Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

fbi money pak virus removal- has infected my safe mode- HELP


  • Please log in to reply
15 replies to this topic

#1 srhino

srhino

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 April 2013 - 11:42 AM

The compter is locked.  I have tried to restore system earlier date- did not work.  I get into the advance boot options window but when I chose either of the safe modes-  it shuts down before I can get to anything-

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of Malware Removal staff. ~ Animal

Edited by Animal, 23 April 2013 - 01:06 PM.
Moved from Windows 7 to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 fatcat77

fatcat77

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 23 April 2013 - 11:56 AM

Don't give up on System Restore after one try!  I have removed this virus twice this week for people and they have a newer version than anyone talks about on forums or can see in removal videos on Youtube. 

 

My solution was to run system restore more than once trying a couple different restore points till one completed successfully.  In one case, it said it was unsuccessful but when the computer rebooted normally afterwards, it actually was successful.

 

Press F8 when rebooting to bring up boot options and select "Repair Your Computer".  Log in as administrator and select system restore and try again if you can on an available restore point before the infection.  It may take a few tries.

 

Post back here if it is not.



#3 srhino

srhino
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 April 2013 - 12:04 PM

I have tried a few different points already but willing to keep at it.  I am also now creating a hitmankick start on a flashdrive.  Thanks for your input

 

 I will report back in a few 



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 23 April 2013 - 12:39 PM

Hi and welcome.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 srhino

srhino
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 April 2013 - 02:17 PM

JSntgRvr

 

here is the log from the scan.  Thanks for your help

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2013 01
Ran by SYSTEM on 23-04-2013 13:04:49
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe [201376 2010-11-30] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe [38560 2011-06-06] (Bluebeam Software, Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$ca115e14920b336e6c7ba295fe34fcfb\n. ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2009-12-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [340520 2010-09-17] (Kaspersky Lab)
HKLM-x32\...\Run: [Qwest Personal Digital Vault] "C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" /m [1064808 2009-12-18] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h [42536 2012-11-12] (MindSpark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe [30096 2012-11-12] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR]  [x]
HKU\Default User\...\Run: [HPADVISOR]  [x]
HKU\Owner\...\Run: [cdloader] "C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2011-08-23] (magicJack L.P.)
HKU\Owner\...\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2017 2012-10-24] ()
HKU\Owner\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17875120 2012-10-19] (Skype Technologies S.A.)
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-10] (Google Inc.)
HKU\Owner\...\Run: [CrawlerMail] c:\progra~2\inbox\cmail.exe /startup [1395200 2010-01-28] (Crawler.com)
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [76800 2011-11-16] ()
Startup: C:ProgramData\Start Menu\Programs\Startup\MRI_DISABLED ()

==================== Services (Whitelisted) =================

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [340520 2010-09-17] (Kaspersky Lab)
S2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
S2 sprtlisten; C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
S2 UTSCSI; C:\Windows\SysWow64\UTSCSI.EXE [45056 2012-04-02] ()
S2 VideoDownloadConverter_4zService; C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2012-11-12] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

S1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
S0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2009-11-11] (Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-11-03] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-23 13:04 - 2013-04-23 13:04 - 00000000 ____D C:\FRST
2013-04-22 14:53 - 2013-04-22 14:53 - 00003288 ____N C:\bootsqm.dat
2013-04-22 14:28 - 2013-04-23 10:59 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-04-22 13:23 - 2013-04-22 13:23 - 00001085 ____A C:\Users\Owner\Desktop\rob andersen timberline - Shortcut.lnk
2013-04-22 08:28 - 2013-04-22 08:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{660DA362-9346-4A18-A3FE-603B0B3A0FD1}
2013-04-19 11:45 - 2013-04-19 11:45 - 00276408 ____A C:\Windows\Minidump\041913-29733-01.dmp
2013-04-19 11:42 - 2013-04-19 11:42 - 00276408 ____A C:\Windows\Minidump\041913-27362-01.dmp
2013-04-19 10:44 - 2013-04-19 10:45 - 00288848 ____A C:\Windows\Minidump\041913-30872-01.dmp
2013-04-15 09:17 - 2013-04-15 10:17 - 00212410 ____A C:\Users\Owner\Downloads\Canyons RMA 3-30-13.pdf.yr8veqo.partial
2013-04-12 07:36 - 2013-04-23 11:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 01:02 - 2013-02-21 02:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 01:02 - 2013-02-21 02:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 01:02 - 2013-02-21 02:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-11 01:02 - 2013-02-21 02:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 01:02 - 2013-02-21 02:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-11 01:02 - 2013-02-21 02:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 01:02 - 2013-02-21 02:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-11 01:02 - 2013-02-19 04:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 01:02 - 2013-02-19 03:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 01:02 - 2013-02-19 03:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-11 01:02 - 2013-02-19 02:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 09:35 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-10 09:35 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 09:35 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 09:35 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 09:35 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 09:35 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 09:35 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 09:35 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 09:33 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 09:33 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 09:33 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 09:33 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 09:33 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 09:33 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 09:33 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-05 12:41 - 2013-04-05 12:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE9AA4F9-890D-4C78-B73D-21C386C644F8}
2013-04-01 18:46 - 2013-04-12 11:10 - 00000000 ____D C:\Users\Owner\Desktop\2013 PBI TO DO INFO
2013-04-01 13:46 - 2013-04-01 18:20 - 00000000 ____D C:\Users\Owner\Desktop\PBI POTENTIAL CLIENTS 2013
2013-03-28 13:08 - 2013-04-01 18:22 - 00000000 ____D C:\Users\Owner\Desktop\ptc 2013 potential clients
2013-03-28 06:10 - 2013-03-28 06:10 - 00276408 ____A C:\Windows\Minidump\032813-26816-01.dmp
2013-03-28 06:00 - 2013-04-23 10:56 - 00002062 ____A C:\Windows\setupact.log
2013-03-28 06:00 - 2013-03-28 06:00 - 00284720 ____A C:\Windows\Minidump\032813-32073-01.dmp
2013-03-28 05:59 - 2013-04-19 11:45 - 459473208 ____A C:\Windows\MEMORY.DMP
2013-03-27 15:58 - 2013-04-20 11:08 - 00000000 ____D C:\Users\Owner\.gstreamer-0.10
2013-03-27 15:43 - 2013-03-27 15:43 - 00276464 ____A C:\Windows\Minidump\032713-33743-01.dmp
2013-03-27 15:30 - 2013-03-27 15:30 - 00276464 ____A C:\Windows\Minidump\032713-31808-01.dmp
2013-03-27 15:15 - 2013-03-27 15:16 - 00288848 ____A C:\Windows\Minidump\032713-31824-01.dmp
2013-03-27 14:04 - 2013-03-27 14:04 - 00276408 ____A C:\Windows\Minidump\032713-32479-01.dmp
2013-03-27 13:39 - 2013-03-27 13:39 - 00276408 ____A C:\Windows\Minidump\032713-32011-01.dmp
2013-03-27 13:28 - 2013-03-27 13:28 - 00276464 ____A C:\Windows\Minidump\032713-30248-01.dmp
2013-03-27 13:00 - 2013-03-27 13:00 - 00288848 ____A C:\Windows\Minidump\032713-36161-01.dmp
2013-03-27 12:58 - 2013-03-27 12:58 - 02250054 ____A C:ProgramData\1.bmp
2013-03-27 12:57 - 2013-03-27 12:57 - 00350795 ____A C:ProgramData\1.jpg
2013-03-26 05:04 - 2013-03-26 05:04 - 00002174 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-25 10:31 - 2013-03-25 10:31 - 00768948 ____A C:\Users\Owner\Downloads\Grand Summit 2013-2014 Budget Package.zip

==================== One Month Modified Files and Folders =======

2013-04-23 13:04 - 2013-04-23 13:04 - 00000000 ____D C:\FRST
2013-04-23 12:20 - 2010-02-11 04:30 - 00000000 ____D C:ProgramData\Recovery
2013-04-23 12:18 - 2012-11-28 05:34 - 00000000 ___RD C:\Users\Owner\Documents\Inbox.com Virtual Storage
2013-04-23 12:18 - 2012-10-23 08:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-23 12:18 - 2012-04-05 15:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MotoCast
2013-04-23 12:18 - 2010-11-14 06:49 - 00000000 ____D C:\Windows\Minidump
2013-04-23 12:18 - 2009-11-09 13:36 - 00000000 ____D C:ProgramData\Microsoft Help
2013-04-23 12:18 - 2009-11-09 13:05 - 00000000 ____D C:\users\Owner
2013-04-23 12:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-23 11:59 - 2013-04-12 07:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-23 11:59 - 2012-05-08 15:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-23 11:59 - 2011-03-14 07:56 - 00000000 ____D C:ProgramData\Skype
2013-04-23 11:59 - 2010-12-25 08:52 - 00000000 ____D C:ProgramData\McAfee Security Scan
2013-04-23 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-23 10:59 - 2013-04-22 14:28 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-04-23 10:59 - 2009-12-01 21:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-23 10:59 - 2008-09-19 02:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt
2013-04-23 10:58 - 2011-03-14 07:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-04-23 10:57 - 2010-05-08 16:01 - 00000464 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-04-23 10:57 - 2010-01-28 05:00 - 00000000 ____D C:\Program Files (x86)\Inbox
2013-04-23 10:57 - 2009-12-01 21:20 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-23 10:56 - 2013-03-28 06:00 - 00002062 ____A C:\Windows\setupact.log
2013-04-23 10:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-22 15:29 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-22 15:29 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-22 14:53 - 2013-04-22 14:53 - 00003288 ____N C:\bootsqm.dat
2013-04-22 14:43 - 2009-07-13 21:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-22 14:30 - 2009-11-09 13:30 - 00595298 ____A C:\Windows\PFRO.log
2013-04-22 14:29 - 2009-09-26 08:10 - 01599538 ____A C:\Windows\WindowsUpdate.log
2013-04-22 14:28 - 2011-05-19 05:38 - 00000000 ____D C:\Users\Owner\Desktop\pbi docs build quest
2013-04-22 14:05 - 2012-06-08 12:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-22 13:23 - 2013-04-22 13:23 - 00001085 ____A C:\Users\Owner\Desktop\rob andersen timberline - Shortcut.lnk
2013-04-22 09:31 - 2013-03-07 06:17 - 00000000 ____D C:\Users\Owner\Desktop\KO & TODD
2013-04-22 08:28 - 2013-04-22 08:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{660DA362-9346-4A18-A3FE-603B0B3A0FD1}
2013-04-20 12:06 - 2011-04-18 15:48 - 00000000 ____D C:\Program Files (x86)\Total 3D
2013-04-20 11:25 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-20 11:08 - 2013-03-27 15:58 - 00000000 ____D C:\Users\Owner\.gstreamer-0.10
2013-04-19 11:48 - 2012-10-23 08:18 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-19 11:45 - 2013-04-19 11:45 - 00276408 ____A C:\Windows\Minidump\041913-29733-01.dmp
2013-04-19 11:45 - 2013-03-28 05:59 - 459473208 ____A C:\Windows\MEMORY.DMP
2013-04-19 11:42 - 2013-04-19 11:42 - 00276408 ____A C:\Windows\Minidump\041913-27362-01.dmp
2013-04-19 10:45 - 2013-04-19 10:44 - 00288848 ____A C:\Windows\Minidump\041913-30872-01.dmp
2013-04-17 19:25 - 2012-04-12 13:48 - 00000000 ____D C:\Users\Owner\Desktop\Real Estate clients 2012
2013-04-15 10:17 - 2013-04-15 09:17 - 00212410 ____A C:\Users\Owner\Downloads\Canyons RMA 3-30-13.pdf.yr8veqo.partial
2013-04-12 11:10 - 2013-04-01 18:46 - 00000000 ____D C:\Users\Owner\Desktop\2013 PBI TO DO INFO
2013-04-11 01:34 - 2009-11-09 13:28 - 00000000 ____D C:ProgramData\Kaspersky Lab
2013-04-11 01:28 - 2009-07-13 20:45 - 00377512 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 01:04 - 2009-11-09 13:26 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-08 06:31 - 2012-04-23 16:54 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-04-08 06:31 - 2009-12-22 17:31 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-04-08 06:27 - 2012-10-25 06:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-08 06:26 - 2009-12-22 17:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2013-04-08 06:26 - 2009-12-22 17:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HP Support Assistant
2013-04-06 16:22 - 2012-01-10 15:01 - 00000000 ____D C:\Users\Owner\Desktop\timberwolf johanne dean alain
2013-04-05 12:41 - 2013-04-05 12:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE9AA4F9-890D-4C78-B73D-21C386C644F8}
2013-04-04 12:50 - 2012-10-23 08:18 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-01 18:22 - 2013-03-28 13:08 - 00000000 ____D C:\Users\Owner\Desktop\ptc 2013 potential clients
2013-04-01 18:20 - 2013-04-01 13:46 - 00000000 ____D C:\Users\Owner\Desktop\PBI POTENTIAL CLIENTS 2013
2013-04-01 09:42 - 2011-05-27 04:13 - 00000000 ____D C:\Users\Owner\Desktop\unclaimed money
2013-04-01 05:18 - 2009-11-10 17:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-04-01 04:50 - 2009-11-09 13:24 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-03-28 13:13 - 2012-10-27 11:12 - 00000000 ____D C:\Users\Owner\Desktop\ptc scraper results
2013-03-28 11:04 - 2010-01-04 13:13 - 00000000 ____D C:\Users\Owner\Desktop\fischer meadows
2013-03-28 10:50 - 2012-05-16 14:50 - 00000000 ____D C:\Users\Owner\Desktop\real estate forms
2013-03-28 06:10 - 2013-03-28 06:10 - 00276408 ____A C:\Windows\Minidump\032813-26816-01.dmp
2013-03-28 06:00 - 2013-03-28 06:00 - 00284720 ____A C:\Windows\Minidump\032813-32073-01.dmp
2013-03-27 15:51 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-03-27 15:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-27 15:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-03-27 15:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-03-27 15:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-03-27 15:43 - 2013-03-27 15:43 - 00276464 ____A C:\Windows\Minidump\032713-33743-01.dmp
2013-03-27 15:30 - 2013-03-27 15:30 - 00276464 ____A C:\Windows\Minidump\032713-31808-01.dmp
2013-03-27 15:16 - 2013-03-27 15:15 - 00288848 ____A C:\Windows\Minidump\032713-31824-01.dmp
2013-03-27 14:04 - 2013-03-27 14:04 - 00276408 ____A C:\Windows\Minidump\032713-32479-01.dmp
2013-03-27 13:39 - 2013-03-27 13:39 - 00276408 ____A C:\Windows\Minidump\032713-32011-01.dmp
2013-03-27 13:28 - 2013-03-27 13:28 - 00276464 ____A C:\Windows\Minidump\032713-30248-01.dmp
2013-03-27 13:00 - 2013-03-27 13:00 - 00288848 ____A C:\Windows\Minidump\032713-36161-01.dmp
2013-03-27 13:00 - 2013-01-20 20:28 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-03-27 12:58 - 2013-03-27 12:58 - 02250054 ____A C:ProgramData\1.bmp
2013-03-27 12:57 - 2013-03-27 12:57 - 00350795 ____A C:ProgramData\1.jpg
2013-03-26 05:04 - 2013-03-26 05:04 - 00002174 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-25 10:31 - 2013-03-25 10:31 - 00768948 ____A C:\Users\Owner\Downloads\Grand Summit 2013-2014 Budget Package.zip

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3616773141-1212709838-2073199141-1000\$ca115e14920b336e6c7ba295fe34fcfb

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$ca115e14920b336e6c7ba295fe34fcfb

Other Malware:
===========
C:\Users\Owner\AppData\Roaming\skype.dat
C:\Users\Owner\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-03-21 01:01:13
Restore point made on: 2013-03-28 13:50:07
Restore point made on: 2013-04-11 01:02:01
Restore point made on: 2013-04-18 07:12:45

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 7927.89 MB
Available physical RAM: 6935.95 MB
Total Pagefile: 7926.04 MB
Available Pagefile: 6948.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:686.2 GB) (Free:514.62 GB) NTFS (Disk=0 Partition=2)
Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.33 GB) (Free:2.23 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive g: (HITMANPRO) (Removable) (Total:0.11 GB) (Free:0.09 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          698 GB      0 B        
  Disk 1    Online          125 MB      0 B        
  Disk 2    No Media           0 B      0 B        
  Disk 3    No Media           0 B      0 B        
  Disk 4    No Media           0 B      0 B        
  Disk 5    No Media           0 B      0 B        

Partitions of Disk 0:
===============

Disk ID: 1549F232

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary            686 GB   101 MB
  Partition 3    Primary             12 GB   686 GB

==================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   SYSTEM       NTFS   Partition    100 MB  Healthy           

=========================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   HP           NTFS   Partition    686 GB  Healthy           

=========================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     E   FACTORY_IMA  NTFS   Partition     12 GB  Healthy           

=========================================================

Partitions of Disk 1:
===============

Disk ID: DB6D0948

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            117 MB    31 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   HITMANPRO    FAT32  Removable    117 MB  Healthy           

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 699 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07) (NTFS)
Partition 2: (Not Active) - (Size=686 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07) (NTFS)

====================================================================
Disk: 1 (Size: 125 MB) (Disk ID: DB6D0948)
Partition 1: (Active) - (Size=118 MB) - (Type=0B)

Last Boot: 2013-04-13 22:32

==================== End Of Log ============================

 



#6 srhino

srhino
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 April 2013 - 03:14 PM

Thank you.  I used Far bar and then went to this .  This video showed me how to remove the infected protions with far bar.  I've been messing ith this for a full day.  Tried almost everything.  This far bar was the ticket.

 

Thanks again



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 23 April 2013 - 03:20 PM

Download the enclosed file. [attachment=137094:fixlist.txt]

Save it in the USB drive, next to FRST64.

Run FRST64 as you did before, except that this time around, click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode. If able to, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
  • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 23 April 2013 - 03:34 PM

It is more than ZeroAccess.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 srhino

srhino
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 April 2013 - 04:21 PM

I ran your txt file as well-

 

This is the log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-04-2013 01
Ran by Owner at 2013-04-23 15:19:28 Run:2
Running from F:\
Boot Mode: Normal
==============================================

C:\$Recycle.Bin\S-1-5-21-3616773141-1212709838-2073199141-1000\$ca115e14920b336e6c7ba295fe34fcfb not found.
C:\$Recycle.Bin\S-1-5-18\$ca115e14920b336e6c7ba295fe34fcfb not found.
C:\Users\Owner\AppData\Roaming\skype.dat not found.
C:\Users\Owner\AppData\Roaming\skype.ini not found.

==== End of Fixlog ====



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 23 April 2013 - 04:31 PM

Mine included two more files related to the FBI ramsonware, C:ProgramData\1.bmp and C:ProgramData\1.jpg. Make sure the file you downloaded is named fixlist.txt and it is next to FRST64.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 srhino

srhino
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 April 2013 - 05:05 PM

Thank you thank you I think we did it.  I have kaspersky- would you recommend a different one?  Is AVG decent?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-04-2013 01
Ran by Owner at 2013-04-23 16:03:26 Run:5
Running from F:\
Boot Mode: Normal
==============================================


==== End of Fixlog ====

 

 

 

 

I ran another scan and got this.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2013 01
Ran by Owner (administrator) on 23-04-2013 15:39:12
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) [912] C:\Windows\system32\atiesrxx.exe
(AMD) [1104] C:\Windows\system32\atieclxx.exe
(Bluebeam Software, Inc.) [1764] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
(AMD) [1928] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() [1960] C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) [1968] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab) [2044] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
(Apple Inc.) [2056] C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Nero AG) [2144] C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Crawler.com) [2416] C:\PROGRA~2\Inbox\CToolbar.exe
() [2444] C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(Sun Microsystems, Inc.) [2568] C:\Program Files (x86)\Java\jre6\bin\jusched.exe
() [2652] C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
() [2712] C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe
(Hewlett-Packard) [2812] C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) [2888] c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() [2912] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(VER_COMPANY_NAME) [2976] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
() [2152] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) [2436] C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(SupportSoft, Inc.) [3116] C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe
(TeamViewer GmbH) [3208] C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() [3240] C:\Windows\SysWOW64\UTSCSI.EXE
(COMPANYVERS_NAME) [3268] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
(Microsoft Corp.) [3300] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() [3808] C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corp.) [3916] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Crawler.com) [4072] c:\PROGRA~2\Inbox\CMail.exe
(CyberLink Corp.) [3432] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) [3732] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Microsoft Corporation) [2784] C:\Windows\system32\wbem\unsecapp.exe
() [5344] C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() [5384] C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Hewlett-Packard Company) [5316] C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Bluebeam Software, Inc.) [4632] C:\Program Files\Bluebeam Software\Revu\Revu.exe
(Microsoft Corporation) [4676] C:\Windows\system32\wuauclt.exe
(Microsoft Corporation.) [6032] C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
(SurfRight B.V.) [6160] C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) [4292] C:\Windows\system32\taskmgr.exe
(Kaspersky Lab) [2368] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
(Mozilla Corporation) [6764] C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) [2360] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
(Adobe Systems, Inc.) [5204] C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
(Microsoft Corporation) [6260] C:\Windows\system32\prevhost.exe
(Farbar) [6640] F:\FRST64.exe
(Farbar) [4804] F:\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe [201376 2010-11-30] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe [38560 2011-06-06] (Bluebeam Software, Inc.)
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$ca115e14920b336e6c7ba295fe34fcfb\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [cdloader] "C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK [50592 2011-08-23] (magicJack L.P.)
HKCU\...\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2017 2012-10-24] ()
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17875120 2012-10-19] (Skype Technologies S.A.)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-11-10] (Google Inc.)
HKCU\...\Run: [CrawlerMail] c:\progra~2\inbox\cmail.exe /startup [1395200 2010-01-28] (Crawler.com)
MountPoints2: J - J:\autorun.exe
MountPoints2: {0b1d57a7-d955-11de-8b97-002655484ab6} - J:\LaunchU3.exe -a
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2009-12-11] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Qwest Personal Digital Vault] "C:\Program Files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" /m [1064808 2009-12-18] ()
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKLM-x32\...\Run: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h [42536 2012-11-12] (MindSpark)
HKLM-x32\...\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe [30096 2012-11-12] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKU\Default User\...\Run: [HPADVISOR]  [x]
Startup: C:ProgramData\Start Menu\Programs\Startup\MRI_DISABLED ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
URLSearchHook: (No Name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} -  No File
URLSearchHook: (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} -  No File
URLSearchHook: (No Name) - {93a3111f-4f74-4ed8-895e-d9708497629e} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {355FE6B9-CE1F-4B91-8BE7-0F688362AEE7} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {355FE6B9-CE1F-4B91-8BE7-0F688362AEE7} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKLM-x32 - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm017YYus&ptnrS=HJxdm017YYus&si=pconverter&ptb=DF311804-4B92-48E6-97DD-447D6052BA23&ind=2012111208&n=77ee6168&psa=&st=sb&searchfor={searchTerms}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=AD3&o=102164&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=JH&apn_dtid=YYYYYYYYUS&apn_uid=BAFC69B5-1C14-4A25-A0E4-E9C760458C48&apn_sauid=44A35091-FD40-46A9-AE45-F7C8283AF6B2
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=70026
SearchScopes: HKCU - {355FE6B9-CE1F-4B91-8BE7-0F688362AEE7} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
SearchScopes: HKCU - {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm017YYus&ptnrS=HJxdm017YYus&si=pconverter&ptb=DF311804-4B92-48E6-97DD-447D6052BA23&ind=2012111208&n=77ee6168&psa=&st=sb&searchfor={searchTerms}
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Inbox\ctbr.dll (Crawler.com)
BHO-x32: Toolbar BHO - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbar.dll (MindSpark)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\prxtbeMu0.dll (Conduit Ltd.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Search Assistant BHO - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - eMusic Toolbar - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\prxtbeMu0.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - &Inbox.com Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Inbox\ctbr.dll (Crawler.com)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - VideoDownloadConverter - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {9EE802E8-C931-47AB-B570-AA8F791598CA} -  No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File
Toolbar: HKCU - No Name - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} -  No File
PDF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://pcmls.com/5.5.13.26155/Control/IRCSharc.cab
PDF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Inbox\ctbr.dll (Crawler.com)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [20992] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [20992] (Microsoft Corporation)
Winsock: Catalog5-x64 05 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o4x69nyp.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://go.mail.com/tb/en-us/mff_startpage
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @emusic.com/dlm-plugin - C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: VideoDownloadConverter - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o4x69nyp.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
FF Extension: toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o4x69nyp.default\Extensions\toolbar@mail.com.xpi

Chrome:
=======
CHR HomePage: {"backup":{"_signature":"g0q5SAS9dHmXA12VqTfNT9/3Rv1j+L2htjCHe4i69Jw=","_version":4,"extensions":{"ids":["aciahcmjmecflokailenpkdchphgkefd","ahfgeienlihckogmohjhadlkjgocpleb","mcbkbpnkkkipelfledbfocopglifcfmi","nneajnkjbffgblleaoojgaacokifdkhm"]},"homepage":"hxxp://www.google.com/","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://www.google.com/"]}},"browser":{"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","window_placement":{"bottom":860,"left":20,"maximized":true,"right":1482,"top":20,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":2,"default_apps_installed":true,"default_search_provider":{"enabled":true,"encodings":"UTF-8","icon_url":"hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}&ion=1{searchTerms}&nord=1","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}"},"disable_video_chat":true,"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://att.my.yahoo.com/",["hxxp://icds.portal.att.net/",0.6245116281250012,"hxxp://l.yimg.com/",0.4903190468749998,"hxxp://rdir.att.net/",0.06193503749999999]],["hxxp://cm.g.doubleclick.net/",["hxxp://cm.g.doubleclick.net/",2.27338020,"hxxp://user.lucidmedia.com/",2.27338020]],["hxxp://googleads.g.doubleclick.net/",["hxxp://www.google.com/",3.264340799999999,"https://googleads.g.doubleclick.net/",3.264340799999999]],["hxxp://s.ytimg.com/",["hxxp://s.youtube.com/",0.175482606250,"hxxp://s0.2mdn.net/",0.05161253124999999,"hxxp://www.youtube.com/",0.2374176437499999]],["hxxp://us.mg203.mail.yahoo.com/",["hxxp://l.yimg.com/",0.196127618750,"hxxp://mail.yimg.com/",0.06709629062499999]],["hxxp://web.mail.com/",["hxxp://o.aolcdn.com/",0.1187088218750]],["hxxp://www.divx.com/",["hxxp://edge.quantserve.com/",2.27338020,"hxxp://fonts.divx.com/",2.60370040,"hxxp://partner.googleadservices.com/",2.27338020,"hxxp://www.divx.com/",13.83458719999999,"hxxp://www.googletagservices.com/",2.27338020]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",7.228183199999998]],["hxxp://www.youtube.com/",["hxxp://s.ytimg.com/",0.07228917190914999]],["https://appleid.apple.com/",["https://a248.e.akamai.net/",2.2709513750,"https://ssl.apple.com/",0.08258004999999999]],["https://iforgot.apple.com/",["https://ssl.apple.com/",0.5028299244499999]],["https://login.yahoo.com/",["https://s.yimg.com/",0.134192581250]],["https://p11-buy.itunes.apple.com/",["https://iforgot.apple.com/",0.2196629330]],["https://ssl.apple.com/",["https://securemetrics.apple.com/",0.1851159768297549]]],"startup_list":[1,"hxxp://c.compete.com/","hxxp://edge.quantserve.com/","hxxp://fonts.divx.com/","hxxp://go.divx.com/","hxxp://partner.googleadservices.com/","hxxp://pixel.quantserve.com/","hxxp://pubads.g.doubleclick.net/","hxxp://www.divx.com/","hxxp://www.facebook.com/","hxxp://www.googletagservices.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"12945308203702040","next_check":"12989369054368539"},"blacklistupdate":{"lastpingday":"12945250800295040","version":"0.0.0.5"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"aciahcmjmecflokailenpkdchphgkefd":{"active_permissions":{"api":["unlimitedStorage"]},"app_launcher_ordinal":"t","granted_permissions":{"api":["unlimitedStorage"]},"incognito":true,"install_time":"12945308205979040","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://entanglement.gopherwoodstudios.com/"},"urls":["hxxp://entanglement.gopherwoodstudios.com/"]},"description":"Create the longest path possible and challenge your friends in the game of Entanglement.","icons":{"128":"icon-128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUmhWocpvLByaYty7BXdP5gGHPMabneLdA/eEYQz86oi2K5hJjmpAsQvNLAn6Q2kkzsOS4OXsqpM00J60N2uVLQyw4K9wrR4avsO3R9yCKfDqcGoXQW3y+Cg73bWM99DJtDsrbnJ9mC3OcSiTE97GBhCldQyB0lmTTCQnIamhitwIDAQAB","name":"Entanglement","permissions":["unlimitedStorage"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"2.1.1"},"page_ordinal":"n","path":"aciahcmjmecflokailenpkdchphgkefd\\2.1.1_0","state":1},"ahfgeienlihckogmohjhadlkjgocpleb":{"app_launcher_ordinal":"n","page_ordinal":"n"},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true,"install_time":"12945312488247187"},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true,"install_time":"12945312488247187"},"mcbkbpnkkkipelfledbfocopglifcfmi":{"active_permissions":{"api":["notifications","unlimitedStorage"]},"app_launcher_ordinal":"w","granted_permissions":{"api":["notifications","unlimitedStorage"]},"incognito":true,"install_time":"12945308213327040","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://poppit.pogo.com/hd/PoppitHD.html"},"urls":["hxxp://poppit.pogo.com/"]},"description":"The prickly puzzle game where popping balloons has never been so much fun!  Pop colorful strings of balloons to earn a bonus!","icons":{"128":"icon_poppit.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEE80zEq495GvVBavV3VqpSg6fxQ1uFruS/4lDt0R0OXwudOByq8DLehpIw6BZZzAFwNIh17wIImMSseLvf+ocyx5Ny1DTByIquqJ5g9K5mixHbRiZLZcZvJ9u7hOmiHz5YEQSj+0iVC5knN0jKv7If+aHVgyS+gYr4TOLTvKhQwIDAQAB","name":"Poppit","permissions":["unlimitedStorage","notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"2.2"},"page_ordinal":"n","path":"mcbkbpnkkkipelfledbfocopglifcfmi\\2.2_0","state":1},"nneajnkjbffgblleaoojgaacokifdkhm":{"active_permissions":{"api":["tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["hxxp://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12989368656605857","location":3,"manifest":{"content_scripts":[{"js":["script.js"],"matches":["hxxp://*/*"],"run_at":"document_end"}],"current_locale":"en_US","default_locale":"en","description":"Increase performance and video formats for your HTML5 <video>","icons":{"128":"DivXHTML5.128.png","48":"DivXHTML5.48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgKGj4sjJKwOs1NkcicEV4Rkq2kpG7jM+u/UGvcCzxtLTjUIbJ80v6eoI33XmcwiKILCymnIX591nlTXDOI+eHeHUAY42f3SIeh/bDlea9T6MMJXW1Fh7ZuG30QKivxtzwKSSgrspwbBTauN6Rq3FGoDrv2L9rNwmYBrUPA8Z4awIDAQAB","name":"DivX Plus Web Player HTML5 <video>","permissions":["tabs","hxxp://*/*"],"version":"2.1.2.145"},"path":"nneajnkjbffgblleaoojgaacokifdkhm\\2.1.2.145_0","state":1}}},"google":{"services":{"username":""}},"homepage":"hxxp://www.google.com/","homepage_is_newtabpage":false,"net":{"http_server_properties":{"googleads.g.doubleclick.net:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true}}},"ntp":{"gplus_required":false,"pref_version":3,"promo_closed":false,"promo_end":1380002400.0,"promo_group":23,"promo_group_max":1,"promo_group_timeslice":0,"promo_increment":1,"promo_initial_segment":4,"promo_line":"What do you think of Chrome? <a href=\"hxxp://survey.googleratings.com/wix/p5963862.aspx\">Take the survey</a>","promo_num_groups":1000,"promo_resource_cache_update":"1344895055.258846","promo_start":1344492000.0,"promo_views":0,"promo_views_max":15,"shown_sections":64,"web_resource_cache_update":"1303176339.989375"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75","plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\PepperFlash\\pepflashplayer.dll","version":"11.3.31.225"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\gcswf32.dll","version":"11,3,300,268"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_3_300_270.dll","version":"11,3,300,270"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.3.23"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.170.4","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeploytk.dll","version":"6.0.170.4"},{"enabled":true,"name":"Java™ Platform SE 6 U17","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.170.4"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin2.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin3.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin4.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin5.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin6.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin7.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"DivX VOD Helper Plug-in","path":"C:\\Program Files (x86)\\DivX\\DivX OVS Helper\\npovshelper.dll","version":"1.1.0.6"},{"enabled":true,"name":"DivX VOD Helper Plug-in"},{"enabled":true,"name":"DivX Plus Web Player","path":"C:\\Program Files (x86)\\DivX\\DivX Plus Web Player\\npdivx32.dll","version":"2, 2, 0, 52"},{"enabled":true,"name":"DivX Plus Web Player"},{"enabled":true,"name":"Google Earth Plugin","path":"C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll","version":"6.2.0.5788"},{"enabled":true,"name":"Google Earth Plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.115\\npGoogleUpdate3.dll","version":"1.3.21.115"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Microsoft Office Live Plug-in for Firefox","path":"C:\\Program Files (x86)\\Microsoft\\Office Live\\npOLW.dll","version":"2.0.4024.1"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"Windows Live? Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3508.1109_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Live? Photo Gallery"},{"enabled":true,"name":"eMusic Remote Plugin","path":"C:\\Program Files (x86)\\eMusic Download Manager\\plugin\\npemusic.dll","version":"4, 1, 3, 0"},{"enabled":true,"name":"eMusic Remote Plugin"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll","version":"5.1.10411.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Media Go Detector","path":"c:\\Program Files (x86)\\Sony\\Media Go\\npmediago.dll","version":"1.0.0.1"},{"enabled":true,"name":"Media Go Detector"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"multiple_profile_prefs_version":1,"name":"First user"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://www.google.com/"]},"tabs":{"use_vertical_tabs":false}}
CHR RestoreOnStartup: {"backup":{"_signature":"g0q5SAS9dHmXA12VqTfNT9/3Rv1j+L2htjCHe4i69Jw=","_version":4,"extensions":{"ids":["aciahcmjmecflokailenpkdchphgkefd","ahfgeienlihckogmohjhadlkjgocpleb","mcbkbpnkkkipelfledbfocopglifcfmi","nneajnkjbffgblleaoojgaacokifdkhm"]},"homepage":"hxxp://www.google.com/","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://www.google.com/"]}},"browser":{"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","window_placement":{"bottom":860,"left":20,"maximized":true,"right":1482,"top":20,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":2,"default_apps_installed":true,"default_search_provider":{"enabled":true,"encodings":"UTF-8","icon_url":"hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}&ion=1{searchTerms}&nord=1","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}"},"disable_video_chat":true,"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://att.my.yahoo.com/",["hxxp://icds.portal.att.net/",0.6245116281250012,"hxxp://l.yimg.com/",0.4903190468749998,"hxxp://rdir.att.net/",0.06193503749999999]],["hxxp://cm.g.doubleclick.net/",["hxxp://cm.g.doubleclick.net/",2.27338020,"hxxp://user.lucidmedia.com/",2.27338020]],["hxxp://googleads.g.doubleclick.net/",["hxxp://www.google.com/",3.264340799999999,"https://googleads.g.doubleclick.net/",3.264340799999999]],["hxxp://s.ytimg.com/",["hxxp://s.youtube.com/",0.175482606250,"hxxp://s0.2mdn.net/",0.05161253124999999,"hxxp://www.youtube.com/",0.2374176437499999]],["hxxp://us.mg203.mail.yahoo.com/",["hxxp://l.yimg.com/",0.196127618750,"hxxp://mail.yimg.com/",0.06709629062499999]],["hxxp://web.mail.com/",["hxxp://o.aolcdn.com/",0.1187088218750]],["hxxp://www.divx.com/",["hxxp://edge.quantserve.com/",2.27338020,"hxxp://fonts.divx.com/",2.60370040,"hxxp://partner.googleadservices.com/",2.27338020,"hxxp://www.divx.com/",13.83458719999999,"hxxp://www.googletagservices.com/",2.27338020]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",7.228183199999998]],["hxxp://www.youtube.com/",["hxxp://s.ytimg.com/",0.07228917190914999]],["https://appleid.apple.com/",["https://a248.e.akamai.net/",2.2709513750,"https://ssl.apple.com/",0.08258004999999999]],["https://iforgot.apple.com/",["https://ssl.apple.com/",0.5028299244499999]],["https://login.yahoo.com/",["https://s.yimg.com/",0.134192581250]],["https://p11-buy.itunes.apple.com/",["https://iforgot.apple.com/",0.2196629330]],["https://ssl.apple.com/",["https://securemetrics.apple.com/",0.1851159768297549]]],"startup_list":[1,"hxxp://c.compete.com/","hxxp://edge.quantserve.com/","hxxp://fonts.divx.com/","hxxp://go.divx.com/","hxxp://partner.googleadservices.com/","hxxp://pixel.quantserve.com/","hxxp://pubads.g.doubleclick.net/","hxxp://www.divx.com/","hxxp://www.facebook.com/","hxxp://www.googletagservices.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"12945308203702040","next_check":"12989369054368539"},"blacklistupdate":{"lastpingday":"12945250800295040","version":"0.0.0.5"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"aciahcmjmecflokailenpkdchphgkefd":{"active_permissions":{"api":["unlimitedStorage"]},"app_launcher_ordinal":"t","granted_permissions":{"api":["unlimitedStorage"]},"incognito":true,"install_time":"12945308205979040","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://entanglement.gopherwoodstudios.com/"},"urls":["hxxp://entanglement.gopherwoodstudios.com/"]},"description":"Create the longest path possible and challenge your friends in the game of Entanglement.","icons":{"128":"icon-128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDUmhWocpvLByaYty7BXdP5gGHPMabneLdA/eEYQz86oi2K5hJjmpAsQvNLAn6Q2kkzsOS4OXsqpM00J60N2uVLQyw4K9wrR4avsO3R9yCKfDqcGoXQW3y+Cg73bWM99DJtDsrbnJ9mC3OcSiTE97GBhCldQyB0lmTTCQnIamhitwIDAQAB","name":"Entanglement","permissions":["unlimitedStorage"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"2.1.1"},"page_ordinal":"n","path":"aciahcmjmecflokailenpkdchphgkefd\\2.1.1_0","state":1},"ahfgeienlihckogmohjhadlkjgocpleb":{"app_launcher_ordinal":"n","page_ordinal":"n"},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true,"install_time":"12945312488247187"},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true,"install_time":"12945312488247187"},"mcbkbpnkkkipelfledbfocopglifcfmi":{"active_permissions":{"api":["notifications","unlimitedStorage"]},"app_launcher_ordinal":"w","granted_permissions":{"api":["notifications","unlimitedStorage"]},"incognito":true,"install_time":"12945308213327040","location":1,"manifest":{"app":{"launch":{"web_url":"hxxp://poppit.pogo.com/hd/PoppitHD.html"},"urls":["hxxp://poppit.pogo.com/"]},"description":"The prickly puzzle game where popping balloons has never been so much fun!  Pop colorful strings of balloons to earn a bonus!","icons":{"128":"icon_poppit.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEE80zEq495GvVBavV3VqpSg6fxQ1uFruS/4lDt0R0OXwudOByq8DLehpIw6BZZzAFwNIh17wIImMSseLvf+ocyx5Ny1DTByIquqJ5g9K5mixHbRiZLZcZvJ9u7hOmiHz5YEQSj+0iVC5knN0jKv7If+aHVgyS+gYr4TOLTvKhQwIDAQAB","name":"Poppit","permissions":["unlimitedStorage","notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"2.2"},"page_ordinal":"n","path":"mcbkbpnkkkipelfledbfocopglifcfmi\\2.2_0","state":1},"nneajnkjbffgblleaoojgaacokifdkhm":{"active_permissions":{"api":["tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["hxxp://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12989368656605857","location":3,"manifest":{"content_scripts":[{"js":["script.js"],"matches":["hxxp://*/*"],"run_at":"document_end"}],"current_locale":"en_US","default_locale":"en","description":"Increase performance and video formats for your HTML5 <video>","icons":{"128":"DivXHTML5.128.png","48":"DivXHTML5.48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgKGj4sjJKwOs1NkcicEV4Rkq2kpG7jM+u/UGvcCzxtLTjUIbJ80v6eoI33XmcwiKILCymnIX591nlTXDOI+eHeHUAY42f3SIeh/bDlea9T6MMJXW1Fh7ZuG30QKivxtzwKSSgrspwbBTauN6Rq3FGoDrv2L9rNwmYBrUPA8Z4awIDAQAB","name":"DivX Plus Web Player HTML5 <video>","permissions":["tabs","hxxp://*/*"],"version":"2.1.2.145"},"path":"nneajnkjbffgblleaoojgaacokifdkhm\\2.1.2.145_0","state":1}}},"google":{"services":{"username":""}},"homepage":"hxxp://www.google.com/","homepage_is_newtabpage":false,"net":{"http_server_properties":{"googleads.g.doubleclick.net:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true}}},"ntp":{"gplus_required":false,"pref_version":3,"promo_closed":false,"promo_end":1380002400.0,"promo_group":23,"promo_group_max":1,"promo_group_timeslice":0,"promo_increment":1,"promo_initial_segment":4,"promo_line":"What do you think of Chrome? <a href=\"hxxp://survey.googleratings.com/wix/p5963862.aspx\">Take the survey</a>","promo_num_groups":1000,"promo_resource_cache_update":"1344895055.258846","promo_start":1344492000.0,"promo_views":0,"promo_views_max":15,"shown_sections":64,"web_resource_cache_update":"1303176339.989375"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75","plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\PepperFlash\\pepflashplayer.dll","version":"11.3.31.225"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\gcswf32.dll","version":"11,3,300,268"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_3_300_270.dll","version":"11,3,300,270"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.75\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.3.23"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.170.4","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeploytk.dll","version":"6.0.170.4"},{"enabled":true,"name":"Java™ Platform SE 6 U17","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.170.4"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin2.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin3.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin4.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin5.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin6.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime Plug-in 7.6.6","path":"C:\\Program Files (x86)\\QuickTime\\plugins\\npqtplugin7.dll","version":"7.6.6 (1673)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"DivX VOD Helper Plug-in","path":"C:\\Program Files (x86)\\DivX\\DivX OVS Helper\\npovshelper.dll","version":"1.1.0.6"},{"enabled":true,"name":"DivX VOD Helper Plug-in"},{"enabled":true,"name":"DivX Plus Web Player","path":"C:\\Program Files (x86)\\DivX\\DivX Plus Web Player\\npdivx32.dll","version":"2, 2, 0, 52"},{"enabled":true,"name":"DivX Plus Web Player"},{"enabled":true,"name":"Google Earth Plugin","path":"C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll","version":"6.2.0.5788"},{"enabled":true,"name":"Google Earth Plugin"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.115\\npGoogleUpdate3.dll","version":"1.3.21.115"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Microsoft Office Live Plug-in for Firefox","path":"C:\\Program Files (x86)\\Microsoft\\Office Live\\npOLW.dll","version":"2.0.4024.1"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"Windows Live? Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3508.1109_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Live? Photo Gallery"},{"enabled":true,"name":"eMusic Remote Plugin","path":"C:\\Program Files (x86)\\eMusic Download Manager\\plugin\\npemusic.dll","version":"4, 1, 3, 0"},{"enabled":true,"name":"eMusic Remote Plugin"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll","version":"5.1.10411.0"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Media Go Detector","path":"c:\\Program Files (x86)\\Sony\\Media Go\\npmediago.dll","version":"1.0.0.1"},{"enabled":true,"name":"Media Go Detector"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"multiple_profile_prefs_version":1,"name":"First user"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://www.google.com/"]},"tabs":{"use_vertical_tabs":false}}
CHR DefaultSearchURL: () -
CHR DefaultSuggestURL: () -
CHR Extension: (Entanglement) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0
CHR Extension: (Poppit) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0

==================== Services (Whitelisted) =================

R3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [340520 2010-09-17] (Kaspersky Lab)
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [109352 2013-04-23] (SurfRight B.V.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
R2 sprtlisten; C:\Program Files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [1213728 2008-01-08] (SupportSoft, Inc.)
S3 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [394608 2008-01-08] (SupportSoft, Inc.)
R2 UTSCSI; C:\Windows\SysWow64\UTSCSI.EXE [45056 2012-04-02] ()
R2 VideoDownloadConverter_4zService; C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [42504 2012-11-12] (COMPANYVERS_NAME)

==================== Drivers (Whitelisted) ====================

R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-09-01] (Kaspersky Lab)
R0 KLBG; C:\Windows\System32\DRIVERS\klbg.sys [40464 2009-10-14] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [353296 2009-11-11] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [27152 2009-11-03] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [21008 2009-10-02] (Kaspersky Lab)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 motccgp; system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [x]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-23 15:32 - 2013-04-23 15:32 - 00000000 ___SD C:\ComboFix
2013-04-23 15:32 - 2000-08-30 18:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-04-23 15:32 - 2000-08-30 18:00 - 00098816 ____A C:\Windows\sed.exe
2013-04-23 15:32 - 2000-08-30 18:00 - 00080412 ____A C:\Windows\grep.exe
2013-04-23 15:28 - 2013-04-23 15:32 - 00000000 ____D C:\Qoobox
2013-04-23 15:27 - 2013-04-23 15:27 - 00000000 ____D C:\Windows\erdnt
2013-04-23 15:23 - 2013-04-23 15:27 - 05059674 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-04-23 15:04 - 2013-04-23 15:04 - 00000000 ____D C:\FRST
2013-04-23 14:56 - 2013-04-23 14:56 - 00000978 ____A C:\Windows\System32\.crusader
2013-04-23 14:15 - 2013-04-23 15:18 - 00001899 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-23 14:15 - 2013-04-23 14:57 - 00000000 ____D C:ProgramData\HitmanPro
2013-04-23 14:15 - 2013-04-23 14:15 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-22 16:53 - 2013-04-22 16:53 - 00003288 ____N C:\bootsqm.dat
2013-04-22 15:23 - 2013-04-22 15:23 - 00001085 ____A C:\Users\Owner\Desktop\rob andersen timberline - Shortcut.lnk
2013-04-22 10:28 - 2013-04-22 10:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{660DA362-9346-4A18-A3FE-603B0B3A0FD1}
2013-04-19 13:45 - 2013-04-19 13:45 - 00276408 ____A C:\Windows\Minidump\041913-29733-01.dmp
2013-04-19 13:42 - 2013-04-19 13:42 - 00276408 ____A C:\Windows\Minidump\041913-27362-01.dmp
2013-04-19 12:44 - 2013-04-19 12:45 - 00288848 ____A C:\Windows\Minidump\041913-30872-01.dmp
2013-04-15 11:17 - 2013-04-15 12:17 - 00212410 ____A C:\Users\Owner\Downloads\Canyons RMA 3-30-13.pdf.yr8veqo.partial
2013-04-12 09:36 - 2013-04-23 13:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-11 03:02 - 2013-02-21 04:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-11 03:02 - 2013-02-21 04:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-11 03:02 - 2013-02-21 04:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-11 03:02 - 2013-02-21 04:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-11 03:02 - 2013-02-21 04:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-11 03:02 - 2013-02-21 04:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-11 03:02 - 2013-02-21 04:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-11 03:02 - 2013-02-19 06:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-11 03:02 - 2013-02-19 05:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-11 03:02 - 2013-02-19 05:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-11 03:02 - 2013-02-19 04:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 11:35 - 2013-03-02 00:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-10 11:35 - 2013-02-28 21:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 11:35 - 2013-02-15 00:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 11:35 - 2013-02-15 00:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 11:35 - 2013-02-15 00:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 11:35 - 2013-02-14 22:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 11:35 - 2013-02-14 22:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 11:35 - 2013-02-14 21:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 11:33 - 2013-03-19 00:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 11:33 - 2013-03-18 23:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 11:33 - 2013-03-18 23:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 11:33 - 2013-03-18 23:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 11:33 - 2013-03-18 22:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 11:33 - 2013-03-18 21:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 11:33 - 2013-01-24 00:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-05 14:41 - 2013-04-05 14:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE9AA4F9-890D-4C78-B73D-21C386C644F8}
2013-04-01 20:46 - 2013-04-12 13:10 - 00000000 ____D C:\Users\Owner\Desktop\2013 PBI TO DO INFO
2013-04-01 15:46 - 2013-04-01 20:20 - 00000000 ____D C:\Users\Owner\Desktop\PBI POTENTIAL CLIENTS 2013
2013-03-28 15:08 - 2013-04-01 20:22 - 00000000 ____D C:\Users\Owner\Desktop\ptc 2013 potential clients
2013-03-28 08:10 - 2013-03-28 08:10 - 00276408 ____A C:\Windows\Minidump\032813-26816-01.dmp
2013-03-28 08:00 - 2013-04-23 14:58 - 00002174 ____A C:\Windows\setupact.log
2013-03-28 08:00 - 2013-03-28 08:00 - 00284720 ____A C:\Windows\Minidump\032813-32073-01.dmp
2013-03-28 07:59 - 2013-04-19 13:45 - 459473208 ____A C:\Windows\MEMORY.DMP
2013-03-27 17:58 - 2013-04-23 14:59 - 00000000 ____D C:\Users\Owner\.gstreamer-0.10
2013-03-27 17:43 - 2013-03-27 17:43 - 00276464 ____A C:\Windows\Minidump\032713-33743-01.dmp
2013-03-27 17:30 - 2013-03-27 17:30 - 00276464 ____A C:\Windows\Minidump\032713-31808-01.dmp
2013-03-27 17:15 - 2013-03-27 17:16 - 00288848 ____A C:\Windows\Minidump\032713-31824-01.dmp
2013-03-27 16:04 - 2013-03-27 16:04 - 00276408 ____A C:\Windows\Minidump\032713-32479-01.dmp
2013-03-27 15:39 - 2013-03-27 15:39 - 00276408 ____A C:\Windows\Minidump\032713-32011-01.dmp
2013-03-27 15:28 - 2013-03-27 15:28 - 00276464 ____A C:\Windows\Minidump\032713-30248-01.dmp
2013-03-27 15:00 - 2013-03-27 15:00 - 00288848 ____A C:\Windows\Minidump\032713-36161-01.dmp
2013-03-27 14:58 - 2013-03-27 14:58 - 02250054 ____A C:ProgramData\1.bmp
2013-03-27 14:57 - 2013-03-27 14:57 - 00350795 ____A C:ProgramData\1.jpg
2013-03-26 07:04 - 2013-03-26 07:04 - 00002174 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-25 12:31 - 2013-03-25 12:31 - 00768948 ____A C:\Users\Owner\Downloads\Grand Summit 2013-2014 Budget Package.zip

==================== One Month Modified Files and Folders =======

2013-04-23 15:32 - 2013-04-23 15:32 - 00000000 ___SD C:\ComboFix
2013-04-23 15:32 - 2013-04-23 15:28 - 00000000 ____D C:\Qoobox
2013-04-23 15:27 - 2013-04-23 15:27 - 00000000 ____D C:\Windows\erdnt
2013-04-23 15:27 - 2013-04-23 15:23 - 05059674 ____R (Swearware) C:\Users\Owner\Downloads\ComboFix.exe
2013-04-23 15:27 - 2012-04-05 17:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MotoCast
2013-04-23 15:27 - 2009-11-09 15:28 - 00000000 ____D C:ProgramData\Kaspersky Lab
2013-04-23 15:18 - 2013-04-23 14:15 - 00001899 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2013-04-23 15:10 - 2009-07-13 22:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-23 15:10 - 2009-07-13 22:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-23 15:09 - 2009-09-26 10:10 - 01631572 ____A C:\Windows\WindowsUpdate.log
2013-04-23 15:05 - 2012-06-08 14:15 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-23 15:04 - 2013-04-23 15:04 - 00000000 ____D C:\FRST
2013-04-23 15:04 - 2012-11-28 07:34 - 00000000 ___RD C:\Users\Owner\Documents\Inbox.com Virtual Storage
2013-04-23 15:01 - 2008-09-19 04:55 - 00014466 ____A C:\Windows\SysWOW64\NapaSet.txt
2013-04-23 15:00 - 2011-03-14 09:56 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2013-04-23 15:00 - 2009-12-01 23:20 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-23 14:59 - 2013-03-27 17:58 - 00000000 ____D C:\Users\Owner\.gstreamer-0.10
2013-04-23 14:59 - 2010-05-08 18:01 - 00000464 ____A C:\Windows\Tasks\SDMsgUpdate (TE).job
2013-04-23 14:59 - 2010-01-28 07:00 - 00000000 ____D C:\Program Files (x86)\Inbox
2013-04-23 14:58 - 2013-03-28 08:00 - 00002174 ____A C:\Windows\setupact.log
2013-04-23 14:58 - 2009-12-01 23:20 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-23 14:58 - 2009-07-13 23:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-23 14:57 - 2013-04-23 14:15 - 00000000 ____D C:ProgramData\HitmanPro
2013-04-23 14:56 - 2013-04-23 14:56 - 00000978 ____A C:\Windows\System32\.crusader
2013-04-23 14:20 - 2010-02-11 06:30 - 00000000 ____D C:ProgramData\Recovery
2013-04-23 14:18 - 2012-10-23 10:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-23 14:18 - 2010-11-14 08:49 - 00000000 ____D C:\Windows\Minidump
2013-04-23 14:18 - 2009-11-09 15:36 - 00000000 ____D C:ProgramData\Microsoft Help
2013-04-23 14:18 - 2009-11-09 15:05 - 00000000 ____D C:\users\Owner
2013-04-23 14:18 - 2009-07-13 23:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-23 14:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-23 14:15 - 2013-04-23 14:15 - 00000000 ____D C:\Program Files\HitmanPro
2013-04-23 13:59 - 2013-04-12 09:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-23 13:59 - 2012-05-08 17:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-23 13:59 - 2011-03-14 09:56 - 00000000 ____D C:ProgramData\Skype
2013-04-23 13:59 - 2010-12-25 10:52 - 00000000 ____D C:ProgramData\McAfee Security Scan
2013-04-23 13:59 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-04-22 16:53 - 2013-04-22 16:53 - 00003288 ____N C:\bootsqm.dat
2013-04-22 16:43 - 2009-07-13 23:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-22 16:30 - 2009-11-09 15:30 - 00595298 ____A C:\Windows\PFRO.log
2013-04-22 16:28 - 2011-05-19 07:38 - 00000000 ____D C:\Users\Owner\Desktop\pbi docs build quest
2013-04-22 15:23 - 2013-04-22 15:23 - 00001085 ____A C:\Users\Owner\Desktop\rob andersen timberline - Shortcut.lnk
2013-04-22 11:31 - 2013-03-07 08:17 - 00000000 ____D C:\Users\Owner\Desktop\KO & TODD
2013-04-22 10:28 - 2013-04-22 10:28 - 00000000 ____D C:\Users\Owner\AppData\Local\{660DA362-9346-4A18-A3FE-603B0B3A0FD1}
2013-04-20 14:06 - 2011-04-18 17:48 - 00000000 ____D C:\Program Files (x86)\Total 3D
2013-04-19 13:48 - 2012-10-23 10:18 - 00001075 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-19 13:45 - 2013-04-19 13:45 - 00276408 ____A C:\Windows\Minidump\041913-29733-01.dmp
2013-04-19 13:45 - 2013-03-28 07:59 - 459473208 ____A C:\Windows\MEMORY.DMP
2013-04-19 13:42 - 2013-04-19 13:42 - 00276408 ____A C:\Windows\Minidump\041913-27362-01.dmp
2013-04-19 12:45 - 2013-04-19 12:44 - 00288848 ____A C:\Windows\Minidump\041913-30872-01.dmp
2013-04-17 21:25 - 2012-04-12 15:48 - 00000000 ____D C:\Users\Owner\Desktop\Real Estate clients 2012
2013-04-15 12:17 - 2013-04-15 11:17 - 00212410 ____A C:\Users\Owner\Downloads\Canyons RMA 3-30-13.pdf.yr8veqo.partial
2013-04-12 13:10 - 2013-04-01 20:46 - 00000000 ____D C:\Users\Owner\Desktop\2013 PBI TO DO INFO
2013-04-11 03:28 - 2009-07-13 22:45 - 00377512 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-11 03:04 - 2009-11-09 15:26 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-08 08:31 - 2012-04-23 18:54 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-04-08 08:31 - 2009-12-22 19:31 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-04-08 08:27 - 2012-10-25 08:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-04-08 08:26 - 2009-12-22 19:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2013-04-08 08:26 - 2009-12-22 19:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HP Support Assistant
2013-04-06 18:22 - 2012-01-10 17:01 - 00000000 ____D C:\Users\Owner\Desktop\timberwolf johanne dean alain
2013-04-05 14:41 - 2013-04-05 14:41 - 00000000 ____D C:\Users\Owner\AppData\Local\{EE9AA4F9-890D-4C78-B73D-21C386C644F8}
2013-04-04 14:50 - 2012-10-23 10:18 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-01 20:22 - 2013-03-28 15:08 - 00000000 ____D C:\Users\Owner\Desktop\ptc 2013 potential clients
2013-04-01 20:20 - 2013-04-01 15:46 - 00000000 ____D C:\Users\Owner\Desktop\PBI POTENTIAL CLIENTS 2013
2013-04-01 11:42 - 2011-05-27 06:13 - 00000000 ____D C:\Users\Owner\Desktop\unclaimed money
2013-04-01 07:18 - 2009-11-10 19:01 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2013-04-01 06:50 - 2009-11-09 15:24 - 00000552 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-03-28 15:13 - 2012-10-27 13:12 - 00000000 ____D C:\Users\Owner\Desktop\ptc scraper results
2013-03-28 13:04 - 2010-01-04 15:13 - 00000000 ____D C:\Users\Owner\Desktop\fischer meadows
2013-03-28 12:50 - 2012-05-16 16:50 - 00000000 ____D C:\Users\Owner\Desktop\real estate forms
2013-03-28 08:10 - 2013-03-28 08:10 - 00276408 ____A C:\Windows\Minidump\032813-26816-01.dmp
2013-03-28 08:00 - 2013-03-28 08:00 - 00284720 ____A C:\Windows\Minidump\032813-32073-01.dmp
2013-03-27 17:51 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-03-27 17:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-27 17:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-03-27 17:51 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-03-27 17:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-03-27 17:43 - 2013-03-27 17:43 - 00276464 ____A C:\Windows\Minidump\032713-33743-01.dmp
2013-03-27 17:30 - 2013-03-27 17:30 - 00276464 ____A C:\Windows\Minidump\032713-31808-01.dmp
2013-03-27 17:16 - 2013-03-27 17:15 - 00288848 ____A C:\Windows\Minidump\032713-31824-01.dmp
2013-03-27 16:04 - 2013-03-27 16:04 - 00276408 ____A C:\Windows\Minidump\032713-32479-01.dmp
2013-03-27 15:39 - 2013-03-27 15:39 - 00276408 ____A C:\Windows\Minidump\032713-32011-01.dmp
2013-03-27 15:28 - 2013-03-27 15:28 - 00276464 ____A C:\Windows\Minidump\032713-30248-01.dmp
2013-03-27 15:00 - 2013-03-27 15:00 - 00288848 ____A C:\Windows\Minidump\032713-36161-01.dmp
2013-03-27 15:00 - 2013-01-20 22:28 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-03-27 14:58 - 2013-03-27 14:58 - 02250054 ____A C:ProgramData\1.bmp
2013-03-27 14:57 - 2013-03-27 14:57 - 00350795 ____A C:ProgramData\1.jpg
2013-03-26 07:04 - 2013-03-26 07:04 - 00002174 ____A C:\Users\Public\Desktop\Google Earth.lnk
2013-03-25 12:31 - 2013-03-25 12:31 - 00768948 ____A C:\Users\Owner\Downloads\Grand Summit 2013-2014 Budget Package.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 23 April 2013 - 05:15 PM

Please download the OTM by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:ProgramData\1.bmp
    C:ProgramData\1.jpg
  • Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
 

If you ran Combofix, please post the C:\Combofix.txt


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 srhino

srhino
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 23 April 2013 - 08:30 PM

Just ran combo fix

 

ComboFix 13-04-23.02 - Owner 04/23/2013  19:03:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7928.5533 [GMT -6:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Owner\AppData\Roaming\Bipuuh
c:\users\Owner\AppData\Roaming\Bipuuh\isdo.ulf
c:\users\Owner\AppData\Roaming\cusry.dll
c:\users\Owner\AppData\Roaming\msnap.dll
c:\users\Owner\AppData\Roaming\redline2stapler.tmp
c:\users\Owner\Documents\~WRL0003.tmp
c:\users\Owner\videos\mediago_setup.exe
c:\windows\SysWow64\twain.dll
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-24 to 2013-04-24  )))))))))))))))))))))))))))))))
.
.
2013-04-24 01:10 . 2013-04-24 01:10    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-04-24 00:55 . 2013-04-24 00:55    --------    d-----w-    C:\_OTM
2013-04-23 22:14 . 2013-04-23 22:14    --------    d-----w-    c:\programdata\5AA588E2A310A29F00005AA52E40A5D0
2013-04-23 21:04 . 2013-04-23 21:04    --------    d-----w-    C:\FRST
2013-04-23 20:15 . 2013-04-23 20:15    --------    d-----w-    c:\program files\HitmanPro
2013-04-23 20:15 . 2013-04-23 20:57    --------    d-----w-    c:\programdata\HitmanPro
2013-04-10 17:35 . 2013-02-15 06:06    3717632    ----a-w-    c:\windows\system32\mstscax.dll
2013-04-10 17:35 . 2013-02-15 04:37    3217408    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-04-10 17:35 . 2013-02-15 04:34    131584    ----a-w-    c:\windows\SysWow64\aaclient.dll
2013-04-10 17:35 . 2013-02-15 06:08    44032    ----a-w-    c:\windows\system32\tsgqec.dll
2013-04-10 17:35 . 2013-02-15 06:02    158720    ----a-w-    c:\windows\system32\aaclient.dll
2013-04-10 17:35 . 2013-02-15 03:25    36864    ----a-w-    c:\windows\SysWow64\tsgqec.dll
2013-04-10 17:35 . 2013-03-01 03:36    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-04-10 17:35 . 2013-03-02 06:04    1655656    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 17:33 . 2013-01-24 06:01    223752    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-04-10 17:33 . 2013-03-19 06:04    5550424    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-10 17:33 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 17:33 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 17:33 . 2013-03-19 05:46    43520    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-10 17:33 . 2013-03-19 04:47    6656    ----a-w-    c:\windows\SysWow64\apisetschema.dll
2013-04-10 17:33 . 2013-03-19 03:06    112640    ----a-w-    c:\windows\system32\smss.exe
2013-03-27 23:58 . 2013-04-23 22:50    --------    d-----w-    c:\users\Owner\.gstreamer-0.10
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 09:04 . 2009-11-09 21:26    72702784    ----a-w-    c:\windows\system32\MRT.exe
2013-04-04 20:50 . 2012-10-23 16:18    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-19 09:04 . 2013-03-19 09:04    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-19 09:04 . 2013-03-19 09:04    226304    ----a-w-    c:\windows\system32\elshyph.dll
2013-03-19 09:04 . 2013-03-19 09:04    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-03-19 09:04 . 2013-03-19 09:04    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-03-19 09:04 . 2013-03-19 09:04    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-03-19 09:04 . 2013-03-19 09:04    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-03-19 09:04 . 2013-03-19 09:04    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-03-19 09:04 . 2013-03-19 09:04    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-03-19 09:04 . 2013-03-19 09:04    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-03-19 09:04 . 2013-03-19 09:04    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-03-19 09:04 . 2013-03-19 09:04    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-03-19 09:04 . 2013-03-19 09:04    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-03-19 09:04 . 2013-03-19 09:04    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-19 09:04 . 2013-03-19 09:04    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-03-19 09:04 . 2013-03-19 09:04    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-03-19 09:04 . 2013-03-19 09:04    361984    ----a-w-    c:\windows\SysWow64\html.iec
2013-03-19 09:04 . 2013-03-19 09:04    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-03-19 09:04 . 2013-03-19 09:04    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-03-19 09:04 . 2013-03-19 09:04    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-03-19 09:04 . 2013-03-19 09:04    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-03-19 09:04 . 2013-03-19 09:04    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-03-19 09:04 . 2013-03-19 09:04    441856    ----a-w-    c:\windows\system32\html.iec
2013-03-19 09:04 . 2013-03-19 09:04    281600    ----a-w-    c:\windows\system32\dxtrans.dll
2013-03-19 09:04 . 2013-03-19 09:04    216064    ----a-w-    c:\windows\system32\msls31.dll
2013-03-19 09:04 . 2013-03-19 09:04    197120    ----a-w-    c:\windows\system32\msrating.dll
2013-03-19 09:04 . 2013-03-19 09:04    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-03-19 09:04 . 2013-03-19 09:04    97280    ----a-w-    c:\windows\system32\mshtmled.dll
2013-03-19 09:04 . 2013-03-19 09:04    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-03-19 09:04 . 2013-03-19 09:04    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2013-03-19 09:04 . 2013-03-19 09:04    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-03-19 09:04 . 2013-03-19 09:04    247296    ----a-w-    c:\windows\system32\webcheck.dll
2013-03-19 09:04 . 2013-03-19 09:04    235008    ----a-w-    c:\windows\system32\url.dll
2013-03-19 09:04 . 2013-03-19 09:04    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-03-19 09:04 . 2013-03-19 09:04    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-03-19 09:04 . 2013-03-19 09:04    144896    ----a-w-    c:\windows\system32\wextract.exe
2013-03-19 09:04 . 2013-03-19 09:04    102912    ----a-w-    c:\windows\system32\inseng.dll
2013-03-19 09:04 . 2013-03-19 09:04    599552    ----a-w-    c:\windows\system32\vbscript.dll
2013-03-19 09:04 . 2013-03-19 09:04    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-03-19 09:04 . 2013-03-19 09:04    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2013-03-19 09:04 . 2013-03-19 09:04    51200    ----a-w-    c:\windows\system32\imgutil.dll
2013-03-19 09:04 . 2013-03-19 09:04    149504    ----a-w-    c:\windows\system32\occache.dll
2013-03-19 09:04 . 2013-03-19 09:04    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-03-19 09:04 . 2013-03-19 09:04    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-03-19 09:04 . 2013-03-19 09:04    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-03-19 09:04 . 2013-03-19 09:04    136192    ----a-w-    c:\windows\system32\iepeers.dll
2013-03-19 09:04 . 2013-03-19 09:04    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-03-19 09:04 . 2013-03-19 09:04    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-03-19 09:04 . 2013-03-19 09:04    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-03-19 09:04 . 2013-03-19 09:04    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-03-13 15:07 . 2012-06-08 20:15    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 15:07 . 2012-06-08 20:15    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45 . 2013-03-13 19:20    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 19:20    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 19:20    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 19:20    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 19:20    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 19:20    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 21:19    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}]
2012-11-12 13:24    707728    ----a-w-    c:\progra~2\VIDEOD~2\bar\1.bin\4zbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
2011-05-09 09:49    176936    ----a-w-    c:\program files (x86)\eMusic\prxtbeMu0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}]
2012-11-12 13:24    62864    ----a-w-    c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9ee802e8-c931-47ab-b570-aa8f791598ca}"= "c:\program files (x86)\eMusic\prxtbeMu0.dll" [2011-05-09 176936]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [2012-11-12 707728]
.
[HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-08-23 50592]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-10-24 2017]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-10 39408]
"CrawlerMail"="c:\progra~2\inbox\cmail.exe" [2010-01-28 1395200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"Qwest Personal Digital Vault"="c:\program files (x86)\Qwest Personal Digital Vault\QwestPersonalDigitalVault.exe" [2009-12-18 1064808]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"VideoDownloadConverter Search Scope Monitor"="c:\progra~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" [2012-11-12 42536]
"VideoDownloadConverter_4z Browser Plugin Loader"="c:\progra~2\VIDEOD~2\bar\1.bin\4zbrmon.exe" [2012-11-12 30096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"avp"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-09-17 340520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 09:41    49208    ----a-w-    c:\program files (x86)\hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 17:47    62768    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
2009-05-20 05:16    222504    ------w-    c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-31 237936]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-15 40464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-11-03 27152]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-28 203264]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-09-08 87992]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-04-23 109352]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-20 3289208]
S2 sprtlisten;SupportSoft Listener Service;c:\program files (x86)\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 VideoDownloadConverter_4zService;VideoDownloadConverterService;c:\progra~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2012-11-12 42504]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-04-24 32000]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-03 21008]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 13:00    1642448    ----a-w-    c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 15:07]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 05:20]
.
2013-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-02 05:20]
.
2013-03-27 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-04-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
2013-04-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-05-09 16:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BbPrintMonitor"="c:\program files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe" [2010-11-30 201376]
"BbInstallUser"="c:\program files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe" [2011-06-06 38560]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Inbox Search - tbr:iemenu
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Inbox\ctbr.dll
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://pcmls.com/5.5.13.26155/Control/IRCSharc.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o4x69nyp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.mail.com/tb/en-us/mff_startpage
FF - ExtSQL: 2013-04-23 16:45; {04591b42-ac63-11e2-8274-b8ac6f996f26}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\o4x69nyp.default\extensions\{04591b42-ac63-11e2-8274-b8ac6f996f26}.xpi
FF - ExtSQL: !HIDDEN! 2012-11-12 06:25; 4zffxtbr@VideoDownloadConverter_4z.com; c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-HP Remote Solution - %ProgramFiles(x86)%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{9EE802E8-C931-47AB-B570-AA8F791598CA} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-msnap - c:\users\Owner\AppData\Roaming\msnap.dll
HKLM-Run-cusry - c:\users\Owner\AppData\Roaming\cusry.dll
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3616773141-1212709838-2073199141-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3616773141-1212709838-2073199141-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\windows\SysWOW64\UTSCSI.EXE
c:\progra~2\Inbox\CToolbar.exe
c:\program files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
c:\program files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
.
**************************************************************************
.
Completion time: 2013-04-23  19:23:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-24 01:23
.
Pre-Run: 558,912,045,056 bytes free
Post-Run: 568,578,490,368 bytes free
.
- - End Of File - - 240A4E80395A24073EBAE6760024F4E4
 



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,538 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:03 PM

Posted 23 April 2013 - 09:14 PM

I would recommend you remove Hitman Pro. It is the cause of many unbootable computers.

 

How is the computer doing?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 srhino

srhino
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 24 April 2013 - 11:38 AM

I removed hitman thanks.  and the computer is doing alright a few quirks

 

upon start up I get these two messages:

 

There was problem starting

C:\users\owner\appdata\roaming\cursy.dll

the specified module could not be found

 

There was problem starting

c:\users\owners\appdata\roaming\msnap.dll

the specified module could not be found






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users