Hello.
A month or two ago, my computer picked up some kind of spyware/malware and caused all kinds of problems at the time. I used Malwarebytes and Avira to get rid of the most serious problems, but Internet Explorer has not worked since then. I have been using Mozilla Firefox as my browser. Every once in a while, I will notice some minor problems with my computer so I have to believe that my computer is still being affected by the remnants of whatever malware got into my system. I would really like to get IE back as well. It will not load the homepage or any page.
Thanks
Here is the OTL scan.
OTL logfile created on: 2/3/2014 1:10:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ken\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
15.98 Gb Total Physical Memory | 13.27 Gb Available Physical Memory | 83.08% Memory free
31.95 Gb Paging File | 28.62 Gb Available in Paging File | 89.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 30.03 Gb Free Space | 25.18% Space Free | Partition Type: NTFS
Drive L: | 931.51 Gb Total Space | 860.47 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Computer Name: KEN-PC | User Name: Ken | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/02/03 13:10:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
PRC - [2014/01/28 18:59:18 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
PRC - [2014/01/02 18:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 21:21:56 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/21 21:21:19 | 001,032,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2013/12/21 21:21:13 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/11/26 13:16:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/09/20 14:12:52 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
PRC - [2013/09/20 14:12:52 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
PRC - [2013/09/20 14:12:52 | 000,103,936 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
PRC - [2013/02/01 12:22:34 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/03 09:37:40 | 000,041,984 | ---- | M] () -- c:\Users\Ken\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_od2kh.dll
MOD - [2014/01/28 18:59:18 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
MOD - [2013/12/17 20:25:54 | 003,610,624 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 17:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/20 13:50:06 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
MOD - [2013/09/17 04:54:38 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
MOD - [2013/02/01 12:22:37 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014/01/28 18:59:18 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 21:21:56 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/21 21:21:22 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/26 13:16:36 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/20 19:03:26 | 000,807,800 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/10/23 03:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/12/21 21:22:02 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/12/21 21:22:02 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/11/26 13:17:21 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/01/06 17:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {16237AD1-B295-45C7-9F39-951CA524F33B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 8C 7D C6 98 0B CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {B9C767DD-F66A-40B4-8F12-4199A9A4393C} - SOFTWARE\Classes\CLSID\{B9C767DD-F66A-40B4-8F12-4199A9A4393C}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {032BA77B-A9AA-4A05-99D5-AAEA58862784}
IE - HKCU\..\SearchScopes\{032BA77B-A9AA-4A05-99D5-AAEA58862784}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{16237AD1-B295-45C7-9F39-951CA524F33B}: "URL" = http://search.condui...2211197136&UM=2
IE - HKCU\..\SearchScopes\{5DC88221-4520-4FAE-BEFB-FDFA91B1F715}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3287811.browser.search.defaultthis.engineName: "true"
FF - prefs.js..CT3298566.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V30 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...s}&sspv=TB_CNI"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://search.yahoo....type=219247&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linksicle@linksicle.com: C:\Program Files (x86)\Mozilla Firefox\extensions\linksicle@linksicle.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/07 17:14:54 | 000,000,000 | ---D | M]
[2013/02/15 10:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Extensions
[2014/02/02 09:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions
[2013/12/05 21:47:33 | 000,000,000 | ---D | M] (MixiDJ V30) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
[2013/11/12 14:34:26 | 000,000,000 | ---D | M] (VisualBee V.12) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\{53c4024f-5a2e-4f2a-b33e-e8784d730938}
[2014/01/14 15:17:04 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\emily@wilford.biz
[2014/01/10 13:49:06 | 000,007,494 | ---- | M] () (No name found) -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\extensions\firefox@albrechto.co.xpi
[2013/12/05 21:47:33 | 000,001,029 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\conduit.xml
[2013/10/02 12:51:39 | 000,000,905 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\1bhvuexe.default\searchplugins\yahoo_ff.xml
[2013/12/05 20:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/01/14 15:24:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/02/01 12:22:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 12:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/07/04 18:43:58 | 000,003,724 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/19 22:02:32 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - homepage: http://search.condui...2972165128&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\plugins/np-cwmp.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.22.5.10_0\search/plugins/npConduitNewTabPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Ken\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: tossc (Enabled) = C:\Program Files (x86)\thinkTDA\nptossc.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Users\Ken\AppData\Local\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Readium = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\0.9.1_0\
CHR - Extension: Google Wallet = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Ken\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/07/04 14:39:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - Startup: C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ken\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...br/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB913DE5-D8A3-4649-9A8B-07C3D329ED61}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/06 18:36:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/03 13:10:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/02/02 09:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/01 23:42:27 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Apps
[2014/02/01 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Adobe_Systems_Incorporate
[2014/02/01 12:57:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Media Player Classic
[2014/01/31 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Ken\KooBits4
[2014/01/31 14:22:39 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\koobits.koobits4.com
[2014/01/31 14:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/01/31 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Sony Corporation
[2014/01/31 13:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2014/01/31 13:53:48 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\kinoma
[2014/01/31 13:53:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\Sony Corporation
[2014/01/26 20:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/25 23:52:57 | 000,000,000 | R--D | C] -- C:\Users\Ken\Dropbox
[2014/01/25 23:52:21 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\DropboxMaster
[2014/01/25 23:52:13 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/01/25 23:52:01 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Dropbox
[2014/01/25 23:51:35 | 037,660,568 | ---- | C] (Dropbox, Inc.) -- C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
[2014/01/15 11:06:15 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/15 11:06:15 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 11:06:15 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/14 20:46:11 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Amazon
[2014/01/14 20:46:10 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Local\webkit
[2014/01/14 20:44:36 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI
[2014/01/14 20:40:59 | 000,000,000 | ---D | C] -- C:\Users\Ken\.kindle
[2014/01/14 20:40:26 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2014/01/14 20:40:07 | 000,000,000 | ---D | C] -- C:\Users\Ken\Desktop\Kindle Previewer
[2014/01/14 15:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/01/14 15:22:16 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\calibre
[2014/01/14 15:17:03 | 000,000,000 | ---D | C] -- C:\Users\Ken\AppData\Roaming\MyWordTool
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/02/03 13:10:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ken\Desktop\OTL.exe
[2014/02/03 12:54:08 | 000,000,095 | -H-- | M] () -- C:\Users\Ken\Desktop\.~lock.AutotraderNinja.odt#
[2014/02/03 12:41:13 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/03 12:41:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/03 12:41:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/03 09:44:52 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 09:44:52 | 000,022,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 09:42:07 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/03 09:42:07 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/03 09:42:07 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/03 09:37:40 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/03 09:37:36 | 4276,785,150 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/03 01:21:59 | 000,020,461 | ---- | M] () -- C:\Users\Ken\Desktop\AutotraderNinja.odt
[2014/02/02 21:46:59 | 002,077,911 | ---- | M] () -- C:\Users\Ken\Desktop\Ken Bragg Timesheet.jpg
[2014/02/02 12:42:58 | 000,002,293 | ---- | M] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 08:42:56 | 000,310,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/02 00:03:48 | 000,000,017 | ---- | M] () -- C:\Users\Ken\AppData\Local\resmon.resmoncfg
[2014/01/28 18:59:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/28 18:59:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/25 23:52:57 | 000,001,009 | ---- | M] () -- C:\Users\Ken\Desktop\Dropbox.lnk
[2014/01/25 23:52:23 | 000,001,019 | ---- | M] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/25 23:51:46 | 037,660,568 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ken\Desktop\Dropbox 2.6.2.exe
[2014/01/22 00:43:01 | 000,022,741 | ---- | M] () -- C:\Users\Ken\Documents\Dr. Gumm.odt
[2014/01/14 20:44:04 | 009,275,071 | ---- | M] () -- C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
[2014/01/14 20:36:02 | 000,126,629 | ---- | M] () -- C:\Users\Ken\Desktop\Instructions.pdf
[2014/01/09 14:14:29 | 004,034,443 | ---- | M] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
[2014/01/09 14:14:29 | 004,034,443 | ---- | M] () -- C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
[2014/01/09 14:12:23 | 012,004,110 | ---- | M] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/02/03 12:54:08 | 000,000,095 | -H-- | C] () -- C:\Users\Ken\Desktop\.~lock.AutotraderNinja.odt#
[2014/02/02 21:56:18 | 000,020,461 | ---- | C] () -- C:\Users\Ken\Desktop\AutotraderNinja.odt
[2014/02/02 09:31:35 | 000,002,293 | ---- | C] () -- C:\Users\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/02 09:31:12 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 09:31:12 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/02 08:58:49 | 009,275,071 | ---- | C] () -- C:\Users\Ken\Desktop\No-1-Market-Top-Secret-10012014-MOBI.zip
[2014/02/02 00:03:48 | 000,000,017 | ---- | C] () -- C:\Users\Ken\AppData\Local\resmon.resmoncfg
[2014/01/25 23:58:06 | 012,004,110 | ---- | C] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.mobi
[2014/01/25 23:57:52 | 004,034,443 | ---- | C] () -- C:\Users\Ken\Desktop\EpubNo 1 Market Top Secret 10012014.epub
[2014/01/25 23:53:09 | 004,034,443 | ---- | C] () -- C:\Users\Ken\Desktop\No 1 Market Top Secret 10012014.epub
[2014/01/25 23:52:57 | 000,001,009 | ---- | C] () -- C:\Users\Ken\Desktop\Dropbox.lnk
[2014/01/25 23:52:23 | 000,001,019 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/22 00:42:59 | 000,022,741 | ---- | C] () -- C:\Users\Ken\Documents\Dr. Gumm.odt
[2014/01/14 20:36:01 | 000,126,629 | ---- | C] () -- C:\Users\Ken\Desktop\Instructions.pdf
[2014/01/02 00:44:15 | 000,000,115 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/12/17 23:30:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2013/06/29 12:27:01 | 000,000,113 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/04/25 08:55:41 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/23 15:20:38 | 000,000,320 | ---- | C] () -- C:\Users\Ken\AppData\Roaming\SEC508942.trad
[2013/04/23 15:20:33 | 000,000,043 | ---- | C] () -- C:\Windows\WALLSTRT.INI
[2013/04/22 20:26:55 | 000,004,867 | ---- | C] () -- C:\ProgramData\zkaxuuhr.pbi
[2013/03/27 14:17:13 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\TSD32.DLL
[2013/02/15 10:19:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Files - Unicode (All) ==========
[2013/09/21 15:15:14 | 098,547,399 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\牧欂豴
[2013/09/21 15:15:14 | 098,547,399 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\牧欂豴
< End of report >
Edited by baldingeagle, 03 February 2014 - 01:18 PM.