome

 

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.