Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMBOFIX


  • This topic is locked This topic is locked
16 replies to this topic

#1 financeyoda

financeyoda

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 07 December 2012 - 02:31 PM

ComboFix 12-12-04.01 - Franklin Inc 12/07/2012 8:31.13.1 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1791.986 [GMT -8:00]
Running from: c:\users\Franklin Inc\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-11-07 to 2012-12-07 )))))))))))))))))))))))))))))))
.
.
2012-12-07 16:38 . 2012-12-07 16:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-07 16:38 . 2012-12-07 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-07 13:09 . 2012-12-07 13:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-04 20:16 . 2012-12-04 20:52 -------- d-----w- c:\program files\HMA! Pro VPN
2012-12-01 14:02 . 2012-12-01 14:02 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBF993A-ADE7-442F-9675-9AC04374D0E2}\offreg.dll
2012-12-01 14:00 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBF993A-ADE7-442F-9675-9AC04374D0E2}\mpengine.dll
2012-11-28 22:33 . 2012-11-28 22:33 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-11-27 20:30 . 2012-11-27 20:30 -------- d-----w- c:\program files\Common Files\Skype
2012-11-19 14:50 . 2012-11-19 14:50 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-11-18 22:53 . 2012-12-06 15:30 -------- d-----w- c:\program files\NATATA eBook Compiler 3.3.5
2012-11-16 09:25 . 2012-11-16 09:27 -------- d-----w- c:\program files\Google
2012-11-16 05:19 . 2012-11-16 05:20 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-07 13:08 . 2012-09-19 22:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-07 13:08 . 2012-08-16 15:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-17 17:02 . 2012-08-19 16:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-17 17:02 . 2012-08-19 16:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 17:05 . 2012-10-08 17:05 604672 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2012-10-08 17:05 . 2012-10-26 19:14 225792 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2012-10-08 17:05 . 2012-10-08 17:05 118784 ----a-w- c:\windows\system32\EKIJCOINST13.dll
2012-09-30 03:54 . 2012-07-31 22:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Conime"="c:\windows\system32\conime.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RescueTime.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
backup=c:\windows\pss\RescueTime.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B Register C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B Register C:\Program Files
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B Register c:\program files\DivX
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B Register c:\program files\DivX\DivX Plus Player
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B Register c:\program files\DivX\DivX Plus Player\DPXPlugins
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B Register c:\program files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll]
2012-01-31 01:38 155648 ----a-w- c:\program files\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
c:\windows\system32\conime.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2012-10-08 17:05 2804224 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor]
2012-10-15 18:58 2844608 ----a-w- c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2012-07-23 17:20 2908536 ----a-w- c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 03:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 11:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-10-24 04:37 1193176 ----a-w- c:\users\Franklin Inc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 23:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 SASKUTIL;SASKUTIL;c:\users\FRANKL~1\AppData\Local\Temp\SASKUTIL.SYS [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\windows.old\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S1 aswKbd;aswKbd; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 17:02]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 09:25]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 09:25]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002Core.job
- c:\users\Franklin Inc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:21]
.
2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002UA.job
- c:\users\Franklin Inc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1372)
c:\program files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
.
Completion time: 2012-12-07 08:40:20
ComboFix-quarantined-files.txt 2012-12-07 16:40
ComboFix2.txt 2012-12-06 15:35
ComboFix3.txt 2012-11-08 00:56
ComboFix4.txt 2012-10-26 04:21
ComboFix5.txt 2012-12-07 04:52
.
Pre-Run: 14,507,249,664 bytes free
Post-Run: 14,065,364,992 bytes free
.
- - End Of File - - 28CED44754E119624D704CE3B2388B6D

Edited by Orange Blossom, 07 December 2012 - 02:32 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:34 AM

Posted 10 December 2012 - 05:42 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Running OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. aswMBR.exe log file.
3. OTL.txt & Extras.txt log files.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 19 December 2012 - 05:39 PM

Something is preventing the scan from completing

Edited by financeyoda, 19 December 2012 - 05:49 PM.


#4 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 19 December 2012 - 05:48 PM

Avast rootkit?

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:34 AM

Posted 19 December 2012 - 06:49 PM

Hi!

Okay, lets try seeing if you can proceed with the OTL instructions.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 20 December 2012 - 12:54 PM

OTL logfile created on: 12/19/2012 4:05:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franklin Inc\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 31.12% Memory free
3.50 Gb Paging File | 1.97 Gb Available in Paging File | 56.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.04 Gb Total Space | 16.16 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: FRANKLININC-PC | User Name: Franklin Inc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Franklin Inc\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Franklin Inc\Downloads\aswMBR.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\Setup\avast.setup (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AVAST Software\Avast\aswRunDll.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12121901\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\Setup\setiface.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll ()
MOD - C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswRunDll.exe ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()


========== Services (SafeList) ==========

SRV - (OpenVPNService) -- C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)
SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Windows.old\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (ssudmdm) -- system32\DRIVERS\ssudmdm.sys File not found
DRV - (SASKUTIL) -- C:\Users\FRANKL~1\AppData\Local\Temp\SASKUTIL.SYS File not found
DRV - (catchme) -- C:\Users\FRANKL~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\FRANKL~1\AppData\Local\Temp\aswMBR.sys File not found
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 D8 E5 27 3B C2 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.0
FF - prefs.js..extensions.enabledAddons: cleanprint%40formatdynamics.com:4.1.0
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.21
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Franklin Inc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Franklin Inc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/30 21:43:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Windows.old\Program Files\Mozilla Firefox\components [2012/12/06 12:29:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Windows.old\Program Files\Mozilla Firefox\plugins [2012/12/06 12:28:30 | 000,000,000 | ---D | M]

[2012/06/26 04:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Extensions
[2012/07/31 12:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/07/31 12:02:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2012/11/27 12:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\chqxphi2.default\extensions
[2012/11/27 12:58:17 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\chqxphi2.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/07/31 12:02:16 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
[2012/11/27 12:58:15 | 000,234,741 | ---- | M] () (No name found) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\chqxphi2.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/09/25 09:28:24 | 000,009,493 | ---- | M] () (No name found) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\chqxphi2.default\extensions\cleanprint@formatdynamics.com.xpi
[2012/09/13 05:19:25 | 000,134,863 | ---- | M] () (No name found) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\chqxphi2.default\extensions\jid0-bbA9VAawX3LMWDu668aUDrpQVXU@jetpack.xpi
[2012/07/30 21:43:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Franklin Inc\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: FVD Video Downloader = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\1.4.3_0\
CHR - Extension: Skype Click to Call = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Franklin Inc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/06 07:31:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: I&nvia a OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9017BD5-3D80-4702-9A0D-6EDDCA6F3AD3}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/12 14:43:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Franklin Inc\Desktop\aswMBR.exe
[2012/12/11 21:32:21 | 000,000,000 | ---D | C] -- C:\Users\Franklin Inc\Desktop\JFK FUNDING
[2012/12/07 08:39:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/07 08:38:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/07 05:10:16 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/07 05:09:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/07 05:09:15 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/07 05:09:15 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/06 00:33:39 | 000,000,000 | ---D | C] -- C:\Users\Franklin Inc\Desktop\Shameless
[2012/12/06 00:28:12 | 000,000,000 | ---D | C] -- C:\Users\Franklin Inc\Desktop\Shameless US Season 1 Complete 720p
[2012/12/05 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Franklin Inc\Desktop\Homeland S02E07 Season 2 Episode 7 HDTV x264 [GlowGaze]
[2012/12/04 12:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
[2012/12/04 12:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\HMA! Pro VPN
[2012/12/03 20:49:15 | 000,000,000 | ---D | C] -- C:\Users\Franklin Inc\Desktop\Homeland.S01
[2012/11/28 23:27:33 | 000,000,000 | ---D | C] -- C:\Users\Franklin Inc\Desktop\Men Are from Mars, Woman Are from Venus - The Classic Guide To Understanding the Opposite Sex (Audiobook)
[2012/11/27 12:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/27 12:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/20 12:07:37 | 000,000,000 | ---D | C] -- C:\Users\Franklin Inc\Documents\Free Classified Ad sites
[1 C:\Users\Franklin Inc\Desktop\*.tmp files -> C:\Users\Franklin Inc\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/20 08:47:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/20 08:32:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/20 08:20:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002UA.job
[2012/12/20 08:14:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/20 08:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/19 13:36:37 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/19 13:36:37 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/19 13:20:48 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/13 06:17:23 | 000,002,528 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Google Chrome.lnk
[2012/12/12 21:08:10 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Franklin Inc\Desktop\aswMBR.exe
[2012/12/12 20:54:44 | 000,351,990 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Untitled.jpg
[2012/12/12 20:46:01 | 003,932,214 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Untitled.bmp
[2012/12/12 15:40:33 | 284,501,501 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/12 11:19:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002Core.job
[2012/12/08 22:01:43 | 250,541,446 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Scandal.US.S02E08.HDTV.x264-LOL.mp4
[2012/12/07 05:08:41 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/07 05:08:39 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/07 05:08:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/07 05:08:38 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/12/07 05:08:38 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/12/07 05:08:38 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/06 08:44:51 | 025,637,833 | ---- | M] () -- C:\Users\Franklin Inc\Documents\CoolTrafficSources.pdf
[2012/12/06 07:31:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/06 00:25:00 | 1029,118,957 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E06.720p.HDTV.x264-IMMERSE.mkv
[2012/12/06 00:20:44 | 1112,070,834 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E10.PROPER.720p.HDTV.x264-EVOLVE.mkv
[2012/12/06 00:20:27 | 1103,058,336 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E08.720p.HDTV.x264-IMMERSE.mkv
[2012/12/06 00:07:37 | 1053,742,062 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E09.720p.HDTV.x264-IMMERSE.mkv
[2012/12/05 22:40:22 | 333,648,248 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E05.HDTV.x264-ASAP.mp4
[2012/12/05 12:14:28 | 000,003,024 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\cc_20121205_113549.reg
[2012/12/04 12:17:06 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2012/12/03 18:39:30 | 270,879,222 | ---- | M] () -- C:\Users\Franklin Inc\Desktop\Scandal.US.S02E07.HDTV.x264-LOL.mp4
[2012/11/27 12:30:36 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Users\Franklin Inc\Desktop\*.tmp files -> C:\Users\Franklin Inc\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/12 20:54:43 | 000,351,990 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Untitled.jpg
[2012/12/12 20:46:00 | 003,932,214 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Untitled.bmp
[2012/12/12 15:40:33 | 284,501,501 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/08 21:54:35 | 250,541,446 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Scandal.US.S02E08.HDTV.x264-LOL.mp4
[2012/12/06 08:44:47 | 025,637,833 | ---- | C] () -- C:\Users\Franklin Inc\Documents\CoolTrafficSources.pdf
[2012/12/05 21:45:42 | 1112,070,834 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E10.PROPER.720p.HDTV.x264-EVOLVE.mkv
[2012/12/05 21:44:33 | 1053,742,062 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E09.720p.HDTV.x264-IMMERSE.mkv
[2012/12/05 21:41:10 | 1029,118,957 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E06.720p.HDTV.x264-IMMERSE.mkv
[2012/12/05 21:39:09 | 1103,058,336 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E08.720p.HDTV.x264-IMMERSE.mkv
[2012/12/05 21:36:31 | 333,648,248 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Homeland.S02E05.HDTV.x264-ASAP.mp4
[2012/12/05 11:38:11 | 000,003,024 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\cc_20121205_113549.reg
[2012/12/04 12:17:06 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\HMA! Pro VPN.lnk
[2012/12/03 18:34:58 | 270,879,222 | ---- | C] () -- C:\Users\Franklin Inc\Desktop\Scandal.US.S02E07.HDTV.x264-LOL.mp4
[2012/11/27 12:30:36 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/15 13:53:26 | 000,003,584 | ---- | C] () -- C:\Users\Franklin Inc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/08/28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/08/28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/08/28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/07/31 17:10:47 | 000,007,602 | ---- | C] () -- C:\Users\Franklin Inc\AppData\Local\Resmon.ResmonCfg
[2012/07/31 14:26:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/31 14:26:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/31 14:26:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/31 14:26:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/31 09:27:40 | 000,065,280 | ---- | C] () -- C:\Windows\System32\msvcr71.dll
[2012/07/24 19:18:33 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012/06/27 16:55:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/06/27 16:50:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/07 11:11:46 | 000,038,912 | ---- | C] () -- C:\Windows\System32\FirmwareRecovery.exe
[2011/01/04 12:17:12 | 000,237,637 | ---- | C] () -- C:\Windows\System32\nbt.exe

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/22 18:18:46 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\AC3Filter
[2012/10/17 09:35:21 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\Audacity
[2012/12/12 15:06:16 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\BitTorrent
[2012/08/07 06:15:48 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\DriverCure
[2012/10/13 07:48:29 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\Five9
[2012/08/16 08:55:10 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\Leadertech
[2012/10/21 14:22:26 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\MOVAVI
[2012/07/31 09:14:31 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\OpenCandy
[2012/08/07 06:15:47 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\ParetoLogic
[2012/09/24 13:57:34 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\Samsung
[2012/10/23 20:57:52 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\Spotify
[2012/10/11 13:17:42 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\TechSmith
[2012/08/15 21:30:33 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\Temp
[2012/11/15 23:10:17 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\ViralSubmitter
[2012/10/03 12:02:57 | 000,000,000 | ---D | M] -- C:\Users\Franklin Inc\AppData\Roaming\webex

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 12/19/2012 4:05:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Franklin Inc\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.54 Gb Available Physical Memory | 31.12% Memory free
3.50 Gb Paging File | 1.97 Gb Available in Paging File | 56.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.04 Gb Total Space | 16.16 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: FRANKLININC-PC | User Name: Franklin Inc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Windows.old\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19D2104A-273E-4503-8A16-CCEFA70D8ECC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20D214F5-9472-4512-9751-84FC1C196829}" = rport=138 | protocol=17 | dir=out | app=system |
"{29D6F514-670E-4868-9CD7-E93AB48595E7}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A5F5DEE-9C9B-44B2-AA9F-D60AACACD36A}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B6CE9AA-90EF-47D3-954C-9231930FB848}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{5574EDE3-030A-45BF-9B6E-8084EA64667D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5AEC94E8-E3BD-49F3-91CF-108EB3DB3AB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{69059BB4-B29D-43BB-9A39-AE2C71B57C6B}" = lport=139 | protocol=6 | dir=in | app=system |
"{6EDE3BA9-DA61-446E-98DB-966DB827F155}" = lport=2869 | protocol=6 | dir=in | app=system |
"{774A68D6-95B5-4F8C-B996-A4B7451F2BAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8DB3C000-27DC-4259-8DA9-0FBCDCA265B7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{983049F2-D22F-4A96-A1C0-A4B07CA32F06}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9E1D65A7-0570-46B6-9740-6C9F14C53F16}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{B183FD7F-193D-43EE-9B34-D5C664FA7F5D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B5621C70-F300-4C9A-85ED-73C74077E20D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BB6FF3B0-7BA8-446F-B7AB-2AB3E2BFCC0B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFDEFCD3-8D43-452F-824A-7ACEF06405B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C431C99A-0128-4EB0-8C2B-D46A4942EBC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C69934E5-07C1-4494-96B2-FE602B4B2C4C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D491467C-91D0-4BBA-A764-36E43AD7883C}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9CE75BB-990A-4F22-99E6-7F1CCED99C65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC43C169-877B-434D-9EA9-CC9DF222ECFF}" = rport=137 | protocol=17 | dir=out | app=system |
"{E29DE655-CF49-46C9-AE5C-BF30B3B26EF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E722603D-D7D0-44B6-9ABE-8CB26C6C6B86}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{E7FDB20A-FFC9-4FA2-82D4-26EDC868D648}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA15C832-45FB-41D9-960D-2195EAF180A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F19D764E-97D6-436A-AD93-913CE4D64CB7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{F6314305-693B-4AAB-8718-A9A82E055FEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8CEE61E-384C-4CBB-B3AC-D8BF31741F28}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{FC5600E9-EC7B-45BB-BC0B-75A316DDC2D6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FCE607A0-7A04-4F79-8BD9-EA7593AD5000}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE8DAE0-2F16-4A62-84F2-4C047820AC84}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{0FBF07DD-00D7-4FE3-89A7-5F4C642FB3EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15D7181F-754E-426D-A957-5B172314A677}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{170BB681-4CE1-4639-8DA7-FD0E4A14E480}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1B9AD263-BA69-4296-8CCA-7B0DBF3BE26F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1FA18BF3-AA31-40CD-B00D-859552B40193}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{26AAAE56-5B90-4153-8B18-BC4812612744}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29BEBE18-21B4-4B4C-B9DE-4939419213D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A8F5B67-E779-43C8-A577-971D84A1E7F7}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{318E7C6E-58E5-4572-A743-A788E16F9BA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3234E233-1B9F-457D-A683-57B5B096F0ED}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3548BFED-1484-4FD2-B6FD-5EE74F916A5B}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{3FEC343D-E9D4-475D-AB69-D372C4BF6937}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40DF3217-F088-4325-8C74-50C3490A57EF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4302A945-434B-4BD4-B11C-F71FC240017E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44256755-ED0F-49CF-9EA7-E21548B2D591}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47AAC517-9C44-4081-965D-DC3B3429F645}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{4D73DD4B-350E-4B9B-9EB1-46CB11E7CA28}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{58DCE877-E8E9-48DC-BE0F-5DB39C267BEE}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{6871D10D-0EB3-4AD2-918C-A5D8AE7EF7CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6F19DF24-3895-4EEB-9D2A-F3181F18C3F6}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{70415C07-231F-4255-91E7-F1CB6D2AE953}" = protocol=6 | dir=out | app=system |
"{7AAB2F38-61B6-433A-BDA9-DB46A638D96E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{82356875-80D1-4F55-A0EC-2351813B4ADD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8970A2F9-D28C-43ED-A5C3-9B19B8E90485}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9869DACD-F737-4B07-A440-4604EC2B483D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{9BA96F64-F459-4DA7-BDF7-BFA39E896F2B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A554FED9-8475-4F9B-95FC-1B93490ABEC9}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{A56CD323-F1CF-4862-9761-2696F9B20D19}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A67D32EE-CC98-4935-8380-69C37A540F8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A7BEC455-E40C-4B94-BC82-43E925F9FE46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC950D18-561E-4B2F-8B85-26B7064944A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF997FD2-F837-452B-A6EE-0B6FA730FBFE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B536C1E2-A4BF-4CD3-A83B-A5932E6D4AAD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B8842A03-7446-45E3-97D3-4E3B4A5D7E45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAA14FA6-D354-4910-A4D2-2E99A67E370A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC384834-E514-499E-8298-17A22CC2482F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C4579BE9-C34A-4809-8A02-1350429B5539}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{C94591A2-5D8E-4C17-B799-83ED3D21690E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{DB014813-4C2E-454F-A7A5-9FF6592749B6}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{DB1A571D-E0FA-45E1-8D14-CAF3D09D5FE3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E415247B-9140-4E6B-B808-E9F23EE72F5B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E54B4E12-7C45-4DB0-A97C-A4CCACAD09E6}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{F13ECEF8-E48C-4A27-B08F-D98E592899FE}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{F97DA515-5E81-45A6-90D5-BD8D77458087}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FA120792-1EE0-49E4-A6EE-20871AABB402}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FE44DB11-BCEA-4407-94BC-5C88225AFBE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{59B2EF12-2DB5-40C3-B8BA-4FF7716239BF}C:\Program Files\Java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{A681D182-EA4D-4539-BEDC-428CABF57D49}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AC94C485-E05D-4A2E-ABB4-1D4715936586}C:\users\franklin inc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\franklin inc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{1FA67A05-C571-4E37-8A52-21FA69C7D4A1}C:\Program Files\Java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{706AD4DE-708E-49E7-ADF2-680A52CA86D4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F2129E92-E3B2-4D6A-B1FC-3F29FAA7FC55}C:\users\franklin inc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\franklin inc\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.6.1
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50542AEE-76BD-4BCD-A890-E2FF4D4E051A}" = Camtasia Studio 8
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC9F4D8-D938-412B-B67D-A28FA7BDB8AA}" = Jing
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2010
"{90140000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2010
"{90140000-00BD-0409-0000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - English
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"AC3File_is1" = AC3File 0.7b
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Best Traffic Ideas_is1" = Best Traffic Ideas
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"FILE RECOVERY for WindowsNSIS" = FILE RECOVERY for Windows
"HMA! Pro VPN" = HMA! Pro VPN 2.7.1.6
"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Movavi Video Suite 11" = Movavi Video Suite 11
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PowerISO" = PowerISO
"PrintProjects" = PrintProjects
"Revo Uninstaller" = Revo Uninstaller 1.94
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Five9 Agent" = Five9 Agent
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.3.0.977
"JoinMe" = join.me
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/20/2012 1:02:56 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:03:09 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:03:22 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:03:39 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:04:09 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:04:27 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:04:44 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:05:05 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:05:21 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

Error - 12/20/2012 1:05:37 PM | Computer Name = FranklinInc-PC | Source = RasClient | ID = 20227
Description =

[ System Events ]
Error - 12/13/2012 12:30:47 AM | Computer Name = FranklinInc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RapiMgr service.

Error - 12/13/2012 12:42:51 AM | Computer Name = FranklinInc-PC | Source = bowser | ID = 8003
Description =

Error - 12/13/2012 2:36:32 AM | Computer Name = FranklinInc-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{D9017BD5-3D80-4702-9A0D-6EDDCA6F3AD3}
because another computer on the network has the same name. The server could not
start.

Error - 12/19/2012 5:20:55 PM | Computer Name = FranklinInc-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:49:45 AM on ?12/?13/?2012 was unexpected.

Error - 12/19/2012 5:21:16 PM | Computer Name = FranklinInc-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 12/19/2012 6:37:56 PM | Computer Name = FranklinInc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RapiMgr service.

Error - 12/19/2012 6:37:59 PM | Computer Name = FranklinInc-PC | Source = DCOM | ID = 10010
Description =

Error - 12/19/2012 9:10:41 PM | Computer Name = FranklinInc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/19/2012 9:53:23 PM | Computer Name = FranklinInc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the RapiMgr service.

Error - 12/20/2012 12:06:45 PM | Computer Name = FranklinInc-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IPBusEnum service.


< End of report >

#7 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 20 December 2012 - 01:06 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-20 09:59:38
-----------------------------
09:59:38.312 OS Version: Windows 6.1.7601 Service Pack 1
09:59:38.312 Number of processors: 1 586 0x7F02
09:59:38.314 ComputerName: FRANKLININC-PC UserName: Franklin Inc
10:02:05.120 Initialize success
10:03:17.023 AVAST engine error: -1
10:03:19.269 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
10:03:19.273 Disk 0 Vendor: Hitachi_ ST1O Size: 152627MB BusType: 3
10:03:19.320 Disk 0 MBR read successfully
10:03:19.324 Disk 0 MBR scan
10:03:19.328 Disk 0 Windows 7 default MBR code
10:03:19.361 Disk 0 Partition 1 00 12 Compaq diag NTFS 12288 MB offset 2048
10:03:19.383 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 140328 MB offset 25167872
10:03:19.433 Disk 0 Partition 3 00 45 LOADR-US 1 MB offset 312561664
10:03:19.472 Disk 0 scanning sectors +312563712
10:03:19.652 Disk 0 scanning C:\Windows\system32\drivers
10:03:34.090 Service scanning
10:04:32.559 Modules scanning
10:04:51.332 Disk 0 trace - called modules:
10:04:51.721 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
10:04:51.730 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ab5030]
10:04:51.743 3 CLASSPNP.SYS[885ae59e] -> nt!IofCallDriver -> [0x853c0790]
10:04:51.754 5 ACPI.sys[833a03d4] -> nt!IofCallDriver -> \Device\00000060[0x853c0bd0]
10:04:51.802 Scan finished successfully
10:05:52.688 Disk 0 MBR has been saved successfully to "C:\Users\Franklin Inc\Desktop\MBR.dat"
10:05:52.696 The log file has been saved successfully to "C:\Users\Franklin Inc\Desktop\aswMBR.txt"

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:34 AM

Posted 21 December 2012 - 07:10 PM

Hi!

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Go to Add/Remove programs and remove the following: Java™ 6 Update 26


NEXT:


Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL Fix log file
3. ComboFix.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 23 December 2012 - 07:54 PM

1.How do I get my pc to not run at 100% cpu usage?

2.All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\Windows\system32\drivers\etc\hosts
C:\Users\Franklin Inc\Desktop\cmd.bat deleted successfully.
C:\Users\Franklin Inc\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Franklin Inc\Desktop\cmd.bat deleted successfully.
C:\Users\Franklin Inc\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Franklin Inc
->Temp folder emptied: 75915725 bytes
->Temporary Internet Files folder emptied: 76905146 bytes
->Java cache emptied: 829215 bytes
->FireFox cache emptied: 78952819 bytes
->Google Chrome cache emptied: 114285898 bytes
->Flash cache emptied: 2214 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1051008 bytes
RecycleBin emptied: 305003506 bytes

Total Files Cleaned = 623.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Franklin Inc
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Franklin Inc
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12212012_234956




3.ComboFix 12-12-22.02 - Franklin Inc 12/22/2012 13:53:45.15.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1791.688 [GMT -8:00]
Running from: c:\users\Franklin Inc\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 )))))))))))))))))))))))))))))))
.
.
2012-12-24 00:07 . 2012-12-24 00:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-24 00:07 . 2012-12-24 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-22 07:49 . 2012-12-22 07:49 -------- d-----w- C:\_OTL
2012-12-20 18:44 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-12-20 18:44 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-12-20 18:44 . 2012-10-15 16:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-12-20 18:44 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-12-20 18:43 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-20 18:43 . 2012-10-30 23:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-20 18:42 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-20 18:42 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-07 13:09 . 2012-12-07 13:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-04 20:16 . 2012-12-04 20:52 -------- d-----w- c:\program files\HMA! Pro VPN
2012-12-01 14:02 . 2012-12-01 14:02 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBF993A-ADE7-442F-9675-9AC04374D0E2}\offreg.dll
2012-12-01 14:00 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCBF993A-ADE7-442F-9675-9AC04374D0E2}\mpengine.dll
2012-11-28 22:33 . 2012-11-28 22:33 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-11-27 20:30 . 2012-11-27 20:30 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-07 13:08 . 2012-09-19 22:09 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-07 13:08 . 2012-08-16 15:13 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-19 14:50 . 2012-11-19 14:50 26112 ----a-w- c:\windows\system32\drivers\tap0901.sys
2012-11-17 17:02 . 2012-08-19 16:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-17 17:02 . 2012-08-19 16:26 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 17:05 . 2012-10-08 17:05 604672 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2012-10-08 17:05 . 2012-10-26 19:14 225792 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2012-10-08 17:05 . 2012-10-08 17:05 118784 ----a-w- c:\windows\system32\EKIJCOINST13.dll
2012-09-30 03:54 . 2012-07-31 22:47 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-09 00:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Conime"="c:\windows\system32\conime.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RescueTime.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk
backup=c:\windows\pss\RescueTime.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
c:\windows\system32\conime.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2012-10-08 17:05 2804224 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKStatusMonitor]
2012-10-15 18:58 2844608 ----a-w- c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2012-07-23 17:20 2908536 ----a-w- c:\program files\TechSmith\Jing\Jing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-30 03:54 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 11:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-10-24 04:37 1193176 ----a-w- c:\users\Franklin Inc\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 23:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
R1 SASKUTIL;SASKUTIL;c:\users\FRANKL~1\AppData\Local\Temp\SASKUTIL.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\windows.old\Program Files\SUPERAntiSpyware\SASCORE.EXE [x]
R4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]
R4 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-19 17:02]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 09:25]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-16 09:25]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002Core.job
- c:\users\Franklin Inc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:21]
.
2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002UA.job
- c:\users\Franklin Inc\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 17:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: I&nvia a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2556)
c:\program files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
c:\program files\DivX\DivX Plus Media Foundation Components\DivXMFSource.dll
.
Completion time: 2012-12-23 16:30:43
ComboFix-quarantined-files.txt 2012-12-24 00:29
ComboFix2.txt 2012-12-07 16:40
ComboFix3.txt 2012-12-06 15:35
ComboFix4.txt 2012-11-08 00:56
ComboFix5.txt 2012-12-22 09:55
.
Pre-Run: 15,857,135,616 bytes free
Post-Run: 15,083,843,584 bytes free
.
- - End Of File - - D5D5D36012F878F95976F6CFC5E3A13C

4.CPU Usage still 100%

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:34 AM

Posted 24 December 2012 - 11:40 AM

Hi!

1.How do I get my pc to not run at 100% cpu usage?

You may want to take a look at the suggestions in this thread here: http://www.bleepingcomputer.com/forums/topic87058.html

Please run the following scans below:

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. MalwareBytes' Anti-Malware log file.
3. ESET Online Virus Scan log file.
4. SecurityCheck log file.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Edited by SweetTech, 24 December 2012 - 11:41 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 25 December 2012 - 03:54 PM

2.Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.24.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Franklin Inc :: FRANKLININC-PC [administrator]

12/24/2012 2:38:00 PM
mbam-log-2012-12-24 (14-38-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202996
Time elapsed: 37 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



3.C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application

4. Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
Google Chrome 23.0.1271.97
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

STILL RUNNING 100% CPU :(

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:34 AM

Posted 26 December 2012 - 06:09 PM

Hi!

What exactly are you doing when the CPU is at 100%?? Is it preventing you from doing other things?

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    [2012/07/31 12:02:16 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com
    O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
    :Reg
    
    :Files
    C:\Users\Franklin Inc\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\plugin@yontoo.com\content\overlay.js
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
Your Adobe Reader is now up to date!

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 26 December 2012 - 07:29 PM

It runs 100% on startup.



Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Updated Adobe!

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:02:34 AM

Posted 26 December 2012 - 08:13 PM

Hi!

Do the following for me so I can see things from a different perspective.

Running FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 financeyoda

financeyoda
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 PM

Posted 26 December 2012 - 09:42 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-12-2012 01
Ran by SYSTEM at 26-12-2012 18:32:42
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4297136 2012-10-30] (AVAST Software)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

==================== Services (Whitelisted) ===================

4 !SASCORE; "C:\Windows.old\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2012-07-31] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-10-30] (AVAST Software)
4 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395200 2012-10-19] (Eastman Kodak Company)
4 Kodak AiO Status Monitor Service; "C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe" [779200 2012-10-15] (Eastman Kodak Company)
3 OpenVPNService; "C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2012-11-19] ()
4 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3064000 2012-10-02] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software)
1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [18544 2012-08-21] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-30] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2012-11-19] (The OpenVPN Project)
3 catchme; \??\C:\Users\FRANKL~1\AppData\Local\Temp\catchme.sys [x]
1 SASKUTIL; \??\C:\Users\FRANKL~1\AppData\Local\Temp\SASKUTIL.SYS [x]
3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-12-26 16:29 - 2012-12-26 16:29 - 01000784 ____A (Solid State Networks) C:\Users\Franklin Inc\Downloads\install_reader11_en_mssd_aih.exe
2012-12-26 16:23 - 2012-12-26 16:23 - 00001991 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-26 16:23 - 2012-12-26 16:23 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-12-26 15:59 - 2012-12-26 15:59 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-12-26 13:12 - 2012-12-26 13:13 - 04010552 ____A (Privax Ltd) C:\Users\Franklin Inc\Downloads\HMA-Pro-VPN-2.7.1.7-install.exe
2012-12-24 22:23 - 2012-12-07 05:08 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-12-24 22:23 - 2012-12-07 05:08 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-12-24 22:23 - 2012-12-07 05:08 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-12-24 16:53 - 2012-12-24 16:54 - 00856731 ____A C:\Users\Franklin Inc\Downloads\SecurityCheck.exe
2012-12-24 16:53 - 2012-12-24 16:53 - 00000155 ____A C:\Users\Franklin Inc\Desktop\ESETScan.txt
2012-12-24 15:20 - 2012-12-24 15:20 - 02322184 ____A (ESET) C:\Users\Franklin Inc\Downloads\esetsmartinstaller_enu (1).exe
2012-12-24 15:18 - 2012-12-24 15:18 - 00000000 ____D C:\Program Files\ESET
2012-12-24 14:48 - 2012-12-24 14:48 - 02322184 ____A (ESET) C:\Users\Franklin Inc\Downloads\esetsmartinstaller_enu.exe
2012-12-23 16:55 - 2012-12-23 16:55 - 00011352 ____A C:\Users\Franklin Inc\Desktop\combo fix 122312.txt
2012-12-23 16:31 - 2012-12-23 16:31 - 00011344 ____A C:\ComboFix.txt
2012-12-23 11:09 - 2012-12-26 10:08 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Postcard Marketing
2012-12-22 12:36 - 2012-12-22 12:36 - 00001189 ____A C:\Users\Franklin Inc\Desktop\ComboFix.exe - Shortcut.lnk
2012-12-22 10:38 - 2012-12-22 10:39 - 05012410 ____A (Swearware) C:\Users\Franklin Inc\Downloads\ComboFix (1).exe
2012-12-22 01:54 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-22 01:51 - 2012-12-22 12:42 - 05012898 ____R (Swearware) C:\Users\Franklin Inc\Downloads\ComboFix.exe
2012-12-22 01:43 - 2012-12-22 01:43 - 00256000 ____A C:\Users\Franklin Inc\Downloads\iexplore.exe
2012-12-21 23:49 - 2012-12-21 23:49 - 00000000 ____D C:\_OTL
2012-12-20 21:03 - 2012-12-20 21:20 - 240568418 ____A C:\Users\Franklin Inc\Desktop\Scandal.US.S02E09.HDTV.x264-LOL.mp4
2012-12-20 21:00 - 2012-12-20 21:02 - 00009583 ____A C:\Users\Franklin Inc\Downloads\[monova.org] Scandal_US_S02E09_HDTV_x264-LOL_(eztv).torrent
2012-12-20 20:59 - 2012-12-20 20:59 - 00010066 ____A C:\Users\Franklin Inc\Downloads\[www.seedpeer.me] Scandal Us S02e08 Hdtv X264 Lol Eztv.SEEDPEER (1).torrent
2012-12-20 20:57 - 2012-12-20 20:57 - 00010066 ____A C:\Users\Franklin Inc\Downloads\[www.seedpeer.me] Scandal Us S02e08 Hdtv X264 Lol Eztv.SEEDPEER.torrent
2012-12-20 10:44 - 2012-12-20 10:44 - 00002113 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-12-20 10:44 - 2012-10-30 15:51 - 00361032 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-12-20 10:44 - 2012-10-30 15:51 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-12-20 10:44 - 2012-10-30 15:51 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-12-20 10:44 - 2012-10-15 08:59 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-12-20 10:43 - 2012-10-30 15:51 - 00738504 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-12-20 10:43 - 2012-10-30 15:51 - 00058680 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-12-20 10:42 - 2012-10-30 15:51 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-12-20 10:42 - 2012-10-30 15:50 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-12-20 10:31 - 2012-12-20 10:31 - 102315992 ____A C:\Users\Franklin Inc\Downloads\avast_free_antivirus_setup (1).exe
2012-12-20 10:05 - 2012-12-20 10:05 - 00001760 ____A C:\Users\Franklin Inc\Desktop\aswMBR.txt
2012-12-20 10:05 - 2012-12-20 10:05 - 00000512 ____A C:\Users\Franklin Inc\Desktop\MBR.dat
2012-12-20 09:55 - 2012-12-20 09:55 - 00068644 ____A C:\Users\Franklin Inc\Desktop\OTL.Txt
2012-12-20 09:55 - 2012-12-20 09:55 - 00051596 ____A C:\Users\Franklin Inc\Desktop\Extras.Txt
2012-12-20 09:51 - 2012-12-20 09:51 - 00051596 ____A C:\Users\Franklin Inc\Downloads\Extras.Txt
2012-12-20 09:39 - 2012-12-20 09:39 - 00068644 ____A C:\Users\Franklin Inc\Downloads\OTL.Txt
2012-12-19 14:50 - 2012-12-19 14:51 - 00602112 ____A (OldTimer Tools) C:\Users\Franklin Inc\Desktop\OTL.exe
2012-12-19 13:42 - 2012-12-19 13:42 - 04732416 ____A (AVAST Software) C:\Users\Franklin Inc\Downloads\aswMBR.exe
2012-12-12 20:46 - 2012-12-12 20:46 - 03932214 ____A C:\Users\Franklin Inc\Desktop\Untitled.bmp
2012-12-12 15:40 - 2012-12-12 15:40 - 284501501 ____A C:\Windows\MEMORY.DMP
2012-12-12 15:12 - 2012-12-12 15:13 - 00199032 ____A C:\Windows\Minidump\121212-39967-01.dmp
2012-12-12 14:43 - 2012-12-12 21:08 - 04732416 ____A (AVAST Software) C:\Users\Franklin Inc\Desktop\aswMBR.exe
2012-12-12 11:29 - 2012-12-12 11:29 - 00034371 ____A C:\Users\Franklin Inc\Downloads\Sexy_PPV_Pop-Over.zip
2012-12-11 21:32 - 2012-12-12 11:25 - 00000000 ____D C:\Users\Franklin Inc\Desktop\JFK FUNDING
2012-12-10 17:34 - 2012-12-10 17:34 - 00225546 ____A C:\Users\Franklin Inc\Downloads\fwdrefinancingapplication.zip
2012-12-08 21:54 - 2012-12-08 22:01 - 250541446 ____A C:\Users\Franklin Inc\Desktop\Scandal.US.S02E08.HDTV.x264-LOL.mp4
2012-12-07 08:46 - 2012-12-07 08:46 - 00012022 ____A C:\Users\Franklin Inc\Desktop\dec 7 2012.txt
2012-12-07 05:09 - 2012-12-07 05:08 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-12-07 04:59 - 2012-12-07 05:00 - 00895464 ____A (Oracle Corporation) C:\Users\Franklin Inc\Downloads\chromeinstall-7u9.exe
2012-12-06 08:52 - 2012-12-26 16:01 - 00001512 ____A C:\Windows\setupact.log
2012-12-06 08:52 - 2012-12-06 08:52 - 00000000 ____A C:\Windows\setuperr.log
2012-12-06 08:51 - 2012-12-26 16:01 - 00006642 ____A C:\Windows\PFRO.log
2012-12-06 08:33 - 2012-12-06 08:33 - 00010561 ____A C:\Users\Franklin Inc\Desktop\combofix dec62012.txt
2012-12-06 00:33 - 2012-12-06 00:33 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Shameless
2012-12-06 00:28 - 2012-12-06 00:29 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Shameless US Season 1 Complete 720p
2012-12-05 21:45 - 2012-12-06 00:20 - 1112070834 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E10.PROPER.720p.HDTV.x264-EVOLVE.mkv
2012-12-05 21:44 - 2012-12-06 00:07 - 1053742062 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E09.720p.HDTV.x264-IMMERSE.mkv
2012-12-05 21:42 - 2012-12-05 21:42 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Homeland S02E07 Season 2 Episode 7 HDTV x264 [GlowGaze]
2012-12-05 21:41 - 2012-12-06 00:25 - 1029118957 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E06.720p.HDTV.x264-IMMERSE.mkv
2012-12-05 21:39 - 2012-12-06 00:20 - 1103058336 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E08.720p.HDTV.x264-IMMERSE.mkv
2012-12-05 21:36 - 2012-12-05 22:40 - 333648248 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E05.HDTV.x264-ASAP.mp4
2012-12-05 11:38 - 2012-12-05 12:14 - 00003024 ____A C:\Users\Franklin Inc\Desktop\cc_20121205_113549.reg
2012-12-04 12:17 - 2012-12-26 13:14 - 00001111 ____A C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2012-12-04 12:16 - 2012-12-26 13:17 - 00000000 ____D C:\Program Files\HMA! Pro VPN
2012-12-04 12:14 - 2012-12-04 12:15 - 04001152 ____A (Privax Ltd) C:\Users\Franklin Inc\Downloads\HMA-Pro-VPN-2.7.1.6-install.exe
2012-12-03 20:47 - 2012-12-03 20:47 - 00137010 ____A C:\Users\Franklin Inc\Downloads\Homeland - Season 1 Complete HDTV (XviDMP3) [2090845].torrent
2012-12-03 20:46 - 2012-12-03 20:46 - 00045141 ____A C:\Users\Franklin Inc\Downloads\4555A72F8D59E583E8568A4687F2087E8A197E47.torrent
2012-12-03 20:35 - 2012-12-03 20:35 - 00045027 ____A C:\Users\Franklin Inc\Downloads\Homeland_S01E11_HDTV_XviD-ASAP[ettv].torrent
2012-12-03 20:33 - 2012-12-03 20:33 - 00057011 ____A C:\Users\Franklin Inc\Downloads\Homeland S01E12 HDTV XviD-LOL[ettv] [2090289].torrent
2012-12-03 20:32 - 2012-12-03 20:32 - 00026985 ____A C:\Users\Franklin Inc\Downloads\Homeland_S02E04_HDTV_x264-ASAP[ettv].torrent
2012-12-03 20:30 - 2012-12-03 20:30 - 00029165 ____A C:\Users\Franklin Inc\Downloads\Homeland_S02E03_HDTV_x264-ASAP[ettv].torrent
2012-12-03 20:29 - 2012-12-03 20:29 - 00039643 ____A C:\Users\Franklin Inc\Downloads\Homeland_S02E02_HDTV_XviD-KWS[ettv].torrent
2012-12-03 20:28 - 2012-12-03 20:28 - 00016169 ____A C:\Users\Franklin Inc\Downloads\E0C4B6F72E716855378CE22F3A03E42C50D97B36.torrent
2012-12-03 18:34 - 2012-12-03 18:34 - 00028302 ____A C:\Users\Franklin Inc\Downloads\The_Walking_Dead_S03E08_HDTV_x264-2HD[ettv].torrent
2012-12-03 18:33 - 2012-12-03 18:33 - 00010944 ____A C:\Users\Franklin Inc\Downloads\Scandal_US_S02E07_HDTV_x264-LOL_mp4.torrent
2012-11-28 23:27 - 2012-11-28 23:29 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Men Are from Mars, Woman Are from Venus - The Classic Guide To Understanding the Opposite Sex (Audiobook)
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-11-27 12:30 - 2012-11-27 12:30 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-27 12:30 - 2012-11-27 12:30 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-11-27 12:18 - 2012-11-27 12:18 - 00009025 ____A C:\Users\Franklin Inc\Documents\Book1.xlsx


==================== One Month Modified Files and Folders ========

2012-12-26 18:26 - 2012-06-25 20:55 - 01924672 ____A C:\Windows\WindowsUpdate.log
2012-12-26 18:19 - 2012-08-07 09:21 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002UA.job
2012-12-26 17:47 - 2012-08-19 08:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-26 17:32 - 2012-11-16 01:26 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-26 16:29 - 2012-12-26 16:29 - 01000784 ____A (Solid State Networks) C:\Users\Franklin Inc\Downloads\install_reader11_en_mssd_aih.exe
2012-12-26 16:25 - 2012-07-01 17:30 - 00000000 ____D C:\Users\All Users\Adobe
2012-12-26 16:23 - 2012-12-26 16:23 - 00001991 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2012-12-26 16:23 - 2012-12-26 16:23 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-12-26 16:23 - 2012-07-01 17:32 - 00000000 ____D C:\Program Files\Adobe
2012-12-26 16:07 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-26 16:07 - 2009-07-13 20:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-26 16:02 - 2012-11-16 01:26 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-26 16:01 - 2012-12-06 08:52 - 00001512 ____A C:\Windows\setupact.log
2012-12-26 16:01 - 2012-12-06 08:51 - 00006642 ____A C:\Windows\PFRO.log
2012-12-26 16:01 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-26 15:59 - 2012-12-26 15:59 - 00000000 ____D C:\Windows\System32\%LOCALAPPDATA%
2012-12-26 13:51 - 2012-09-30 13:15 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Craigslist Ads
2012-12-26 13:17 - 2012-12-04 12:16 - 00000000 ____D C:\Program Files\HMA! Pro VPN
2012-12-26 13:14 - 2012-12-04 12:17 - 00001111 ____A C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2012-12-26 13:13 - 2012-12-26 13:12 - 04010552 ____A (Privax Ltd) C:\Users\Franklin Inc\Downloads\HMA-Pro-VPN-2.7.1.7-install.exe
2012-12-26 11:21 - 2012-08-07 09:21 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3417702872-366502388-2173414318-1002Core.job
2012-12-26 10:08 - 2012-12-23 11:09 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Postcard Marketing
2012-12-24 22:25 - 2012-08-16 07:11 - 00000000 ____D C:\Program Files\Java
2012-12-24 16:54 - 2012-12-24 16:53 - 00856731 ____A C:\Users\Franklin Inc\Downloads\SecurityCheck.exe
2012-12-24 16:53 - 2012-12-24 16:53 - 00000155 ____A C:\Users\Franklin Inc\Desktop\ESETScan.txt
2012-12-24 15:20 - 2012-12-24 15:20 - 02322184 ____A (ESET) C:\Users\Franklin Inc\Downloads\esetsmartinstaller_enu (1).exe
2012-12-24 15:18 - 2012-12-24 15:18 - 00000000 ____D C:\Program Files\ESET
2012-12-24 14:48 - 2012-12-24 14:48 - 02322184 ____A (ESET) C:\Users\Franklin Inc\Downloads\esetsmartinstaller_enu.exe
2012-12-23 16:55 - 2012-12-23 16:55 - 00011352 ____A C:\Users\Franklin Inc\Desktop\combo fix 122312.txt
2012-12-23 16:32 - 2012-04-03 12:12 - 00000000 ____D C:\Qoobox
2012-12-23 16:31 - 2012-12-23 16:31 - 00011344 ____A C:\ComboFix.txt
2012-12-23 16:10 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-12-22 12:42 - 2012-12-22 01:51 - 05012898 ____R (Swearware) C:\Users\Franklin Inc\Downloads\ComboFix.exe
2012-12-22 12:36 - 2012-12-22 12:36 - 00001189 ____A C:\Users\Franklin Inc\Desktop\ComboFix.exe - Shortcut.lnk
2012-12-22 10:39 - 2012-12-22 10:38 - 05012410 ____A (Swearware) C:\Users\Franklin Inc\Downloads\ComboFix (1).exe
2012-12-22 01:43 - 2012-12-22 01:43 - 00256000 ____A C:\Users\Franklin Inc\Downloads\iexplore.exe
2012-12-21 23:49 - 2012-12-21 23:49 - 00000000 ____D C:\_OTL
2012-12-21 23:33 - 2012-06-26 04:50 - 00000000 ____D C:\Users\Franklin Inc\AppData\Roaming\BitTorrent
2012-12-20 21:20 - 2012-12-20 21:03 - 240568418 ____A C:\Users\Franklin Inc\Desktop\Scandal.US.S02E09.HDTV.x264-LOL.mp4
2012-12-20 21:02 - 2012-12-20 21:00 - 00009583 ____A C:\Users\Franklin Inc\Downloads\[monova.org] Scandal_US_S02E09_HDTV_x264-LOL_(eztv).torrent
2012-12-20 20:59 - 2012-12-20 20:59 - 00010066 ____A C:\Users\Franklin Inc\Downloads\[www.seedpeer.me] Scandal Us S02e08 Hdtv X264 Lol Eztv.SEEDPEER (1).torrent
2012-12-20 20:57 - 2012-12-20 20:57 - 00010066 ____A C:\Users\Franklin Inc\Downloads\[www.seedpeer.me] Scandal Us S02e08 Hdtv X264 Lol Eztv.SEEDPEER.torrent
2012-12-20 16:23 - 2012-10-11 13:17 - 00000000 ____D C:\Users\Franklin Inc\AppData\Local\CrashDumps
2012-12-20 10:44 - 2012-12-20 10:44 - 00002113 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-12-20 10:43 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-12-20 10:42 - 2012-06-26 17:09 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-12-20 10:42 - 2012-06-26 17:09 - 00000000 ____D C:\Program Files\AVAST Software
2012-12-20 10:31 - 2012-12-20 10:31 - 102315992 ____A C:\Users\Franklin Inc\Downloads\avast_free_antivirus_setup (1).exe
2012-12-20 10:05 - 2012-12-20 10:05 - 00001760 ____A C:\Users\Franklin Inc\Desktop\aswMBR.txt
2012-12-20 10:05 - 2012-12-20 10:05 - 00000512 ____A C:\Users\Franklin Inc\Desktop\MBR.dat
2012-12-20 09:55 - 2012-12-20 09:55 - 00068644 ____A C:\Users\Franklin Inc\Desktop\OTL.Txt
2012-12-20 09:55 - 2012-12-20 09:55 - 00051596 ____A C:\Users\Franklin Inc\Desktop\Extras.Txt
2012-12-20 09:51 - 2012-12-20 09:51 - 00051596 ____A C:\Users\Franklin Inc\Downloads\Extras.Txt
2012-12-20 09:39 - 2012-12-20 09:39 - 00068644 ____A C:\Users\Franklin Inc\Downloads\OTL.Txt
2012-12-19 14:51 - 2012-12-19 14:50 - 00602112 ____A (OldTimer Tools) C:\Users\Franklin Inc\Desktop\OTL.exe
2012-12-19 13:42 - 2012-12-19 13:42 - 04732416 ____A (AVAST Software) C:\Users\Franklin Inc\Downloads\aswMBR.exe
2012-12-13 06:17 - 2012-08-07 17:26 - 00002528 ____A C:\Users\Franklin Inc\Desktop\Google Chrome.lnk
2012-12-12 21:08 - 2012-12-12 14:43 - 04732416 ____A (AVAST Software) C:\Users\Franklin Inc\Desktop\aswMBR.exe
2012-12-12 20:46 - 2012-12-12 20:46 - 03932214 ____A C:\Users\Franklin Inc\Desktop\Untitled.bmp
2012-12-12 15:40 - 2012-12-12 15:40 - 284501501 ____A C:\Windows\MEMORY.DMP
2012-12-12 15:40 - 2012-09-12 08:14 - 00000000 ____D C:\Windows\Minidump
2012-12-12 15:13 - 2012-12-12 15:12 - 00199032 ____A C:\Windows\Minidump\121212-39967-01.dmp
2012-12-12 11:29 - 2012-12-12 11:29 - 00034371 ____A C:\Users\Franklin Inc\Downloads\Sexy_PPV_Pop-Over.zip
2012-12-12 11:25 - 2012-12-11 21:32 - 00000000 ____D C:\Users\Franklin Inc\Desktop\JFK FUNDING
2012-12-10 17:34 - 2012-12-10 17:34 - 00225546 ____A C:\Users\Franklin Inc\Downloads\fwdrefinancingapplication.zip
2012-12-09 21:42 - 2012-06-26 17:42 - 00000000 ____D C:\Users\All Users\Kodak
2012-12-08 22:01 - 2012-12-08 21:54 - 250541446 ____A C:\Users\Franklin Inc\Desktop\Scandal.US.S02E08.HDTV.x264-LOL.mp4
2012-12-07 08:46 - 2012-12-07 08:46 - 00012022 ____A C:\Users\Franklin Inc\Desktop\dec 7 2012.txt
2012-12-07 06:48 - 2012-08-01 12:03 - 00001732 ____A C:\Users\Franklin Inc\Desktop\Rkill.txt
2012-12-07 05:08 - 2012-12-24 22:23 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-12-07 05:08 - 2012-12-24 22:23 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-12-07 05:08 - 2012-12-24 22:23 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-12-07 05:08 - 2012-12-07 05:09 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-12-07 05:08 - 2012-09-19 14:09 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-12-07 05:08 - 2012-08-16 07:13 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-12-07 05:00 - 2012-12-07 04:59 - 00895464 ____A (Oracle Corporation) C:\Users\Franklin Inc\Downloads\chromeinstall-7u9.exe
2012-12-06 08:52 - 2012-12-06 08:52 - 00000000 ____A C:\Windows\setuperr.log
2012-12-06 08:33 - 2012-12-06 08:33 - 00010561 ____A C:\Users\Franklin Inc\Desktop\combofix dec62012.txt
2012-12-06 07:30 - 2012-11-18 14:53 - 00000000 ____D C:\Program Files\NATATA eBook Compiler 3.3.5
2012-12-06 01:53 - 2012-03-30 15:39 - 00000000 ____D C:\avast! sandbox
2012-12-06 00:33 - 2012-12-06 00:33 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Shameless
2012-12-06 00:29 - 2012-12-06 00:28 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Shameless US Season 1 Complete 720p
2012-12-06 00:25 - 2012-12-05 21:41 - 1029118957 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E06.720p.HDTV.x264-IMMERSE.mkv
2012-12-06 00:20 - 2012-12-05 21:45 - 1112070834 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E10.PROPER.720p.HDTV.x264-EVOLVE.mkv
2012-12-06 00:20 - 2012-12-05 21:39 - 1103058336 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E08.720p.HDTV.x264-IMMERSE.mkv
2012-12-06 00:07 - 2012-12-05 21:44 - 1053742062 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E09.720p.HDTV.x264-IMMERSE.mkv
2012-12-05 22:40 - 2012-12-05 21:36 - 333648248 ____A C:\Users\Franklin Inc\Desktop\Homeland.S02E05.HDTV.x264-ASAP.mp4
2012-12-05 21:42 - 2012-12-05 21:42 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Homeland S02E07 Season 2 Episode 7 HDTV x264 [GlowGaze]
2012-12-05 12:14 - 2012-12-05 11:38 - 00003024 ____A C:\Users\Franklin Inc\Desktop\cc_20121205_113549.reg
2012-12-04 18:37 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-12-04 12:51 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-12-04 12:15 - 2012-12-04 12:14 - 04001152 ____A (Privax Ltd) C:\Users\Franklin Inc\Downloads\HMA-Pro-VPN-2.7.1.6-install.exe
2012-12-04 10:10 - 2012-10-16 14:55 - 00000000 ____D C:\Users\Franklin Inc\AppData\Roaming\Skype
2012-12-03 20:47 - 2012-12-03 20:47 - 00137010 ____A C:\Users\Franklin Inc\Downloads\Homeland - Season 1 Complete HDTV (XviDMP3) [2090845].torrent
2012-12-03 20:46 - 2012-12-03 20:46 - 00045141 ____A C:\Users\Franklin Inc\Downloads\4555A72F8D59E583E8568A4687F2087E8A197E47.torrent
2012-12-03 20:35 - 2012-12-03 20:35 - 00045027 ____A C:\Users\Franklin Inc\Downloads\Homeland_S01E11_HDTV_XviD-ASAP[ettv].torrent
2012-12-03 20:33 - 2012-12-03 20:33 - 00057011 ____A C:\Users\Franklin Inc\Downloads\Homeland S01E12 HDTV XviD-LOL[ettv] [2090289].torrent
2012-12-03 20:32 - 2012-12-03 20:32 - 00026985 ____A C:\Users\Franklin Inc\Downloads\Homeland_S02E04_HDTV_x264-ASAP[ettv].torrent
2012-12-03 20:30 - 2012-12-03 20:30 - 00029165 ____A C:\Users\Franklin Inc\Downloads\Homeland_S02E03_HDTV_x264-ASAP[ettv].torrent
2012-12-03 20:29 - 2012-12-03 20:29 - 00039643 ____A C:\Users\Franklin Inc\Downloads\Homeland_S02E02_HDTV_XviD-KWS[ettv].torrent
2012-12-03 20:28 - 2012-12-03 20:28 - 00016169 ____A C:\Users\Franklin Inc\Downloads\E0C4B6F72E716855378CE22F3A03E42C50D97B36.torrent
2012-12-03 18:34 - 2012-12-03 18:34 - 00028302 ____A C:\Users\Franklin Inc\Downloads\The_Walking_Dead_S03E08_HDTV_x264-2HD[ettv].torrent
2012-12-03 18:33 - 2012-12-03 18:33 - 00010944 ____A C:\Users\Franklin Inc\Downloads\Scandal_US_S02E07_HDTV_x264-LOL_mp4.torrent
2012-11-29 12:31 - 2012-09-22 19:20 - 00000000 ____D C:\Windows\System32\appmgmt
2012-11-28 23:29 - 2012-11-28 23:27 - 00000000 ____D C:\Users\Franklin Inc\Desktop\Men Are from Mars, Woman Are from Venus - The Classic Guide To Understanding the Opposite Sex (Audiobook)
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-11-28 14:33 - 2012-11-28 14:33 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-11-27 12:30 - 2012-11-27 12:30 - 00002503 ____A C:\Users\Public\Desktop\Skype.lnk
2012-11-27 12:30 - 2012-11-27 12:30 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-11-27 12:30 - 2012-10-16 14:53 - 00000000 ___RD C:\Program Files\Skype
2012-11-27 12:30 - 2012-10-16 14:53 - 00000000 ____D C:\Users\All Users\Skype
2012-11-27 12:18 - 2012-11-27 12:18 - 00009025 ____A C:\Users\Franklin Inc\Documents\Book1.xlsx


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-21 23:50:52
Restore point made on: 2012-12-24 22:17:02

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 1791.37 MB
Available physical RAM: 1401.5 MB
Total Pagefile: 1791.37 MB
Available Pagefile: 1403.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1963.55 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:137.04 GB) (Free:14.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: () (Removable) (Total:0.48 GB) (Free:0.34 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 7168 KB
Disk 1 No Media 0 B 0 B
Disk 2 Online 494 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 12 GB 1024 KB
Partition 2 Primary 137 GB 12 GB
Partition 3 Primary 1024 KB 149 GB

=========================================================

Disk: 0
Partition 1
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 PQSERVICE NTFS Partition 12 GB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 137 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 45
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 494 MB 0 B

=========================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-12-05 02:36

==================== End Of Log ============================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users