Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Major crashes, anti-virus won't work, black screens, help! [So

Started by CoolCat , May 29 2013 04:31 AM

  • This topic is locked This topic is locked
169 replies to this topic

#31 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 June 2013 - 01:13 AM

Hi CoolCat,

Please complete the steps in the order listed.

=========================

1. Re-run AdwCleaner

Right click and select "Run as Administrator".
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
=========================

2. Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 & 8 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S2].txt
  • OTL.txt
  • What symptoms are you experiencing at the moment?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove

#32 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 02 June 2013 - 06:09 PM

# AdwCleaner v2.301 - Logfile created 06/02/2013 at 18:43:43
# Updated 16/05/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Ratopia - ARWEN
# Boot Mode : Normal
# Running from : C:\Users\Ratopia\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKU\S-1-5-21-854704829-886445271-3124620010-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Ratopia\AppData\Roaming\Mozilla\Firefox\Profiles\yas9n9so.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14292 octets] - [02/06/2013 01:30:20]
AdwCleaner[R2].txt - [1333 octets] - [02/06/2013 18:43:06]
AdwCleaner[S1].txt - [14082 octets] - [02/06/2013 01:31:27]
AdwCleaner[S2].txt - [1270 octets] - [02/06/2013 18:43:43]

########## EOF - C:\AdwCleaner[S2].txt - [1330 octets] ##########



OTL logfile created on: 6/2/2013 6:51:51 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ratopia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 58.95% Memory free
8.03 Gb Paging File | 6.18 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143.04 Gb Total Space | 69.63 Gb Free Space | 48.68% Space Free | Partition Type: NTFS
Drive D: | 139.50 Gb Total Space | 97.45 Gb Free Space | 69.85% Space Free | Partition Type: NTFS

Computer Name: ARWEN | User Name: Ratopia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ratopia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - D:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\aol\1242688622\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe (AOL LLC)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Windows\PLFSetI.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CLHNService) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\DRIVERS\revoflt.sys (VS Revo Group)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (TcUsb) -- C:\Windows\SysNative\Drivers\tcusb.sys (UPEK Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\DRIVERS\wanatw64.sys (America Online, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS328US328
IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {23cd218f-af09-443f-bbb1-adb89fd5986d}:4.6.0.1
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.105
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Ratopia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/11 18:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/29 04:34:58 | 000,000,000 | ---D | M]

[2013/05/29 07:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Extensions
[2013/05/18 15:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions
[2010/08/09 22:49:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/06 05:43:11 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/03/24 02:09:34 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions\plugin2@gameplaylabs.com
[2013/05/18 15:42:29 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Ratopia\AppData\Roaming\mozilla\firefox\profiles\yas9n9so.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/05 07:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 07:10:55 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/11 18:43:47 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/11/22 18:04:00 | 000,865,632 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npzzatif.dll
[2012/11/06 02:45:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/06 02:45:41 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: AlternaTIFF (QuickTime compatible) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzzatif.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Ratopia\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ratopia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: AdBlock = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: RealDownloader = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/31 20:20:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1242688622\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcp...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{405C5A07-D13D-4CBB-8F90-C179872E14CA}: DhcpNameServer = 97.64.183.164 97.64.209.37
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Ratopia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Ratopia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 01:37:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/02 01:37:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/02 00:31:33 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ratopia\Desktop\JRT.exe
[2013/06/01 22:36:49 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ratopia\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/01 21:17:19 | 001,804,416 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ratopia\Desktop\rkill.exe
[2013/06/01 20:33:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ratopia\Desktop\OTL.exe
[2013/05/31 23:59:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/31 23:53:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/31 23:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\AppData\Local\temp
[2013/05/31 23:37:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/31 19:50:41 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\Desktop\RK_Quarantine
[2013/05/31 19:18:44 | 005,076,038 | R--- | C] (Swearware) -- C:\Users\Ratopia\Desktop\ComboFix.exe
[2013/05/30 20:36:40 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/30 20:35:05 | 001,915,980 | ---- | C] (Farbar) -- C:\Users\Ratopia\Desktop\FRST64.exe
[2013/05/30 19:35:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ratopia\Desktop\aswMBR.exe
[2013/05/29 05:29:50 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\AppData\Local\Adobe
[2013/05/29 04:58:49 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/05/29 04:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/05/29 03:11:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/29 03:11:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/29 03:11:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/29 03:11:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/29 03:11:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/29 03:11:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/29 03:11:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/29 03:11:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/29 03:11:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/29 03:11:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/29 03:11:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/29 03:11:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/29 03:11:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/29 03:11:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/29 03:11:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/29 00:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/29 00:49:54 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/27 05:20:26 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\Desktop\Oxana
[2013/05/19 00:08:15 | 000,000,000 | R--D | C] -- C:\Users\Ratopia\Desktop\Monty
[2013/05/13 06:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware(108)
[2013/05/06 07:35:15 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\Desktop\kathy freeze
[2010/03/24 00:50:00 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Users\Ratopia\avg_free_stb_all_9_114_cnet.exe
[2009/06/27 20:26:44 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Ratopia\install_flash_player.exe
[3 C:\Users\Ratopia\Desktop\*.tmp files -> C:\Users\Ratopia\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/02 18:53:58 | 000,706,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/02 18:53:58 | 000,606,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/02 18:53:58 | 000,105,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/02 18:46:51 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/06/02 18:46:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/02 18:46:18 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/02 18:46:17 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/02 18:46:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/02 18:46:02 | 4220,379,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/02 18:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/02 18:05:02 | 000,233,600 | ---- | M] () -- C:\Users\Ratopia\Desktop\Patriot and Liberty on their tree by the river.jpg
[2013/06/02 18:00:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 00:31:34 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ratopia\Desktop\JRT.exe
[2013/06/02 00:28:44 | 000,632,031 | ---- | M] () -- C:\Users\Ratopia\Desktop\AdwCleaner.exe
[2013/06/01 22:39:14 | 000,000,976 | ---- | M] () -- C:\Users\Ratopia\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/06/01 22:36:58 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ratopia\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/01 21:17:22 | 001,804,416 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ratopia\Desktop\rkill.exe
[2013/06/01 20:33:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ratopia\Desktop\OTL.exe
[2013/06/01 05:27:11 | 000,000,041 | ---- | M] () -- C:\Users\Ratopia\AppData\Roaming\mbam.context.scan
[2013/06/01 05:19:56 | 000,285,822 | ---- | M] () -- C:\Users\Ratopia\Desktop\Stan sitting on the eggs - 05-31-2013 5.17pm.jpg
[2013/06/01 05:10:45 | 000,404,993 | ---- | M] () -- C:\Users\Ratopia\Desktop\DSC00546.JPG
[2013/05/31 22:54:49 | 000,065,618 | ---- | M] () -- C:\Users\Ratopia\Desktop\Stan for photoshop.jpg
[2013/05/31 22:46:06 | 000,205,821 | ---- | M] () -- C:\Users\Ratopia\Desktop\Stan in front, Iris taking off 05-31-2013 10.23pm.jpg
[2013/05/31 20:37:45 | 000,018,309 | ---- | M] () -- C:\Users\Ratopia\Desktop\Ceulan.jpg
[2013/05/31 20:34:01 | 000,003,534 | ---- | M] () -- C:\Users\Ratopia\Desktop\coolcat.jpg
[2013/05/31 20:20:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/31 19:18:50 | 005,076,038 | R--- | M] (Swearware) -- C:\Users\Ratopia\Desktop\ComboFix.exe
[2013/05/31 19:16:58 | 000,791,040 | ---- | M] () -- C:\Users\Ratopia\Desktop\RogueKillerX64.exe
[2013/05/31 19:05:02 | 000,791,488 | ---- | M] () -- C:\Users\Ratopia\Desktop\ZipOpenerSetup.exe
[2013/05/31 07:55:49 | 000,073,128 | ---- | M] () -- C:\Users\Ratopia\Desktop\Monty up close.jpg
[2013/05/30 20:35:08 | 001,915,980 | ---- | M] (Farbar) -- C:\Users\Ratopia\Desktop\FRST64.exe
[2013/05/30 20:32:31 | 000,000,568 | ---- | M] () -- C:\Users\Ratopia\Desktop\MBR.zip
[2013/05/30 20:30:32 | 000,000,512 | ---- | M] () -- C:\Users\Ratopia\Desktop\MBR.dat
[2013/05/30 19:37:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ratopia\Desktop\aswMBR.exe
[2013/05/30 19:23:30 | 000,041,155 | ---- | M] () -- C:\Users\Ratopia\Desktop\piret flying - Copy.jpg
[2013/05/29 07:01:21 | 000,061,461 | ---- | M] () -- C:\Users\Ratopia\Desktop\Ceulan2.jpg
[2013/05/29 05:17:45 | 000,002,563 | ---- | M] () -- C:\Users\Ratopia\Desktop\HiJackThis.lnk
[2013/05/29 03:52:42 | 000,308,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/29 02:39:40 | 000,002,053 | ---- | M] () -- C:\Users\Ratopia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 00:57:51 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/28 23:42:48 | 000,000,680 | ---- | M] () -- C:\Users\Ratopia\AppData\Local\d3d9caps.dat
[2013/05/28 22:19:14 | 000,000,170 | ---- | M] () -- C:\Users\Ratopia\Desktop\shocked.gif
[2013/05/28 18:35:23 | 000,011,483 | ---- | M] () -- C:\Users\Ratopia\Desktop\Osprey eye -.JPG
[2013/05/26 21:57:57 | 000,000,426 | ---- | M] () -- C:\Users\Ratopia\AppData\Roaming\wklnhst.dat
[2013/05/26 04:18:02 | 000,142,855 | ---- | M] () -- C:\Users\Ratopia\Desktop\Accidental 3rd osprey at Ilmar's nest 05-26-2013 9.57am.jpg
[2013/05/23 21:15:30 | 000,023,021 | ---- | M] () -- C:\Users\Ratopia\Desktop\iris and stan 3.jpg
[2013/05/22 23:47:21 | 000,205,038 | ---- | M] () -- C:\Users\Ratopia\Desktop\Redwing Blackbird on suet feeder.JPG
[2013/05/22 17:51:02 | 000,104,584 | ---- | M] () -- C:\Users\Ratopia\Desktop\baby ospprey sandford riverwalk.jpg
[2013/05/21 21:02:39 | 000,000,652 | ---- | M] () -- C:\Users\Ratopia\Desktop\heartbeating.gif
[2013/05/21 21:01:51 | 000,107,031 | ---- | M] () -- C:\Users\Ratopia\Desktop\Liberty and Patriot - sky dance.jpg
[2013/05/21 01:24:05 | 000,008,058 | ---- | M] () -- C:\Users\Ratopia\Desktop\huh-oh.JPG
[2013/05/20 13:18:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/20 13:18:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/20 09:12:44 | 000,000,369 | ---- | M] () -- C:\Users\Ratopia\Desktop\HELLGATE - Shortcut.lnk
[2013/05/20 09:10:15 | 000,000,390 | ---- | M] () -- C:\Users\Ratopia\Desktop\MADIS & ESTONIA - Shortcut.lnk
[2013/05/18 22:05:05 | 000,014,334 | ---- | M] () -- C:\Users\Ratopia\Desktop\piret avatar may19th.JPG
[3 C:\Users\Ratopia\Desktop\*.tmp files -> C:\Users\Ratopia\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/02 18:05:01 | 000,233,600 | ---- | C] () -- C:\Users\Ratopia\Desktop\Patriot and Liberty on their tree by the river.jpg
[2013/06/02 00:28:42 | 000,632,031 | ---- | C] () -- C:\Users\Ratopia\Desktop\AdwCleaner.exe
[2013/06/01 05:27:11 | 000,000,041 | ---- | C] () -- C:\Users\Ratopia\AppData\Roaming\mbam.context.scan
[2013/05/31 22:54:48 | 000,065,618 | ---- | C] () -- C:\Users\Ratopia\Desktop\Stan for photoshop.jpg
[2013/05/31 22:46:10 | 000,205,821 | ---- | C] () -- C:\Users\Ratopia\Desktop\Stan in front, Iris taking off 05-31-2013 10.23pm.jpg
[2013/05/31 20:36:21 | 000,061,461 | ---- | C] () -- C:\Users\Ratopia\Desktop\Ceulan2.jpg
[2013/05/31 20:34:00 | 000,003,534 | ---- | C] () -- C:\Users\Ratopia\Desktop\coolcat.jpg
[2013/05/31 19:16:56 | 000,791,040 | ---- | C] () -- C:\Users\Ratopia\Desktop\RogueKillerX64.exe
[2013/05/31 19:04:56 | 000,791,488 | ---- | C] () -- C:\Users\Ratopia\Desktop\ZipOpenerSetup.exe
[2013/05/31 17:18:14 | 000,285,822 | ---- | C] () -- C:\Users\Ratopia\Desktop\Stan sitting on the eggs - 05-31-2013 5.17pm.jpg
[2013/05/31 07:55:49 | 000,073,128 | ---- | C] () -- C:\Users\Ratopia\Desktop\Monty up close.jpg
[2013/05/30 20:32:31 | 000,000,568 | ---- | C] () -- C:\Users\Ratopia\Desktop\MBR.zip
[2013/05/30 20:30:32 | 000,000,512 | ---- | C] () -- C:\Users\Ratopia\Desktop\MBR.dat
[2013/05/30 19:22:46 | 000,041,155 | ---- | C] () -- C:\Users\Ratopia\Desktop\piret flying - Copy.jpg
[2013/05/29 07:01:20 | 000,018,309 | ---- | C] () -- C:\Users\Ratopia\Desktop\Ceulan.jpg
[2013/05/29 04:44:32 | 000,002,563 | ---- | C] () -- C:\Users\Ratopia\Desktop\HiJackThis.lnk
[2013/05/29 00:57:51 | 000,002,053 | ---- | C] () -- C:\Users\Ratopia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 00:57:51 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 00:05:43 | 4220,379,136 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/28 22:19:14 | 000,000,170 | ---- | C] () -- C:\Users\Ratopia\Desktop\shocked.gif
[2013/05/28 18:35:20 | 000,011,483 | ---- | C] () -- C:\Users\Ratopia\Desktop\Osprey eye -.JPG
[2013/05/26 04:17:32 | 000,142,855 | ---- | C] () -- C:\Users\Ratopia\Desktop\Accidental 3rd osprey at Ilmar's nest 05-26-2013 9.57am.jpg
[2013/05/23 21:13:52 | 000,023,021 | ---- | C] () -- C:\Users\Ratopia\Desktop\iris and stan 3.jpg
[2013/05/22 22:05:02 | 000,205,038 | ---- | C] () -- C:\Users\Ratopia\Desktop\Redwing Blackbird on suet feeder.JPG
[2013/05/22 22:04:29 | 000,404,993 | ---- | C] () -- C:\Users\Ratopia\Desktop\DSC00546.JPG
[2013/05/22 17:44:51 | 000,104,584 | ---- | C] () -- C:\Users\Ratopia\Desktop\baby ospprey sandford riverwalk.jpg
[2013/05/21 21:02:39 | 000,000,652 | ---- | C] () -- C:\Users\Ratopia\Desktop\heartbeating.gif
[2013/05/21 21:01:50 | 000,107,031 | ---- | C] () -- C:\Users\Ratopia\Desktop\Liberty and Patriot - sky dance.jpg
[2013/05/21 01:24:02 | 000,008,058 | ---- | C] () -- C:\Users\Ratopia\Desktop\huh-oh.JPG
[2013/05/20 09:12:44 | 000,000,369 | ---- | C] () -- C:\Users\Ratopia\Desktop\HELLGATE - Shortcut.lnk
[2013/05/20 09:10:15 | 000,000,390 | ---- | C] () -- C:\Users\Ratopia\Desktop\MADIS & ESTONIA - Shortcut.lnk
[2013/05/18 22:05:03 | 000,014,334 | ---- | C] () -- C:\Users\Ratopia\Desktop\piret avatar may19th.JPG
[2012/02/17 17:29:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/01/29 00:12:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/29 00:12:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/29 00:12:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/29 00:12:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/29 00:12:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/21 21:38:33 | 000,000,096 | ---- | C] () -- C:\Users\Ratopia\.asadminpass
[2011/09/24 23:52:12 | 000,937,320 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\census.cache
[2011/09/24 23:51:26 | 000,174,679 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\ars.cache
[2011/09/24 23:42:23 | 000,000,036 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\housecall.guid.cache
[2010/06/20 17:21:42 | 000,021,226 | ---- | C] () -- C:\Users\Ratopia\who's dog.jpg
[2010/06/12 04:39:35 | 000,000,680 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\d3d9caps.dat
[2010/02/13 22:15:18 | 000,062,207 | ---- | C] () -- C:\Users\Ratopia\step5.jpg
[2010/02/13 22:14:14 | 000,016,919 | ---- | C] () -- C:\Users\Ratopia\banner.jpg
[2010/02/12 16:15:53 | 000,000,732 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\d3d9caps64.dat
[2009/10/04 16:01:22 | 000,000,426 | ---- | C] () -- C:\Users\Ratopia\AppData\Roaming\wklnhst.dat
[2009/05/20 15:12:21 | 000,044,032 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >

#33 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 02 June 2013 - 06:13 PM

As far as the computer and how it's running, it seems to be ok. I am used to running at least 2 streaming cams at one time without problems so we will see how that goes, now. I used to run more than that. These are cams not owned by me, or run by me but birds that I am watching or nests, on the internet. I do have a question, though. I downloaded Realplayer at least 8 months back. Every time I was playing a video from youtube, news stations and places like vimeo, etc, there would always be a button that popped up on top of the video, saying "Download this video"? and it would run the video in Realplayer's player and save it to Realplayer's list - sort of a library if you will. I am not seeing that now. Was that something not really connected to Realplayer or is it corrupt or something else? Thank you so much! ^_^

#34 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 June 2013 - 09:06 PM

Hi CoolCat,
  • If you like we can have you "test" the computer for a few days and if all is OK, we'll clean up and send you on your way.
  • As for RealPlayer. I don't have much experience with RealPlayer, but if it's not functioning like it was before there is the possibility that the files might have become corrupt. The best way to try and fix that would be to uninstall via the Control Panel, Reboot, then download a fresh copy and re-install.
=========================

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared

:Files
C:\Program Files (x86)\AVG\AVG10

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

In your next post please provide the following:
  • OTL fix log
  • Fresh OTL scan
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#35 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 03 June 2013 - 01:07 AM

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared deleted successfully.
File C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\AVG\AVG10 not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ratopia
->Temp folder emptied: 1883768 bytes
->Temporary Internet Files folder emptied: 22493973 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 80384185 bytes
->Google Chrome cache emptied: 59669456 bytes
->Flash cache emptied: 1342 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33384 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 157.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06032013_014237

Files\Folders moved on Reboot...
C:\Users\Ratopia\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\UYVV3UVD\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\Q08R3DTL\0;us=12;eb_trk=172563;pr=22;xp=28;np=22;uz=52240;fbi=45100;sbi=2329;fbo=281;s
bo=48579;fse=281;sse=;fvi=619;svi=3858;cg=e85608331390a0aa12464526ff4989a6;[1].ht
m not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\Q08R3DTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\Q08R3DTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[2].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\1348222715660;u=i_2199270030417954266_m_208991;;dcopt=ist;tile=1;um=0;us=13
;eb_trk=208991;pr=20;xp=20;np=20;uz=;fbi=;sbi=;fbo=;sbo=;fse=;sse=;fvi=;svi=;[1].
htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[2].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[3].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[4].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\6NUHCFTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\6NUHCFTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[2].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


-----------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 6/3/2013 1:51:08 AM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ratopia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 64.62% Memory free
8.03 Gb Paging File | 6.44 Gb Available in Paging File | 80.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143.04 Gb Total Space | 69.75 Gb Free Space | 48.76% Space Free | Partition Type: NTFS
Drive D: | 139.50 Gb Total Space | 97.41 Gb Free Space | 69.82% Space Free | Partition Type: NTFS

Computer Name: ARWEN | User Name: Ratopia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ratopia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - D:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - D:\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\aol\1242688622\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe (AOL LLC)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Windows\PLFSetI.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (CLHNService) -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe ()
SRV - (AOL ACS) -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe (AOL LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\DRIVERS\revoflt.sys (VS Revo Group)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (RTSTOR) -- C:\Windows\SysNative\drivers\RTSTOR64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys (Egis Incorporated)
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys (Egis Incorporated)
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (TcUsb) -- C:\Windows\SysNative\Drivers\tcusb.sys (UPEK Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\DRIVERS\winbondcir.sys (Winbond Electronics Corporation)
DRV:64bit: - (wanatw) -- C:\Windows\SysNative\DRIVERS\wanatw64.sys (America Online, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...mp;sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS328US328
IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: {23cd218f-af09-443f-bbb1-adb89fd5986d}:4.6.0.1
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.105
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Ratopia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/11 18:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/11 18:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 07:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/29 04:34:58 | 000,000,000 | ---D | M]

[2013/05/29 07:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Extensions
[2013/05/18 15:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions
[2010/08/09 22:49:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/06 05:43:11 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/03/24 02:09:34 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Users\Ratopia\AppData\Roaming\mozilla\Firefox\Profiles\yas9n9so.default\extensions\plugin2@gameplaylabs.com
[2013/05/18 15:42:29 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Ratopia\AppData\Roaming\mozilla\firefox\profiles\yas9n9so.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/05 07:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 07:10:55 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/11 18:43:47 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/11/22 18:04:00 | 000,865,632 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npzzatif.dll
[2012/11/06 02:45:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/06 02:45:41 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{g
oogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: AlternaTIFF (QuickTime compatible) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npzzatif.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Ratopia\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ratopia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Ratchet & Clank Future 2 = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0\
CHR - Extension: AdBlock = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: RealDownloader = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Gmail = C:\Users\Ratopia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/31 20:20:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1242688622\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcp...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} http://www.photodex.com/pxplay.cab (Photodex Presenter AX control)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.183.164 97.64.209.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{405C5A07-D13D-4CBB-8F90-C179872E14CA}: DhcpNameServer = 97.64.183.164 97.64.209.37
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Ratopia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Ratopia\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 01:37:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/02 01:37:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/02 00:31:33 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Ratopia\Desktop\JRT.exe
[2013/06/01 22:36:49 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ratopia\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/01 21:17:19 | 001,804,416 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Ratopia\Desktop\rkill.exe
[2013/06/01 20:33:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ratopia\Desktop\OTL.exe
[2013/05/31 23:59:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/31 23:53:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/31 23:53:55 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\AppData\Local\temp
[2013/05/31 23:37:45 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/05/31 19:50:41 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\Desktop\RK_Quarantine
[2013/05/31 19:18:44 | 005,076,038 | R--- | C] (Swearware) -- C:\Users\Ratopia\Desktop\ComboFix.exe
[2013/05/30 20:36:40 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/30 20:35:05 | 001,915,980 | ---- | C] (Farbar) -- C:\Users\Ratopia\Desktop\FRST64.exe
[2013/05/30 19:35:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ratopia\Desktop\aswMBR.exe
[2013/05/29 05:29:50 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\AppData\Local\Adobe
[2013/05/29 04:58:49 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/05/29 04:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013/05/29 03:11:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/29 03:11:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/29 03:11:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/29 03:11:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/29 03:11:06 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/29 03:11:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/29 03:11:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/29 03:11:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/29 03:11:03 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/29 03:11:03 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/29 03:11:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/29 03:11:02 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/29 03:11:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/29 03:11:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/29 03:11:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/29 00:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/29 00:49:54 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/27 05:20:26 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\Desktop\Oxana
[2013/05/19 00:08:15 | 000,000,000 | R--D | C] -- C:\Users\Ratopia\Desktop\Monty
[2013/05/13 06:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware(108)
[2013/05/06 07:35:15 | 000,000,000 | ---D | C] -- C:\Users\Ratopia\Desktop\kathy freeze
[2010/03/24 00:50:00 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Users\Ratopia\avg_free_stb_all_9_114_cnet.exe
[2009/06/27 20:26:44 | 001,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Ratopia\install_flash_player.exe
[3 C:\Users\Ratopia\Desktop\*.tmp files -> C:\Users\Ratopia\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/03 01:54:57 | 000,706,816 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/03 01:54:57 | 000,606,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/03 01:54:57 | 000,105,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/03 01:48:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/03 01:47:45 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/06/03 01:47:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 01:47:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/03 01:47:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/03 01:47:05 | 4220,379,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/03 01:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/03 01:00:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/02 18:05:02 | 000,233,600 | ---- | M] () -- C:\Users\Ratopia\Desktop\Patriot and Liberty on their tree by the river.jpg
[2013/06/02 00:31:34 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Ratopia\Desktop\JRT.exe
[2013/06/02 00:28:44 | 000,632,031 | ---- | M] () -- C:\Users\Ratopia\Desktop\AdwCleaner.exe
[2013/06/01 22:39:14 | 000,000,976 | ---- | M] () -- C:\Users\Ratopia\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/06/01 22:36:58 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ratopia\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/01 21:17:22 | 001,804,416 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Ratopia\Desktop\rkill.exe
[2013/06/01 20:33:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ratopia\Desktop\OTL.exe
[2013/06/01 05:27:11 | 000,000,041 | ---- | M] () -- C:\Users\Ratopia\AppData\Roaming\mbam.context.scan
[2013/06/01 05:19:56 | 000,285,822 | ---- | M] () -- C:\Users\Ratopia\Desktop\Stan sitting on the eggs - 05-31-2013 5.17pm.jpg
[2013/06/01 05:10:45 | 000,404,993 | ---- | M] () -- C:\Users\Ratopia\Desktop\DSC00546.JPG
[2013/05/31 22:54:49 | 000,065,618 | ---- | M] () -- C:\Users\Ratopia\Desktop\Stan for photoshop.jpg
[2013/05/31 22:46:06 | 000,205,821 | ---- | M] () -- C:\Users\Ratopia\Desktop\Stan in front, Iris taking off 05-31-2013 10.23pm.jpg
[2013/05/31 20:37:45 | 000,018,309 | ---- | M] () -- C:\Users\Ratopia\Desktop\Ceulan.jpg
[2013/05/31 20:34:01 | 000,003,534 | ---- | M] () -- C:\Users\Ratopia\Desktop\coolcat.jpg
[2013/05/31 20:20:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/31 19:18:50 | 005,076,038 | R--- | M] (Swearware) -- C:\Users\Ratopia\Desktop\ComboFix.exe
[2013/05/31 19:16:58 | 000,791,040 | ---- | M] () -- C:\Users\Ratopia\Desktop\RogueKillerX64.exe
[2013/05/31 19:05:02 | 000,791,488 | ---- | M] () -- C:\Users\Ratopia\Desktop\ZipOpenerSetup.exe
[2013/05/31 07:55:49 | 000,073,128 | ---- | M] () -- C:\Users\Ratopia\Desktop\Monty up close.jpg
[2013/05/30 20:35:08 | 001,915,980 | ---- | M] (Farbar) -- C:\Users\Ratopia\Desktop\FRST64.exe
[2013/05/30 20:32:31 | 000,000,568 | ---- | M] () -- C:\Users\Ratopia\Desktop\MBR.zip
[2013/05/30 20:30:32 | 000,000,512 | ---- | M] () -- C:\Users\Ratopia\Desktop\MBR.dat
[2013/05/30 19:37:14 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ratopia\Desktop\aswMBR.exe
[2013/05/30 19:23:30 | 000,041,155 | ---- | M] () -- C:\Users\Ratopia\Desktop\piret flying - Copy.jpg
[2013/05/29 07:01:21 | 000,061,461 | ---- | M] () -- C:\Users\Ratopia\Desktop\Ceulan2.jpg
[2013/05/29 05:17:45 | 000,002,563 | ---- | M] () -- C:\Users\Ratopia\Desktop\HiJackThis.lnk
[2013/05/29 03:52:42 | 000,308,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/29 02:39:40 | 000,002,053 | ---- | M] () -- C:\Users\Ratopia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 00:57:51 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/28 23:42:48 | 000,000,680 | ---- | M] () -- C:\Users\Ratopia\AppData\Local\d3d9caps.dat
[2013/05/28 22:19:14 | 000,000,170 | ---- | M] () -- C:\Users\Ratopia\Desktop\shocked.gif
[2013/05/28 18:35:23 | 000,011,483 | ---- | M] () -- C:\Users\Ratopia\Desktop\Osprey eye -.JPG
[2013/05/26 21:57:57 | 000,000,426 | ---- | M] () -- C:\Users\Ratopia\AppData\Roaming\wklnhst.dat
[2013/05/26 04:18:02 | 000,142,855 | ---- | M] () -- C:\Users\Ratopia\Desktop\Accidental 3rd osprey at Ilmar's nest 05-26-2013 9.57am.jpg
[2013/05/23 21:15:30 | 000,023,021 | ---- | M] () -- C:\Users\Ratopia\Desktop\iris and stan 3.jpg
[2013/05/22 23:47:21 | 000,205,038 | ---- | M] () -- C:\Users\Ratopia\Desktop\Redwing Blackbird on suet feeder.JPG
[2013/05/22 17:51:02 | 000,104,584 | ---- | M] () -- C:\Users\Ratopia\Desktop\baby ospprey sandford riverwalk.jpg
[2013/05/21 21:02:39 | 000,000,652 | ---- | M] () -- C:\Users\Ratopia\Desktop\heartbeating.gif
[2013/05/21 21:01:51 | 000,107,031 | ---- | M] () -- C:\Users\Ratopia\Desktop\Liberty and Patriot - sky dance.jpg
[2013/05/21 01:24:05 | 000,008,058 | ---- | M] () -- C:\Users\Ratopia\Desktop\huh-oh.JPG
[2013/05/20 13:18:41 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/20 13:18:41 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/20 09:12:44 | 000,000,369 | ---- | M] () -- C:\Users\Ratopia\Desktop\HELLGATE - Shortcut.lnk
[2013/05/20 09:10:15 | 000,000,390 | ---- | M] () -- C:\Users\Ratopia\Desktop\MADIS & ESTONIA - Shortcut.lnk
[2013/05/18 22:05:05 | 000,014,334 | ---- | M] () -- C:\Users\Ratopia\Desktop\piret avatar may19th.JPG
[3 C:\Users\Ratopia\Desktop\*.tmp files -> C:\Users\Ratopia\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/02 18:05:01 | 000,233,600 | ---- | C] () -- C:\Users\Ratopia\Desktop\Patriot and Liberty on their tree by the river.jpg
[2013/06/02 00:28:42 | 000,632,031 | ---- | C] () -- C:\Users\Ratopia\Desktop\AdwCleaner.exe
[2013/06/01 05:27:11 | 000,000,041 | ---- | C] () -- C:\Users\Ratopia\AppData\Roaming\mbam.context.scan
[2013/05/31 22:54:48 | 000,065,618 | ---- | C] () -- C:\Users\Ratopia\Desktop\Stan for photoshop.jpg
[2013/05/31 22:46:10 | 000,205,821 | ---- | C] () -- C:\Users\Ratopia\Desktop\Stan in front, Iris taking off 05-31-2013 10.23pm.jpg
[2013/05/31 20:36:21 | 000,061,461 | ---- | C] () -- C:\Users\Ratopia\Desktop\Ceulan2.jpg
[2013/05/31 20:34:00 | 000,003,534 | ---- | C] () -- C:\Users\Ratopia\Desktop\coolcat.jpg
[2013/05/31 19:16:56 | 000,791,040 | ---- | C] () -- C:\Users\Ratopia\Desktop\RogueKillerX64.exe
[2013/05/31 19:04:56 | 000,791,488 | ---- | C] () -- C:\Users\Ratopia\Desktop\ZipOpenerSetup.exe
[2013/05/31 17:18:14 | 000,285,822 | ---- | C] () -- C:\Users\Ratopia\Desktop\Stan sitting on the eggs - 05-31-2013 5.17pm.jpg
[2013/05/31 07:55:49 | 000,073,128 | ---- | C] () -- C:\Users\Ratopia\Desktop\Monty up close.jpg
[2013/05/30 20:32:31 | 000,000,568 | ---- | C] () -- C:\Users\Ratopia\Desktop\MBR.zip
[2013/05/30 20:30:32 | 000,000,512 | ---- | C] () -- C:\Users\Ratopia\Desktop\MBR.dat
[2013/05/30 19:22:46 | 000,041,155 | ---- | C] () -- C:\Users\Ratopia\Desktop\piret flying - Copy.jpg
[2013/05/29 07:01:20 | 000,018,309 | ---- | C] () -- C:\Users\Ratopia\Desktop\Ceulan.jpg
[2013/05/29 04:44:32 | 000,002,563 | ---- | C] () -- C:\Users\Ratopia\Desktop\HiJackThis.lnk
[2013/05/29 00:57:51 | 000,002,053 | ---- | C] () -- C:\Users\Ratopia\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/29 00:57:51 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/29 00:05:43 | 4220,379,136 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/28 22:19:14 | 000,000,170 | ---- | C] () -- C:\Users\Ratopia\Desktop\shocked.gif
[2013/05/28 18:35:20 | 000,011,483 | ---- | C] () -- C:\Users\Ratopia\Desktop\Osprey eye -.JPG
[2013/05/26 04:17:32 | 000,142,855 | ---- | C] () -- C:\Users\Ratopia\Desktop\Accidental 3rd osprey at Ilmar's nest 05-26-2013 9.57am.jpg
[2013/05/23 21:13:52 | 000,023,021 | ---- | C] () -- C:\Users\Ratopia\Desktop\iris and stan 3.jpg
[2013/05/22 22:05:02 | 000,205,038 | ---- | C] () -- C:\Users\Ratopia\Desktop\Redwing Blackbird on suet feeder.JPG
[2013/05/22 22:04:29 | 000,404,993 | ---- | C] () -- C:\Users\Ratopia\Desktop\DSC00546.JPG
[2013/05/22 17:44:51 | 000,104,584 | ---- | C] () -- C:\Users\Ratopia\Desktop\baby ospprey sandford riverwalk.jpg
[2013/05/21 21:02:39 | 000,000,652 | ---- | C] () -- C:\Users\Ratopia\Desktop\heartbeating.gif
[2013/05/21 21:01:50 | 000,107,031 | ---- | C] () -- C:\Users\Ratopia\Desktop\Liberty and Patriot - sky dance.jpg
[2013/05/21 01:24:02 | 000,008,058 | ---- | C] () -- C:\Users\Ratopia\Desktop\huh-oh.JPG
[2013/05/20 09:12:44 | 000,000,369 | ---- | C] () -- C:\Users\Ratopia\Desktop\HELLGATE - Shortcut.lnk
[2013/05/20 09:10:15 | 000,000,390 | ---- | C] () -- C:\Users\Ratopia\Desktop\MADIS & ESTONIA - Shortcut.lnk
[2013/05/18 22:05:03 | 000,014,334 | ---- | C] () -- C:\Users\Ratopia\Desktop\piret avatar may19th.JPG
[2012/02/17 17:29:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/01/29 00:12:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/29 00:12:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/29 00:12:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/29 00:12:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/29 00:12:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/21 21:38:33 | 000,000,096 | ---- | C] () -- C:\Users\Ratopia\.asadminpass
[2011/09/24 23:52:12 | 000,937,320 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\census.cache
[2011/09/24 23:51:26 | 000,174,679 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\ars.cache
[2011/09/24 23:42:23 | 000,000,036 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\housecall.guid.cache
[2010/06/20 17:21:42 | 000,021,226 | ---- | C] () -- C:\Users\Ratopia\who's dog.jpg
[2010/06/12 04:39:35 | 000,000,680 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\d3d9caps.dat
[2010/02/13 22:15:18 | 000,062,207 | ---- | C] () -- C:\Users\Ratopia\step5.jpg
[2010/02/13 22:14:14 | 000,016,919 | ---- | C] () -- C:\Users\Ratopia\banner.jpg
[2010/02/12 16:15:53 | 000,000,732 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\d3d9caps64.dat
[2009/10/04 16:01:22 | 000,000,426 | ---- | C] () -- C:\Users\Ratopia\AppData\Roaming\wklnhst.dat
[2009/05/20 15:12:21 | 000,044,032 | ---- | C] () -- C:\Users\Ratopia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >

#36 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 03 June 2013 - 01:08 AM

I don't understand why eBAy saved searches are mentioned in the fix file. :scratch:

#37 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 June 2013 - 09:15 AM

Hi CoolCat,

I don't understand why eBAy saved searches are mentioned in the fix file

I don't understand what you are referring to. Can you copy and paste the line you are referring to?

=========================

1. Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
  • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

2. ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • MBAM log
  • ESET's log.txt
  • How's the computer running?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#38 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 03 June 2013 - 04:38 PM

Hi CoolCat,

I don't understand why eBAy saved searches are mentioned in the fix file

I don't understand what you are referring to. Can you copy and paste the line you are referring to?

Yes, these, minus the first one - C:\Users\Ratopia\AppData\Local\Temp\RtkBtMnt.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06032013_014237

Files\Folders moved on Reboot...
C:\Users\Ratopia\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\UYVV3UVD\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\Q08R3DTL\0;us=12;eb_trk=172563;pr=22;xp=28;np=22;uz=52240;fbi=45100;sbi=2329;fbo=281;s
bo=48579;fse=281;sse=;fvi=619;svi=3858;cg=e85608331390a0aa12464526ff4989a6;[1].h
t
m not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\Q08R3DTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\Q08R3DTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[2].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\1348222715660;u=i_2199270030417954266_m_208991;;dcopt=ist;tile=1;um=0;us=13
;eb_trk=208991;pr=20;xp=20;np=20;uz=;fbi=;sbi=;fbo=;sbo=;fse=;sse=;fvi=;svi=;[1]
.
htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[2].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[3].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\LYJ1YLU7\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[4].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\6NUHCFTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[1].htm not found!
File\Folder C:\Users\Ratopia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(122)\Content.IE5\6NUHCFTL\ix,+bottle)+glitter+bracelet+-(REDFOX,+Christmas,+Xmas,+Yurman,+strand,+voile,+taxco,+jasper,+boro,+tanzania,+
molly+owl+-(American,marc,country,ashton,;[2].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#39 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 June 2013 - 08:15 PM

Hi CoolCat,

The OTL script I had you run targeted items in the "Temp" folder. Those eBay searches must have been stored in the temp folder at one time.

Please post the MBAM and ESET logs when they are available.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#40 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 03 June 2013 - 08:49 PM

Oh boy, nothing on mbam but yea on ESET. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.03.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Ratopia :: ARWEN [administrator] 6/3/2013 5:45:14 PM mbam-log-2013-06-03 (17-45-14).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 459566 Time elapsed: 1 hour(s), 38 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------------------------------- C:\Program Files (x86)\Windows Savevid MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll Win32/Toolbar.SearchSuite application C:\Users\Ratopia\Desktop\ZipOpenerSetup.exe Win32/InstallCore.BN.Gen application C:\_OTL\MovedFiles\04092012_065303\C_Program Files (x86)\WINDOWS SAVEVID TOOLBAR\DATAMNGR\datamngr.dll Win32/Toolbar.SearchSuite application C:\_OTL\MovedFiles\04092012_065303\C_Program Files (x86)\WINDOWS SAVEVID TOOLBAR\DATAMNGR\IEBHO.dll Win32/Toolbar.SearchSuite application

    Advertisements

Register to Remove

#41 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 June 2013 - 08:54 PM

Hi CoolCat,

2 of the files are in a quarantine folder, so we only have to get 2 of those. :thumbup:

=========================

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
C:\Program Files (x86)\Windows Savevid MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
C:\Users\Ratopia\Desktop\ZipOpenerSetup.exe

:Commands
[purity]
[createrestorepoint]
[emptyjav]
[emptyflash]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

In your next post please provide the following:
  • OTL.txt
  • Any remaining issues?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#42 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 04 June 2013 - 12:39 AM

The computer seems to be running slow but that may be a connection problem, rather than the computer. At least no more crashes!!! All processes killed Error: Unable to interpret <CODE> in the current context! ========== FILES ========== C:\Program Files (x86)\Windows Savevid MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll moved successfully. C:\Users\Ratopia\Desktop\ZipOpenerSetup.exe moved successfully. ========== COMMANDS ========== Restore point Set: OTL Restore Point Error: Unable to interpret <[emptyjav]> in the current context! [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Ratopia ->Flash cache emptied: 521 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Ratopia ->Temp folder emptied: 418329 bytes ->Temporary Internet Files folder emptied: 702803 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 2234531 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 33384 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 1904 bytes Total Files Cleaned = 3.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06042013_011906 Files\Folders moved on Reboot... C:\Users\Ratopia\AppData\Local\Temp\RtkBtMnt.exe moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...

#43 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 June 2013 - 09:05 AM

Hi CoolCat,

Your log appears to be clean. :thumbup:

We have a few items to take care of before we get to the All Clean Speech.

=========================

1. Uninstall Combofix

The following will implement important cleanup procedures as well as reset System Restore points:

Click on the Start button Posted Image and then in the Search field enter combofix /uninstall, as shown in the image below with the blue arrow.
Please note that there is a space between combofix and /uninstall.

Posted Image

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

=========================

2. Clean up with OTL:
  • Right-click OTL.exe select "Run as Administrator" to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
=========================

3. You can now delete any tools and/or logs remaining on your desktop.

=========================

4. Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Adobe Reader X (10.1.7) (Version: 10.1.7)
  • Java™ 6 Update 30 (64-bit) (Version: 6.0.300)
  • Java™ 6 Update 31 (Version: 6.0.310)
  • Java 7 Update 17 (Version: 7.0.170)
=========================

5. Adobe Reader:

Go to http://get.adobe.com.../otherversions/
  • Use the drop down menu's to select your operating system
  • Select your language > Select The current version of Adobe Reader for your language
  • Remove the check mark from the box "Free! McAfee Security Scan Plus"
  • Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

6. Update Java
  • Get the current version of Java (Version 7 Update 21) by going to http://java.com/en/d...d/installed.jsp
  • Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
=========================

7. Disable Java in Web Browsers

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsuppo...ers-683721.html

  • Click on the Start button and then click on the Control Panel option.
  • In the Control Panel Search enter Java Control Panel.
  • Click on the Java icon to open the Java Control Panel.
Posted Image

Disable Java through the Java Control Panel

  • In the Java Control Panel, click on the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
  • Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
  • Click OK in the Java Plug-in confirmation window.
  • Restart the browser for changes to take effect.
Posted Image

=========================

With the above items taken care of let's move on to the All Clean part of the process.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.
Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#44 CoolCat

CoolCat

    Silver Member

  • Authentic Member
  • PipPipPip
  • 498 posts

Posted 04 June 2013 - 08:44 PM

This is a lot to do. I have a question before I begin. I play Mafia Wars on Facebook and I watch and record streaming raptor cams. Is the disabling of java on websites going to affect this in any way? Thanks for all you have done so far!!

#45 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 June 2013 - 09:03 PM

Hi CoolCat,

Yes there are quite a few steps to complete. The steps in the top section are clean-up and recommended steps. The bottom portion is just basic prevention steps that are optional.

I play Mafia Wars on Facebook and I watch and record streaming raptor cams. Is the disabling of java on websites going to affect this in any way?

I can't say for sure how it will effect each of those, but if making that change has an adverse effect, then just change the setting back. It's just a vulnerability we feel compelled to pass along.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·