Scribd
Upload
190 views

Otl

This document provides system information from a computer running a 64-bit version of Windows Vista Home Premium. It lists details such as the amount of physical memory, paging file space, system drives and their available space, as well as installed software, running processes, modules, services, and device drivers.

Uploaded by

boreddude001
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
190 views

Otl

This document provides system information from a computer running a 64-bit version of Windows Vista Home Premium. It lists details such as the amount of physical memory, paging file space, system drives and their available space, as well as installed software, running processes, modules, services, and device drivers.

Uploaded by

boreddude001
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 18

OTL logfile created on: 6/17/2013 6:40:54 PM - Run 2

OTL by OldTimer - Version 3.2.69.0


Folder = C:\Users\home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - T
ype = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyy
y
3.96 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.38% Memor
y free
8.10 Gb Paging File | 6.19 Gb Available in Paging File | 76.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Fil
es (x86)
Drive C: | 288.29 Gb Total Space | 45.54 Gb Free Space | 15.80% Space Free | Par
tition Type: NTFS
Drive E: | 9.77 Gb Total Space | 3.12 Gb Free Space | 31.92% Space Free | Partit
ion Type: NTFS
Drive G: | 465.64 Gb Total Space | 1.55 Gb Free Space | 0.33% Space Free | Parti
tion Type: FAT32
Drive H: | 149.05 Gb Total Space | 15.59 Gb Free Space | 10.46% Space Free | Par
tition Type: NTFS
Drive I: | 298.02 Gb Total Space | 1.75 Gb Free Space | 0.59% Space Free | Parti
tion Type: FAT32
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitel
ist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/06/17 18:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\User
s\home\Desktop\OTL (1).exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated
) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Techn
ologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/03/27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Techn
ologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.)
-- C:\Users\home\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/28 14:35:32 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\P
nkBstrA.exe
PRC - [2010/12/22 15:31:11 | 001,122,304 | ---- | M] (Zhorn Software) -- C:\Prog
ram Files (x86)\Stickies\stickies.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\home\Local S
ettings\Apps\F.lux\flux.exe
PRC - [2009/02/03 13:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:
\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C
:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/06/03 14:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.)
-- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Pro
gram Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\P
rogram Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 16:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\P

rogram Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2010/12/22 15:31:10 | 000,049,152 | ---- | M] () -- C:\Program Files (x86
)\Stickies\shook70.dll
MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\home\Local S
ettings\Apps\F.lux\flux.exe
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Co
rporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\N
isSrv.exe -- (NisSrv)
SRV:[b]64bit:[/b] - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Co
rporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEn
g.exe -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2012/11/22 07:35:22 | 000,828,072 | ---- | M] (Check Point
Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceFi
eld\ISWSVC.exe -- (IswSvc)
SRV:[b]64bit:[/b] - [2008/11/20 03:21:12 | 000,031,744 | ---- | M] () [Auto | Ru
nning] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Cor
poration) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (D
ockLoginService)
SRV:[b]64bit:[/b] - [2008/09/16 22:17:14 | 000,251,904 | ---- | M] (IDT, Inc.) [
Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d
14bcbef\STacSV64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2008/09/16 22:17:02 | 000,086,016 | ---- | M] (Andrea Elect
ronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRep
ository\stwrt64.inf_d14bcbef\AESTSr64.exe -- (AESTFilters)
SRV:[b]64bit:[/b] - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Co
rporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (W
inDefend)
SRV:[b]64bit:[/b] - [2007/05/25 09:38:54 | 000,567,216 | ---- | M] ( ) [Auto | R
unning] -- C:\Windows\SysNative\lxdccoms.exe -- (lxdc_device)
SRV:[b]64bit:[/b] - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] (Microsoft Co
rporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2013/06/12 05:24:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated
) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateS
ervice.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated
) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.e
xe -- (AdobeARMservice)
SRV - [2013/03/27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Techn
ologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsm
on.exe -- (vsmon)
SRV - [2012/11/13 23:07:22 | 000,666,720 | ---- | M] (Wellbia.com Co., Ltd.) [On
_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto
| Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/28 14:35:32 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\W
indows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/08/07 14:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [
On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Au
to | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (
clr_optimization_v4.0.30319_32)

SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Di


sabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
-- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/03 13:39:09 | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto
| Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent
.exe -- (vpnagent)
SRV - [2008/05/07 16:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto |
Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.
exe -- (IAANTMON)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Co
rporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.s
ys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/12/13 11:49:46 | 000,443,992 | ---- | M] (Check Point
Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\D
RIVERS\vsdatant.sys -- (Vsdatant)
DRV:[b]64bit:[/b] - [2012/11/22 07:35:36 | 000,033,712 | ---- | M] (Check Point
Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\
ZAForceField\ISWKL.sys -- (ISWKL)
DRV:[b]64bit:[/b] - [2012/06/03 19:40:44 | 000,231,376 | ---- | M] (TrueCrypt Fo
undation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.
sys -- (truecrypt)
DRV:[b]64bit:[/b] - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Co
rporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_re
c.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corpor
ation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (
iaStor)
DRV:[b]64bit:[/b] - [2011/05/26 08:55:00 | 000,117,336 | ---- | M] (AhnLab, Inc.
) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\AMonTDLH.sys -- (A
MonTDLH)
DRV:[b]64bit:[/b] - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel |
On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:[b]64bit:[/b] - [2010/08/25 19:39:00 | 000,016,776 | ---- | M] () [Kernel |
On_Demand | Stopped] -- C:\Windows\SysNative\prwntdrv.sys -- (prwntdrv)
DRV:[b]64bit:[/b] - [2010/07/12 11:36:10 | 000,055,856 | ---- | M] (Sonic Soluti
ons) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (
PxHlpa64)
DRV:[b]64bit:[/b] - [2010/06/28 00:55:00 | 000,155,256 | ---- | M] (AhnLab, Inc.
) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\m
fipsent.sys -- (MfIPSEnt)
DRV:[b]64bit:[/b] - [2010/06/28 00:55:00 | 000,126,072 | ---- | M] (AhnLab, Inc.
) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\m
ffwent.sys -- (MfFWEnt)
DRV:[b]64bit:[/b] - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Co
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb
.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2009/07/20 18:00:00 | 000,025,656 | ---- | M] (AhnLab, Inc.
) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\CdmDrvNt.sys -(CdmDrvNt)
DRV:[b]64bit:[/b] - [2009/03/26 08:00:16 | 000,071,168 | ---- | M] (Realtek Semi
conductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\
RTSTOR64.SYS -- (RTSTOR)
DRV:[b]64bit:[/b] - [2009/03/19 17:02:00 | 000,311,296 | ---- | M] (Creative Tec
hnology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA0
09Vid.sys -- (OA009Vid)
DRV:[b]64bit:[/b] - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Tec

hnology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA0


09Ufd.sys -- (OA009Ufd)
DRV:[b]64bit:[/b] - [2009/02/03 13:23:46 | 000,019,456 | ---- | M] (Cisco System
s, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.
sys -- (vpnva)
DRV:[b]64bit:[/b] - [2008/11/29 07:19:28 | 000,028,208 | ---- | M] (Windows (R)
Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\Sys
Native\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:[b]64bit:[/b] - [2008/11/20 03:20:52 | 000,022,520 | ---- | M] (Broadcom Cor
poration) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RL
Y.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2008/10/27 04:21:50 | 001,374,712 | ---- | M] (Broadcom Cor
poration) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl66
4.sys -- (BCM43XX)
DRV:[b]64bit:[/b] - [2008/09/17 01:28:08 | 007,897,216 | ---- | M] (Intel Corpor
ation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.s
ys -- (igfx)
DRV:[b]64bit:[/b] - [2008/09/16 22:17:24 | 000,458,752 | ---- | M] (IDT, Inc.) [
Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (ST
HDA)
DRV:[b]64bit:[/b] - [2008/09/03 22:29:22 | 000,199,728 | ---- | M] (Alps Electri
c Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfi
ltr.sys -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2008/09/01 03:19:24 | 000,392,192 | ---- | M] (Marvell) [Ke
rnel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yuko
nx64)
DRV:[b]64bit:[/b] - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,L
td.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys
-- (Amusbprt)
DRV:[b]64bit:[/b] - [2008/01/20 19:46:55 | 000,317,952 | ---- | M] (Intel Corpor
ation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.s
ys -- (e1express)
DRV:[b]64bit:[/b] - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mo
use types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64
.sys -- (Amfilter)
DRV:[b]64bit:[/b] - [2006/11/02 00:48:50 | 002,488,320 | ---- | M] (ATI Technolo
gies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmd
ag.sys -- (R300)
DRV - [2012/02/02 15:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [
Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2010/08/25 19:39:00 | 000,013,704 | ---- | M] () [Kernel | On_Demand | St
opped] -- C:\Windows\SysWOW64\prwntdrv.sys -- (prwntdrv)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}:
"URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language
}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7
DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww
w.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http:/
/www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http:/
/www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5CD0240E-4585-4BA8-B77D-14F058C9F7F4}: "URL" = http:/
/www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}
:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{AAFEBCE4-37E4-4169-B939-5A517582FD5C}: "URL" = http:/
/search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=a07d
07ec657c40c79ed148e5f5cfb016&tu=10G90008a2B0008&sku=&tstsId=&ver=&&r=531
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEna
ble" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOve
rride" = <local>
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:
6.0.22
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:
6.0.24
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:
6.0.26
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2
FF - prefs.js..extensions.enabledAddons: [email protected]:3.1.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:
6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6
.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6
.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windo
ws\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.
2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.
7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Ma
cromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (
x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:
\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program File
s (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\
SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Progra
m Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin
;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.
)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program
Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation
)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Mic
rosoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft C
orporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\np
nxgame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: \NGM\npNxGameUS.dll File no
t found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program
Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\
Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\
Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C
:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18:
C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files (x86)\V
eoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files (x86)
\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files (x86
)\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Fi
les (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wizvera.com/npVeraport20: C:\Program Files (x
86)\Wizvera\Veraport20\npveraport20.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Rea
der 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users
\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Use
rs\home\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networ
ks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\
Users\home\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google In
c.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\
Users\home\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google In
c.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program F
iles (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB
3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2013/06/15 17:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D
-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
[2013/06/15 17:40:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Compone
nts: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/05 13:43:01 | 00
0,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins
: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/05 13:43:01 | 000,000,
000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Pro
gram Files (x86)\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/03 23:33:23
| 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetwo
rks.com: C:\Users\home\AppData\Roaming\Move Networks [2010/03/14 14:12:44 | 000,

000,000 | ---D | M]
[2010/03/14 14:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\
AppData\Roaming\Mozilla\Extensions
[2009/08/02 20:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\
AppData\Roaming\Mozilla\Extensions\MediaCoder
[2011/09/21 21:53:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\
AppData\Roaming\Mozilla\Firefox\Profiles\2vl09ijl.default\extensions
[2011/09/21 21:53:45 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\
home\AppData\Roaming\Mozilla\Firefox\Profiles\2vl09ijl.default\extensions\foxypr
[email protected]
[2011/07/18 17:53:41 | 000,031,748 | ---- | M] () (No name found) -- C:\Users\ho
me\AppData\Roaming\Mozilla\Firefox\Profiles\2vl09ijl.default\extensions\webmaste
[email protected]
[2012/06/15 15:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Fil
es (x86)\Mozilla Firefox\extensions
[2011/02/26 16:50:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program File
s (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/27 22:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program File
s (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/15 12:02:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program File
s (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/07/14 21:58:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assista
nt) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\D
OTNETASSISTANTEXTENSION
[2011/06/29 16:30:36 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Progra
m Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Fi
les (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozi
lla firefox\searchplugins\bing.xml
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerm
s}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{go
ogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{goog
le:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPositio
n}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:Tabs
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\home\AppData\Local\Google\Chrom
e\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\home\AppData\Local\Google\C
hrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\home\AppData\Local\Google\Chr
ome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPS
WF32_11_3_300_265.dll
CHR - plugin: IE Tab Multi (Enabled) = C:\Users\home\AppData\Local\Google\Chrome
\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/
npietab.dll
CHR - plugin: IE Tab Multi (SPA) (Enabled) = C:\Users\home\AppData\Local\Google\
Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\p
lugin/npietabspa.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0
\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:


\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files
(x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mo
zilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla F
irefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Moz
illa Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\home\AppData\Roaming\Mozil
la\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\home\App
Data\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Goog
le Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3
.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\
jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks
\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\
npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\n
pVeetle.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files (x86)\Veoh Networks\Veo
hWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files (x86)\Veoh Netwo
rks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: NPVeohVersion plugin (Enabled) = C:\Program Files (x86)\Veoh Netwo
rks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npv
lc.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64
\TrustChecker\bin\npFFApi.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npnxgam
e.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\home\AppData\Roaming\Facebook
\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\home\AppData\Roam
ing\Move Networks\plugins\npqmp071505000010.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\SysWOW64\n
pDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft S
ilverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.N


ET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: reddit companion = C:\Users\home\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0\
CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\D
efault\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\home\AppData\Local\Google\Chrome\User D
ata\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: 4chan Backtracebook = C:\Users\home\AppData\Local\Google\Chrome
\User Data\Default\Extensions\cjnalefakhffmjkhijpgdhkfeadhaljd\4.4_0\
CHR - Extension: Google Search = C:\Users\home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\home\AppData\Local\Google\Chrome\
User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.52_0\
CHR - Extension: Facebook Disconnect = C:\Users\home\AppData\Local\Google\Chrome
\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Jeffrey's Exif viewer = C:\Users\home\AppData\Local\Google\Chro
me\User Data\Default\Extensions\glpbdeclgjmeoojlmhpamjddandmplki\1.0.8_0\
CHR - Extension: karma_decay_chrome.user.js = C:\Users\home\AppData\Local\Google
\Chrome\User Data\Default\Extensions\goagnjjfnnhjeodgcilbcpdcpabaajld\1.0_0\
CHR - Extension: IE Tab = C:\Users\home\AppData\Local\Google\Chrome\User Data\De
fault\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.6.12.2_0\
CHR - Extension: uSelect iDownload = C:\Users\home\AppData\Local\Google\Chrome\U
ser Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\1.9_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\home\AppData\Local\Google\C
hrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0\
CHR - Extension: FVD Video Downloader = C:\Users\home\AppData\Local\Google\Chrom
e\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.2.0_0\
CHR - Extension: Download Master = C:\Users\home\AppData\Local\Google\Chrome\Use
r Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\3.0.1.2_0\
CHR - Extension: Smooth Gestures = C:\Users\home\AppData\Local\Google\Chrome\Use
r Data\Default\Extensions\nmndalkkpgannmgccacmlmpaphdjbdkd\0.15.4_0\
CHR - Extension: Gmail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Def
ault\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/06/16 13:49:09 | 000,000,027 | ---- | M]) - C:\Windows\Sys
Native\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1
localhost
O2:[b]64bit:[/b] - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-833457288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll File not found
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB
-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4
D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\b
in\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC
74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation
)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C
:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\
bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB
7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\Trust
CheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777}
- C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A
9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\P


rogram Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! In
c)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0
-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker
\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar
.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C
7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonea
larm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112D
AE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.d
ll (Veoh Networks)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA
1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\Tru
stCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD
4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE
2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\T
rustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4E
C6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChec
ker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Al
ps Electric Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNati
ve\WLTRAY.exe (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Int
el Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Mat
rix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Int
el Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\Fo
rceField.exe (Check Point Software Technologies)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\
msseces.exe (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (
Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.ex
e (IDT, Inc.)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriai
gnite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple App
lication Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell W
ebcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.ex
e (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.
exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\home\AppData\Local\Akama
i\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\home\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock
, LLC)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Program


s\Startup\Stickies.lnk = C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Sof
tware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives
= 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives
= 0
O8:[b]64bit:[/b] - Extra context menu item: Download with GetRight - C:\Program
Files (x86)\GetRight\GRDownload.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Download with ImTOO Download YouTube
Video - C:\Program Files (x86)\ImTOO\Download YouTube Video\upod_link.HTM ()
O8:[b]64bit:[/b] - Extra context menu item: Open with GetRight Browser - C:\Prog
ram Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\Ge
tRight\GRDownload.htm ()
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Pr
ogram Files (x86)\ImTOO\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86
)\GetRight\GRBrowse.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C
608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/
download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windo
ws Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com
/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {477D5B9A-6479-44F8-9718-9340119B0308} http://www.hanabank.com/resour
ce/download/veraport/down/veraport20.cab (Veraport20Ctl Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/system
profiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7
.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriv
erScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/system
profiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7
.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7
.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D96365C6-ACCB-4546-A878-E16178C48FF0} http://www.chzero.com/zeromap/
ZeroMap2009.CAB (CHZERO MAP CTRL 2009)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NO
S/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75
.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD5508C-70D3-473A-8
9DD-848D98597090}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found


O18:[b]64bit:[/b] - Protocol\Handler\s-http - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
- C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corp
oration)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:
\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporati
on)
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Progra
m Files (x86)\Initech\SHTTP\InitechSHTTPInterface.11010.dll ((c) INITECH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Pro
gram Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.
exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe)
- C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (
Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\
SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Window
s\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/col
or]
[2013/06/17 18:29:59 | 000,000,000
[2013/06/17 18:29:46 | 000,000,000
[2013/06/17 18:20:05 | 000,602,112
\Desktop\OTL (1).exe
[2013/06/17 18:19:47 | 000,545,954
home\Desktop\JRT.exe
[2013/06/16 14:38:26 | 000,000,000
[2013/06/16 13:31:01 | 000,518,144
xe
[2013/06/16 13:31:01 | 000,406,528
e
[2013/06/16 13:31:01 | 000,060,416
e
[2013/06/16 13:30:04 | 000,000,000
[2013/06/16 04:23:09 | 000,000,000
[2013/06/15 22:26:26 | 001,814,144
ers\home\Desktop\iExplore.exe
[2013/06/15 22:26:15 | 001,814,144
ers\home\Desktop\rkill.exe
[2013/06/15 22:22:07 | 005,080,151

| ---D | C] -- C:\Windows\ERUNT
| ---D | C] -- C:\JRT
| ---- | C] (OldTimer Tools) -- C:\Users\home
| ---- | C] (Oleg N. Scherbakov) -- C:\Users\
| -HSD | C] -- C:\$RECYCLE.BIN
| ---- | C] (SteelWerX) -- C:\Windows\SWREG.e
| ---- | C] (SteelWerX) -- C:\Windows\SWSC.ex
| ---- | C] (NirSoft) -- C:\Windows\NIRCMD.ex
| ---D | C] -- C:\Qoobox
| ---D | C] -- C:\Windows\erdnt
| ---- | C] (Bleeping Computer, LLC) -- C:\Us
| ---- | C] (Bleeping Computer, LLC) -- C:\Us
| R--- | C] (Swearware) -- C:\Users\home\Desk

top\ComboFix.exe
[2013/06/15 19:08:33 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\RK_Quara
ntine
[2013/06/15 17:40:52 | 000,000,000 | ---D | C] -- C:\Users\home\Documents\ForceF
ield Shared Files
[2013/06/15 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Ma
cromedia
[2013/06/15 17:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/06/15 17:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo
ws\Start Menu\Programs\Check Point
[2013/06/15 17:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check P
oint Software Technologies LTD
[2013/06/15 17:37:41 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\
Check Point Software Technologies LTD
[2013/06/15 17:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPo
int
[2013/06/15 15:22:24 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\home\Desk
top\dds.com
[2013/06/14 18:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' A
nti-Malware (portable)
[2013/06/14 18:38:06 | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\mbar
[2013/06/13 14:43:53 | 006,018,568 | ---- | C] (Trend Micro, Inc.
) -- C:\Users\home\Desktop\RUBottedSetup.exe
[2013/06/12 03:04:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\mshtmled.dll
[2013/06/12 03:04:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\mshtmled.dll
[2013/06/12 03:04:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\ieui.dll
[2013/06/12 03:04:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\ieui.dll
[2013/06/12 03:04:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\ieUnatt.exe
[2013/06/12 03:04:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\ieUnatt.exe
[2013/06/12 03:04:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\url.dll
[2013/06/12 03:04:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\url.dll
[2013/06/12 03:03:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\inetcpl.cpl
[2013/06/12 03:03:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\inetcpl.cpl
[2013/06/12 03:03:52 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\jscript9.dll
[2013/06/12 03:03:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\msfeeds.dll
[2013/06/12 03:03:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\jscript.dll
[2013/06/12 03:03:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\jscript.dll
[2013/06/12 03:03:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\vbscript.dll
[2013/06/11 16:12:06 | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\certutil.exe
[2013/06/11 16:12:06 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\certutil.exe
[2013/06/11 16:12:05 | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\crypt32.dll
[2013/06/11 16:12:04 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Win

dows\SysNative\cryptnet.dll
[2013/06/11 16:12:04 | 000,050,688 | ---- |
dows\SysNative\certenc.dll
[2013/06/11 16:12:02 | 000,041,984 | ---- |
dows\SysWow64\certenc.dll
[2013/06/11 16:11:46 | 000,030,720 | ---- |
dows\SysNative\cryptdlg.dll
[2013/06/11 16:11:46 | 000,024,576 | ---- |
dows\SysWow64\cryptdlg.dll
[2013/06/11 16:11:35 | 000,686,080 | ---- |
dows\SysNative\win32spl.dll
[2013/06/11 16:11:34 | 000,443,904 | ---- |
dows\SysWow64\win32spl.dll
[2013/06/11 16:11:33 | 000,037,376 | ---- |
dows\SysWow64\printcom.dll
[2013/06/05 19:08:15 | 000,000,000 | ---D |
[2013/06/05 17:32:27 | 000,000,000 | ---D |
ws\Start Menu\Programs\Python 2.7
[2013/06/05 17:29:38 | 000,000,000 | ---D |
[2013/06/05 13:42:44 | 000,000,000 | ---D |
ws\Start Menu\Programs\QuickTime
[2013/06/05 13:42:19 | 000,000,000 | ---D |
me
[2013/06/05 13:42:18 | 000,000,000 | ---D |
[2013/06/04 17:29:42 | 000,000,000 | ---D |
ws\Start Menu\Programs\GNU Octave (3.6.4)
[2013/06/04 17:29:08 | 000,000,000 | ---D |
[2013/06/04 16:53:40 | 000,000,000 | ---D |
[1 C:\Windows\SysNative\drivers\*.tmp files
p -> ]

C] (Microsoft Corporation) -- C:\Win


C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] -- C:\Users\home\.idlerc
C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\Python27
C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\Program Files (x86)\QuickTi
C] -- C:\ProgramData\Apple Computer
C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\Software
C] -- C:\Octave
-> C:\Windows\SysNative\drivers\*.tm

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2013/06/17 18:27:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskMachineCore.job
[2013/06/17 18:27:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296F
B0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/17 18:27:29 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296F
B0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/17 18:27:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/17 18:24:44 | 000,000,329 | ---- | M] () -- C:\Windows\DeleteOnReboot.b
at
[2013/06/17 18:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flas
h Player Updater.job
[2013/06/17 18:20:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home
\Desktop\OTL (1).exe
[2013/06/17 18:20:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\
home\Desktop\JRT.exe
[2013/06/17 18:19:43 | 000,648,201 | ---- | M] () -- C:\Users\home\Desktop\adwcl
eaner.exe
[2013/06/17 18:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskMachineUA.job
[2013/06/17 18:02:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskUserS-1-5-21-1562267865-4161668422-2753101830-1000UA.job
[2013/06/17 12:02:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
teTaskUserS-1-5-21-1562267865-4161668422-2753101830-1000Core.job
[2013/06/16 14:49:02 | 000,005,972 | ---- | M] () -- C:\Users\home\AppData\Local
\d3d9caps.dat
[2013/06/16 13:49:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\driver
s\etc\hosts

[2013/06/15 22:26:29 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Us


ers\home\Desktop\iExplore.exe
[2013/06/15 22:26:17 | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Us
ers\home\Desktop\rkill.exe
[2013/06/15 22:22:30 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\home\Desk
top\ComboFix.exe
[2013/06/15 17:41:47 | 000,417,563 | ---- | M] () -- C:\Windows\SysNative\driver
s\vsconfig.xml
[2013/06/15 17:39:48 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Zon
eAlarm Security.lnk
[2013/06/15 15:22:40 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\home\Desk
top\dds.com
[2013/06/14 18:23:37 | 000,791,040 | ---- | M] () -- C:\Users\home\Desktop\Rogue
KillerX64.exe
[2013/06/14 18:19:00 | 013,169,742 | ---- | M] () -- C:\Users\home\Desktop\mbar1.06.0.1003.zip
[2013/06/14 15:21:48 | 000,054,725 | ---- | M] () -- C:\Users\home\Desktop\40188
1_369322526501674_439372319_n.jpg
[2013/06/13 22:09:36 | 000,174,050 | ---- | M] () -- C:\Users\home\Desktop\Untit
led.jpg
[2013/06/13 14:44:12 | 006,018,568 | ---- | M] (Trend Micro, Inc.
) -- C:\Users\home\Desktop\RUBottedSetup.exe
[2013/06/13 14:17:39 | 000,165,376 | ---- | M] () -- C:\Users\home\AppData\Local
\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/12 05:24:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C
:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 05:24:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C
:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/09 17:28:32 | 000,002,557 | ---- | M] () -- C:\Users\home\Desktop\HiJac
kThis.lnk
[2013/06/08 23:38:23 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Mal
warebytes Anti-Malware.lnk
[2013/06/06 15:29:14 | 000,011,377 | ---- | M] () -- C:\Users\home\gsview32.ini
[2013/06/06 14:05:48 | 000,002,041 | ---- | M] () -- C:\Users\home\Application D
ata\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/05 21:52:35 | 000,000,424 | ---- | M] () -- C:\Users\home\.octaverc
[2013/06/05 20:57:02 | 000,544,427 | ---- | M] () -- C:\Users\home\Desktop\short
-math-guide.pdf
[2013/06/05 17:08:54 | 000,000,724 | ---- | M] () -- C:\Users\home\Desktop\Domai
nMathIDE.bat - Shortcut.lnk
[2013/06/04 21:45:42 | 000,000,261 | ---- | M] () -- C:\Users\home\.octave_hist
[2013/06/04 17:29:42 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Oct
ave 3.6.4.lnk
[2013/05/26 15:50:38 | 000,756,338 | ---- | M] () -- C:\Windows\SysNative\PerfSt
ringBackup.INI
[2013/05/26 15:50:38 | 000,640,870 | ---- | M] () -- C:\Windows\SysNative\perfh0
09.dat
[2013/05/26 15:50:38 | 000,119,090 | ---- | M] () -- C:\Windows\SysNative\perfc0
09.dat
[2013/05/25 17:16:26 | 000,040,119 | ---- | M] () -- C:\Users\home\Desktop\SmT0T
Kl.jpg
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tm
p -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/06/17 18:24:00 | 000,000,329 | ---- | C] () -- C:\Windows\DeleteOnReboot.b
at
[2013/06/17 18:19:31 | 000,648,201 | ---- | C] () -- C:\Users\home\Desktop\adwcl
eaner.exe

[2013/06/16 13:31:01 | 000,256,000 | ---[2013/06/16 13:31:01 | 000,208,896 | ---[2013/06/16 13:31:01 | 000,098,816 | ---[2013/06/16 13:31:01 | 000,080,412 | ---[2013/06/16 13:31:01 | 000,068,096 | ---[2013/06/15 17:40:54 | 000,417,563 | ---s\vsconfig.xml
[2013/06/14 18:23:34 | 000,791,040 | ---KillerX64.exe
[2013/06/14 18:18:23 | 013,169,742 | ---1.06.0.1003.zip
[2013/06/14 15:21:45 | 000,054,725 | ---1_369322526501674_439372319_n.jpg
[2013/06/13 22:09:00 | 000,174,050 | ---led.jpg
[2013/06/05 20:57:00 | 000,544,427 | ----math-guide.pdf
[2013/06/05 18:43:13 | 000,000,424 | ---[2013/06/05 17:08:54 | 000,000,724 | ---nMathIDE.bat - Shortcut.lnk
[2013/06/04 17:34:00 | 000,000,261 | ---[2013/06/04 17:29:42 | 000,001,693 | ---ave 3.6.4.lnk
[2013/05/25 17:16:25 | 000,040,119 | ---Kl.jpg
[2012/12/14 03:29:11 | 000,645,632 | ---e.dll
[2012/12/14 03:29:11 | 000,240,640 | ---.dll
[2012/07/29 16:12:32 | 000,047,280 | ---\SCSK5.sys
[2012/07/29 16:12:25 | 000,000,024 | ---figEH.ini
[2012/07/29 16:08:07 | 000,024,576 | ---ll
[2011/12/30 20:57:59 | 000,175,616 | ---ll
[2011/12/30 20:57:53 | 000,079,360 | ---dll
[2011/12/28 14:35:39 | 000,234,768 | ---B.exe
[2011/12/28 14:35:32 | 000,075,136 | ---A.exe
[2011/12/10 18:26:39 | 000,000,000 | ---\{2205DC0E-1DA3-4C4A-8515-33A3AE64A23F}
[2011/12/04 15:08:09 | 000,005,255 | ---d.xbel
[2011/08/25 23:54:39 | 000,000,036 | ---epp.usagedata.recording.userId
[2011/06/30 19:37:54 | 000,098,696 | ---wdrv03.exe
[2011/06/30 19:37:54 | 000,013,704 | ---v.sys
[2011/03/29 15:33:58 | 000,000,483 | RH-[2010/09/28 00:31:33 | 000,000,867 | ---(with feedback).sps
[2010/07/14 20:54:46 | 000,009,704 | ---k.old
[2010/07/14 20:54:46 | 000,009,704 | ---k

|
|
|
|
|
|

C]
C]
C]
C]
C]
C]

()
()
()
()
()
()

-------

C:\Windows\PEV.exe
C:\Windows\MBR.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\zip.exe
C:\Windows\SysNative\driver

| C] () -- C:\Users\home\Desktop\Rogue
| C] () -- C:\Users\home\Desktop\mbar| C] () -- C:\Users\home\Desktop\40188
| C] () -- C:\Users\home\Desktop\Untit
| C] () -- C:\Users\home\Desktop\short
| C] () -- C:\Users\home\.octaverc
| C] () -- C:\Users\home\Desktop\Domai
| C] () -- C:\Users\home\.octave_hist
| C] () -- C:\Users\Public\Desktop\Oct
| C] () -- C:\Users\home\Desktop\SmT0T
| C] () -- C:\Windows\SysWow64\xvidcor
| C] () -- C:\Windows\SysWow64\xvidvfw
| C] () -- C:\Windows\SysWow64\drivers
| C] () -- C:\Windows\SysWow64\scskCon
| C] () -- C:\Windows\INIUpdateAdmin.d
| C] () -- C:\Windows\SysWow64\unrar.d
| C] () -- C:\Windows\SysWow64\ff_vfw.
| C] () -- C:\Windows\SysWow64\PnkBstr
| C] () -- C:\Windows\SysWow64\PnkBstr
| C] () -- C:\Users\home\AppData\Local
| C] () -- C:\Users\home\.recently-use
| C] () -- C:\Users\home\.org.eclipse.
| C] () -- C:\Windows\SysWow64\setuppr
| C] () -- C:\Windows\SysWow64\prwntdr
| C] () -- C:\Users\home\xw90ldy.dyc
| C] () -- C:\Users\home\sean - delay
| C] () -- C:\Users\home\opera6.adr.ba
| C] () -- C:\Users\home\opera6.adr.ba

[2010/07/14 20:54:46 | 000,009,704 | ---[2009/12/19 15:23:26 | 000,002,146 | ---[2009/12/07 15:53:29 | 000,001,064 | RH-[2009/12/07 15:53:28 | 000,000,483 | RH-[2009/06/24 22:03:19 | 000,000,204 | ---ng\wklnhst.dat
[2009/06/09 22:53:36 | 000,004,200 | ---eg
[2009/06/09 22:53:36 | 000,001,264 | ---g
[2009/06/09 22:53:36 | 000,000,579 | ---d
[2009/06/09 22:53:07 | 000,004,200 | ---kMSO.reg
[2009/06/09 22:53:07 | 000,001,264 | ---reg.reg
[2009/06/09 22:53:07 | 000,000,579 | ---all.cmd
[2009/05/26 00:54:56 | 000,000,056 | -H-[2009/05/04 01:18:04 | 000,005,972 | ---\d3d9caps.dat
[2009/03/04 22:20:39 | 000,011,377 | ---[2009/03/04 20:56:42 | 000,165,376 | ---\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

|
|
|
|
|

C]
C]
C]
C]
C]

()
()
()
()
()

------

C:\Users\home\opera6.adr
C:\Users\home\photorec.cfg
C:\Users\home\XrxWm.ini
C:\Users\home\xw90xdy.dyc
C:\Users\home\AppData\Roami

| C] () -- C:\Program Files\TweakMSO.r
| C] () -- C:\Program Files\NoRereg.re
| C] () -- C:\Program Files\install.cm
| C] () -- C:\Program Files (x86)\Twea
| C] () -- C:\Program Files (x86)\NoRe
| C] () -- C:\Program Files (x86)\inst
| C] () -- C:\ProgramData\ezsidmv.dat
| C] () -- C:\Users\home\AppData\Local
| C] () -- C:\Users\home\gsview32.ini
| C] () -- C:\Users\home\AppData\Local

[color=#E56717]========== ZeroAccess Check ==========[/color]


[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop
.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}
\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0
c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}
\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-4
09d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1
}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | --- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a30c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | --- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F
}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,39
2 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDAD6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,9
12 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1
}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024
| ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB3285FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data
@Alternate Data
Shareaza.GUID
@Alternate Data
@Alternate Data
@Alternate Data
@Alternate Data

Stream - 16 bytes -> C:\Users\home\Downloads:Shareaza.GUID


Stream - 16 bytes -> C:\Users\home\Documents\Shareaza Downloads:
Stream
Stream
Stream
Stream

< End of report >

16 bytes -> C:\Temp:Shareaza.GUID


135 bytes -> C:\ProgramData\TEMP:9E00596C
131 bytes -> C:\ProgramData\TEMP:F8D65F32
110 bytes -> C:\ProgramData\TEMP:2C595FF3

You might also like