Welcome to Smokey's Security Forums.
Guests only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Back to school: Warning over phishing scam targeting students

Emails claiming to be from the Student Loan Company are trying to steal personal data and banking information from new and returning students

Back to school: Warning over phishing scam targeting students

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: [RESOLVED] Toparcadehits adware help?  (Read 5931 times)

0 Members and 1 Guest are viewing this topic.

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3408
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Toparcadehits adware help?
« Reply #14 on: July 25, 2013, 10:28:53 AM »
As this topic has been resolved this thread will now be closed and marked as resolved.

If you need this topic reopened, please contact one of the Moderating/Admin team by PM and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.

Everyone else please begin a New Topic.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Toparcadehits adware help?
« Reply #13 on: July 24, 2013, 09:40:57 PM »
Ok Pete, done, learned a lot in this thread, thanks for the help yet again! Till next time, all the best!

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3408
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Toparcadehits adware help?
« Reply #12 on: July 24, 2013, 03:33:32 PM »
Hi Mike,

Let's finish off and remove the tools we used.

Step 1
Restart MBAM.
Click on the Quarantine tab
If there are items in quarantine.....
Make sure everything is selected and then click Delete All.
Close MBAM.


Step 2
  • Please double-click OTL.exe to run it.
  • You should see a CleanUp! button, press that button,



  • This will cleanup an assortment of tools used during malware removal, plus itself
Note:
MBAM will not be removed.


Step 3
Now you should set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. 

Click on Start... Control Panel... System and Maintenance... System
Click on System Protection in the left-hand task list.
Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

When you uncheck a disk you will be presented with a screen.
You should click on the Turn System Protection Off button.
Click Apply and then OK.

Reboot your computer.

Now:
Click on Start... Control Panel... System and Maintenance... System
Click on System Protection in the left-hand task list.
Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
Click Apply and then OK.

Your System restore will now be active again... starting with a new restore point.

To find out how you may have been infected....read this topic:
How did i get infected?
 

Glad I was able to help.

Safe surfing.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Toparcadehits adware help?
« Reply #11 on: July 24, 2013, 01:21:57 PM »
Sorry about the typo Pete, Toparcade has NOT showed up since. So it was a combination of both methods which fixed this, will refer back to this for any similar situation in the future [thanks for the help!]. My HDD has 36gb free so I don't see it as urgent right now but I haven't done any maintenance work on this pc in a while so I guess that's due.

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3408
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Toparcadehits adware help?
« Reply #10 on: July 24, 2013, 10:22:41 AM »
Hi Mike

Quote
so far toparcadehits has showed up,

Do you mean that TopArcadeHits Hasn't shown up?

Quote
so was it the JRT tool which removed it?

JRT did remove some parts of it, but this one line still remained in your Firefox extensions....
[2013/06/12 14:50:38 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\USERS\LIVING ROOM\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}

But we took care of that with the Otl fix.

Quote
Drive C: | 222.77 Gb Total Space | 37.70 Gb Free Space | 16.92% Space Free | Partition Type: NTFS

The system is still very low of available free space.
Freeing up some extra space may show an improvement in the running of the system.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Toparcadehits adware help?
« Reply #9 on: July 23, 2013, 01:13:45 PM »
Hey Pete, did as per your instructions but only one file opened when OTL was finished, here's the log below but so far toparcadehits has showed up, so was it the JRT tool which removed it?

OTL logfile created on: 7/23/2013 6:50:41 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\living room\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.36% Memory free
4.22 Gb Paging File | 2.68 Gb Available in Paging File | 63.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 37.70 Gb Free Space | 16.92% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.08 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 152.42 Gb Free Space | 32.72% Space Free | Partition Type: NTFS
 
Computer Name: LIVINGROOM | User Name: living room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\living room\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dldocoms.exe ( )
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\dlcjcoms.exe ( )
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\FeaturesBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\FtuEngine.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\BackupLib.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ec19fdffa5eaea430a77160272ed897e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c37bcdac22f4bcd9531dfcc4b9ebda56\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\df55f04bc0ebe6c1abde4bc467bf4d03\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\98e3281d79512c9a2a0a89e3bc2e554f\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\zlib1.dll ()
MOD - c:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dldo_device) -- C:\Windows\System32\dldocoms.exe ( )
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (dlcj_device) -- C:\Windows\System32\dlcjcoms.exe ( )
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (x10nets) -- C:\Program Files\Common Files\Snapstream\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (RsFx0150) -- C:\Windows\System32\drivers\RsFx0150.sys (Microsoft Corporation)
DRV - (NCHSSVAD) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (CAM1690) -- C:\Windows\System32\drivers\cam1690.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (X10UIF) -- C:\Windows\System32\drivers\x10uif.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 94 42 02 41 7D 32 4C A0 45 F0 0E A3 8D 53 4C  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {42C76EC4-2FDD-4157-8D47-7A5AADDF71C5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B78DADB4B-7468-4c1c-8612-00FBF356A9FF%7D:1.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\living room\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\living room\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\living room\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\living room\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{78DADB4B-7468-4c1c-8612-00FBF356A9FF}: C:\Program Files\Kotato\YouTube Downloader\YTD_FF.xpi [2013/03/15 22:21:58 | 000,012,553 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/17 18:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2012/11/16 08:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\Mozilla\Extensions
[2009/06/24 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/05/17 10:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 06:28:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/16 19:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/05/16 19:45:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/15 22:21:58 | 000,012,553 | ---- | M] () (No name found) -- C:\PROGRAM FILES\KOTATO\YOUTUBE DOWNLOADER\YTD_FF.XPI
[2009/09/02 03:02:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/28 11:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/07/29 09:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwangwang.dll
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013/07/20 10:31:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download video on this page - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8 - Extra context menu item: Download video this links to - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\living room\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Download Video - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O9 - Extra 'Tools' menuitem : Download video on this page - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87C8EF4C-3C70-48DF-B45E-AA9E715AFEDD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEBE16C0-2C6B-4D0E-9ADB-0308A15D90C1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/17 18:20:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.scr
[2013/07/17 18:07:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/17 18:05:56 | 000,559,159 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\living room\Desktop\JRT.exe
[2013/07/17 16:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
[2013/07/17 16:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2013/07/17 15:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\DebugMode
[2013/07/16 12:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/16 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\Kotato
[2013/07/16 12:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2013/07/16 12:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Kotato
[2013/07/11 07:39:28 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\test2
[2013/07/10 18:44:17 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\test
[2013/07/09 10:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/09 08:14:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/09 06:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/09 06:27:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/09 06:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/02 12:21:08 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\AnvsoftPdfTools
[2013/07/02 12:21:08 | 000,000,000 | ---D | C] -- C:\Users\living room\Documents\Anvsoft
[2013/07/01 13:48:30 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/06/30 10:53:38 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/30 10:53:15 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/30 10:53:15 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/30 10:53:15 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/23 14:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013/06/23 14:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\OpenIt
[2013/02/11 08:03:42 | 003,350,608 | ---- | C] (JAM Software                                                ) -- C:\Users\living room\TreeSizeFreeSetup.exe
[2013/02/08 17:41:13 | 001,302,529 | ---- | C] (AbyssMedia.com                                              ) -- C:\Users\living room\bpmcounter.exe
[2013/01/14 17:39:35 | 007,283,839 | ---- | C] (MPC-HC Team                                                 ) -- C:\Users\living room\MPC-HC.1.6.5.6366.x86.exe
[2012/11/09 19:20:07 | 001,287,528 | ---- | C] (Microsoft Corporation) -- C:\Users\living room\wlsetup-web.exe
[2012/01/27 12:14:00 | 009,354,240 | ---- | C] (Irfan Skiljan) -- C:\Users\living room\irfanview_plugins_432_setup.exe
[2012/01/27 12:08:18 | 001,528,832 | ---- | C] (Irfan Skiljan) -- C:\Users\living room\iview432_setup.exe
[2010/12/02 10:01:00 | 008,567,280 | ---- | C] (Mozilla) -- C:\Users\living room\Firefox Setup 3.6.12.exe
[2010/11/07 09:44:38 | 016,694,120 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Users\living room\FreeVideoToMp3Converter.exe
[2010/11/05 17:42:33 | 020,708,336 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\living room\FreeYouTubeToMp3Converter.exe
[2010/09/30 11:57:02 | 002,321,408 | ---- | C] (InstallShield Software Corporation) -- C:\Users\living room\cc20i08.exe
[2010/09/27 09:15:43 | 009,565,744 | ---- | C] (Photozig, Inc.                                              ) -- C:\Users\living room\pza_setup_EXP_09.07.26_v1.0.307.exe
[2010/09/27 08:55:09 | 002,863,720 | ---- | C] (NCH Software) -- C:\Users\living room\pstagefree.exe
[2010/09/23 13:03:43 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Users\living room\FixitCenter_Run.exe
[2010/09/08 06:46:15 | 004,585,944 | ---- | C] (ManiacTools.com                                             ) -- C:\Users\living room\mp3-splitter-joiner.exe
[2010/06/01 17:58:03 | 013,805,992 | ---- | C] (SmartSoft Ltd) -- C:\Users\living room\SFTPMSI.exe
[2009/11/25 19:06:02 | 032,937,968 | ---- | C] (eBay Inc.                                                    ) -- C:\Program Files\setupUS.exe
[2009/10/12 08:56:07 | 007,915,904 | ---- | C] (SightSpeed Inc.) -- C:\Program Files\DellVideoChat_Installer.exe
[2009/09/17 06:55:08 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[2009/09/15 08:47:50 | 002,025,768 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/08/24 14:17:07 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2009/08/24 14:08:20 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/23 06:52:02 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172064135-305381459-1892373960-1000UA.job
[2013/07/23 06:24:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/23 06:23:16 | 000,080,004 | ---- | M] () -- C:\ProgramData\1374574963.bdinstall.bin
[2013/07/23 06:18:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 06:18:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 06:18:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/23 06:18:36 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/22 16:10:00 | 000,043,376 | ---- | M] () -- C:\ProgramData\1374523757.bdinstall.bin
[2013/07/22 16:09:17 | 000,022,408 | ---- | M] () -- C:\ProgramData\1374523754.bdinstall.bin
[2013/07/22 11:52:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172064135-305381459-1892373960-1000Core.job
[2013/07/22 07:34:50 | 000,121,344 | ---- | M] () -- C:\Users\living room\Desktop\Untitled.jpg
[2013/07/21 08:30:53 | 000,707,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/21 08:30:53 | 000,143,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/20 10:31:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/07/18 14:52:53 | 000,003,235 | ---- | M] () -- C:\Users\living room\Desktop\dove 16666.jpg
[2013/07/18 14:49:01 | 000,009,349 | ---- | M] () -- C:\Users\living room\Desktop\dove 5953.jpg
[2013/07/18 13:39:24 | 000,000,408 | ---- | M] () -- C:\Users\living room\AppData\Roaming\CamShapes.ini
[2013/07/18 13:39:24 | 000,000,408 | ---- | M] () -- C:\Users\living room\AppData\Roaming\CamLayout.ini
[2013/07/18 13:39:24 | 000,000,096 | ---- | M] () -- C:\Users\living room\AppData\Roaming\Camdata.ini
[2013/07/18 10:34:29 | 000,004,508 | ---- | M] () -- C:\Users\living room\AppData\Roaming\CamStudio.cfg
[2013/07/17 18:20:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.scr
[2013/07/17 18:05:57 | 000,559,159 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\living room\Desktop\JRT.exe
[2013/07/17 16:04:51 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2013/07/16 20:35:16 | 000,065,430 | ---- | M] () -- C:\Users\living room\Desktop\Passwords.rtf
[2013/07/16 12:14:26 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/07/16 12:08:23 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2013/07/13 07:55:50 | 000,002,116 | ---- | M] () -- C:\Users\living room\Desktop\Google Chrome.lnk
[2013/07/12 12:21:23 | 000,032,136 | ---- | M] () -- C:\Users\living room\Desktop\Potential QKD Customers.rtf
[2013/07/10 13:48:31 | 000,005,184 | ---- | M] () -- C:\Users\living room\Desktop\Mac-Software-Repair.html
[2013/07/10 12:30:55 | 000,034,577 | ---- | M] () -- C:\Users\living room\Desktop\Home music.rtf
[2013/07/09 10:39:14 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/09 08:50:26 | 000,000,600 | ---- | M] () -- C:\Users\living room\AppData\Roaming\winscp.rnd
[2013/07/09 07:33:20 | 000,056,722 | ---- | M] () -- C:\Users\living room\Desktop\Wholesale Flyer.rtf
[2013/07/09 06:27:27 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/08 10:27:59 | 000,000,162 | -H-- | M] () -- C:\Users\living room\Desktop\~$olesale Flyer.rtf
[2013/07/01 06:37:09 | 000,000,005 | ---- | M] () -- C:\Users\living room\AppData\Roaming\WBPU-TTL.DAT
[2013/06/30 10:52:56 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/30 10:52:52 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/30 10:52:52 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/30 10:52:52 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/30 10:52:51 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/06/30 10:52:50 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/06/27 06:01:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/27 06:01:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/23 14:38:13 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/23 06:23:16 | 000,080,004 | ---- | C] () -- C:\ProgramData\1374574963.bdinstall.bin
[2013/07/22 16:10:00 | 000,043,376 | ---- | C] () -- C:\ProgramData\1374523757.bdinstall.bin
[2013/07/22 16:09:17 | 000,022,408 | ---- | C] () -- C:\ProgramData\1374523754.bdinstall.bin
[2013/07/22 07:34:50 | 000,121,344 | ---- | C] () -- C:\Users\living room\Desktop\Untitled.jpg
[2013/07/18 14:52:52 | 000,003,235 | ---- | C] () -- C:\Users\living room\Desktop\dove 16666.jpg
[2013/07/18 14:48:59 | 000,009,349 | ---- | C] () -- C:\Users\living room\Desktop\dove 5953.jpg
[2013/07/17 21:03:29 | 000,000,408 | ---- | C] () -- C:\Users\living room\AppData\Roaming\CamShapes.ini
[2013/07/17 21:03:29 | 000,000,408 | ---- | C] () -- C:\Users\living room\AppData\Roaming\CamLayout.ini
[2013/07/17 21:03:29 | 000,000,096 | ---- | C] () -- C:\Users\living room\AppData\Roaming\Camdata.ini
[2013/07/17 21:02:20 | 000,004,508 | ---- | C] () -- C:\Users\living room\AppData\Roaming\CamStudio.cfg
[2013/07/17 16:04:51 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2013/07/16 12:14:26 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/07/16 12:08:23 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2013/07/10 13:48:30 | 000,005,184 | ---- | C] () -- C:\Users\living room\Desktop\Mac-Software-Repair.html
[2013/07/10 07:16:44 | 000,034,577 | ---- | C] () -- C:\Users\living room\Desktop\Home music.rtf
[2013/07/09 10:39:14 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/09 06:27:27 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/08 10:27:59 | 000,000,162 | -H-- | C] () -- C:\Users\living room\Desktop\~$olesale Flyer.rtf
[2013/06/23 15:37:05 | 000,000,005 | ---- | C] () -- C:\Users\living room\AppData\Roaming\WBPU-TTL.DAT
[2013/06/23 14:38:13 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/06/18 06:41:23 | 001,617,721 | ---- | C] () -- C:\ProgramData\1371551723.bdinstall.bin
[2013/05/16 12:26:10 | 011,340,067 | ---- | C] () -- C:\Users\living room\Laundry.mp3
[2013/05/12 07:13:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/12 07:13:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/12 07:13:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/12 07:13:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/12 07:13:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/10 12:25:00 | 000,002,240 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/03/29 21:55:44 | 000,055,416 | ---- | C] () -- C:\Windows\System32\drivers\psmounterex.sys
[2013/03/25 13:29:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2013/01/25 11:58:58 | 002,222,932 | ---- | C] () -- C:\Users\living room\mkvtoolnix-0.4.2.zip
[2013/01/25 11:56:13 | 000,719,218 | ---- | C] () -- C:\Users\living room\MKVExtractGUI-2.2.2.9.zip
[2012/11/15 09:27:39 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/11/14 18:08:34 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/11/12 12:08:41 | 012,816,117 | ---- | C] () -- C:\Users\living room\avidemux_2.6.0_win32.exe
[2012/09/27 16:54:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/04/11 20:56:07 | 000,000,079 | ---- | C] () -- C:\Windows\EWF840.ini
[2011/11/07 17:50:12 | 000,025,088 | ---- | C] () -- C:\Users\living room\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 18:37:22 | 000,000,820 | ---- | C] () -- C:\Users\living room\.recently-used.xbel
[2011/01/28 08:33:19 | 000,000,112 | ---- | C] () -- C:\Users\living room\AppData\Roaming\default.pls
[2010/12/22 18:44:32 | 030,065,900 | ---- | C] () -- C:\Users\living room\install_virtualdj_pro_full_v7.0.2.exe
[2010/10/21 08:52:30 | 000,009,810 | ---- | C] () -- C:\Users\living room\index.html
[2010/10/18 07:28:19 | 000,000,134 | -H-- | C] () -- C:\Users\living room\AppData\Roaming\lakerda1967.sys
[2010/10/18 07:26:39 | 000,010,584 | ---- | C] () -- C:\Users\living room\AppData\Roaming\docXConverter (3).ini
[2010/10/08 06:49:44 | 000,000,600 | ---- | C] () -- C:\Users\living room\AppData\Roaming\winscp.rnd
[2010/09/29 07:31:27 | 006,909,232 | ---- | C] (                                                            ) -- C:\Users\living room\Real_Alternative_202.exe
[2010/09/08 06:52:12 | 000,736,425 | ---- | C] () -- C:\Users\living room\mergemp3.zip
[2010/05/30 11:19:17 | 000,222,789 | ---- | C] () -- C:\Users\living room\fedexreceipt.pdf
[2010/05/12 09:01:54 | 004,327,936 | ---- | C] () -- C:\Program Files\mysql-connector-odbc-5.1.5-win32.msi
[2009/11/20 11:47:31 | 001,374,154 | ---- | C] () -- C:\Program Files\wrar390.exe
[2009/11/18 20:33:14 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/29 14:44:56 | 000,025,199 | ---- | C] () -- C:\ProgramData\dldo
[2009/01/28 08:26:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/28 07:53:06 | 000,008,337 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/13 08:09:19 | 000,001,024 | ---- | C] () -- C:\Users\living room\.rnd
[2008/06/08 20:55:58 | 000,000,005 | ---- | C] () -- C:\Users\living room\AppData\Roaming\closedList.awt
[2008/06/08 20:53:13 | 000,000,058 | ---- | C] () -- C:\Users\living room\AppData\Roaming\openList.awt
[2008/06/08 20:50:20 | 000,000,005 | ---- | C] () -- C:\Users\living room\AppData\Roaming\closedListSW.awt
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 12:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:58A5270D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F169C698

< End of report >

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3408
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Toparcadehits adware help?
« Reply #8 on: July 21, 2013, 03:14:52 PM »
Hi Mike,

This is the problem: (taken from the first report you posted)

Quote
OTL logfile created on: 7/17/2013 6:21:27 PM - Run 3


The Extras.txt is only produced by default on a first run.
To get it produced on subsequent runs you need to run it slightly different.

Double click on OTL to run it.
  • Under the Extra Registry section, make sure that Use SafeList is checked.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.
Just post the Extras.txt..... i don't need the Main.txt.
Any problems from TopArcadeHits now?

Thanks.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Toparcadehits adware help?
« Reply #7 on: July 20, 2013, 04:49:14 PM »
Hey Pete, when OTL was finished there was only one file and no "Extras.txt" file opened or was located in the OTL folder, I just ran OTL again as you directed and same deal with the Extras file so I am posting the only file which was opened or which I am seeing in the OTL folder:

All processes killed
========== OTL ==========
C:\USERS\LIVING ROOM\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin folder moved successfully.
C:\USERS\LIVING ROOM\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content folder moved successfully.
C:\USERS\LIVING ROOM\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome folder moved successfully.
C:\USERS\LIVING ROOM\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk\ deleted successfully.
C:\Windows\pss\Monitor Apache Servers.lnk.CommonStartup moved successfully.
========== FILES ==========
File\Folder C:\Users\living room\AppData\Local\TopArcadeHits not found.
File\Folder C:\Program Files\TopArcadeHits not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\living room\Desktop\cmd.bat deleted successfully.
C:\Users\living room\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: living room
->Temp folder emptied: 383428949 bytes
->Temporary Internet Files folder emptied: 67912492 bytes
->Java cache emptied: 2322 bytes
->FireFox cache emptied: 364244744 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 3752 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124293 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 779.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07202013_102651

Files\Folders moved on Reboot...
File move failed. C:\Users\living room\AppData\Local\Temp\gziface1.log scheduled to be moved on reboot.
C:\Users\living room\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUV35EBY\free[1].htm moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3408
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Toparcadehits adware help?
« Reply #6 on: July 18, 2013, 11:59:08 PM »
Hi Mike,

There was no 'Extras.txt posted.

Quote
Drive C: | 222.77 Gb Total Space | 36.10 Gb Free Space | 16.20% Space Free | Partition Type: NTFS


The system is getting very low on free space.
Anything less than about 18% will start to be noticeable.
You really should try and free up some space.

Well it seems that JRT removed a few items relating to ToparcadeHits.
There are a couple showing in the report. ( not sure if they're orphaned but we'll remove them anyway )
I'll also add the folder that is normally produced, although it's not showing in the report.

Step 1
If you experience any freezing when running the fix..... you will need to uninstall MBAM and then run the fix again.
MBAM can be reinstalled once the fix has finished.
This is a known problem on some systems.


Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you also include the whole of the Commands section)
Code: [Select]
:otl
[2013/06/12 14:50:38 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\USERS\LIVING ROOM\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - C:\Program Files\OApps\SelectionLinks.dll File not found
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\living room\AppData\Local\TopArcadeHits\Toparcadehits.dll File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk -  - File not found


:Files
C:\Users\living room\AppData\Local\TopArcadeHits
C:\Program Files\TopArcadeHits
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.



  • Click the red Run Fix button.



  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
If you still get problems from TopArcadeHits after running the fix.

Try running Internet Explorer and Firefox without any addons...... see if this stops the problem when opening pages.

Internet Explorer:
Click Start >>All Programs >> Accessories >> System Tools >> Internet Explorer (No Addons)

Firefox:
Open Firefox, then click on the Help tab and select: Restart with Addons disabled

Let me know if there's any improvement.

In your next reply, please submit: 
Otl fix report
and also the Extras.txt.


Thanks.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Toparcadehits adware help?
« Reply #5 on: July 18, 2013, 01:49:13 PM »
Problem still there Pete. Everytime I visit a new page a toparcadehits video stats playing.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Toparcadehits adware help?
« Reply #4 on: July 18, 2013, 02:57:46 AM »
OTL logfile created on: 7/17/2013 6:21:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\living room\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.10% Memory free
4.22 Gb Paging File | 2.64 Gb Available in Paging File | 62.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 36.10 Gb Free Space | 16.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.08 Gb Free Space | 60.77% Space Free | Partition Type: NTFS
 
Computer Name: LIVINGROOM | User Name: living room | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\living room\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe (Bitdefender)
PRC - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Bitdefender)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Program Files\CamStudio 2.7\Recorder.exe (CamStudio Group)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
PRC - c:\xampp\mysql\bin\mysqld.exe ()
PRC - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\dldocoms.exe ( )
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\dlcjcoms.exe ( )
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\CamStudio 2.7\libconfig++.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\QBMAPILibrary.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\QBCompressor.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\mbpopup.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\FeaturesBridge.DLL ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\FtuEngine.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\BackupLib.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\ec19fdffa5eaea430a77160272ed897e\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\c37bcdac22f4bcd9531dfcc4b9ebda56\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\df55f04bc0ebe6c1abde4bc467bf4d03\System.ServiceModel.Internals.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\98e3281d79512c9a2a0a89e3bc2e554f\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\293cfe2c05a8ee921726927fd00ea81c\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b9f7adbc90a2bcbe8eb9e6e8d2bb975b\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll ()
MOD - C:\Program Files\Intuit\QuickBooks 2013\zlib1.dll ()
MOD - c:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (gzserv) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (Bitdefender)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nlsX86cc) -- C:\Windows\System32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\Teamviewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBVSS) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (mysql) -- c:\xampp\mysql\bin\mysqld.exe ()
SRV - (Apache2.2) -- c:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (dldo_device) -- C:\Windows\System32\dldocoms.exe ( )
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
SRV - (dlcj_device) -- C:\Windows\System32\dlcjcoms.exe ( )
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (x10nets) -- C:\Program Files\Common Files\Snapstream\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (trufos) -- C:\Windows\System32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (gzflt) -- C:\Windows\System32\drivers\gzflt.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys (Bitdefender SRL)
DRV - (avc3) -- C:\Windows\System32\drivers\avc3.sys (BitDefender)
DRV - (avckf) -- C:\Windows\System32\drivers\avckf.sys (BitDefender)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (pssnap) -- C:\Windows\System32\drivers\pssnap.sys (Macrium Software)
DRV - (bdselfpr) -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys (BitDefender LLC)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (RsFx0150) -- C:\Windows\System32\drivers\RsFx0150.sys (Microsoft Corporation)
DRV - (NCHSSVAD) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (CAM1690) -- C:\Windows\System32\drivers\cam1690.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (pmxmouse) -- C:\Windows\System32\drivers\pmxmouse.sys (Primax Electronics Ltd.)
DRV - (pmxusblf) -- C:\Windows\System32\drivers\pmxusblf.sys (Primax Electronics Ltd.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (X10UIF) -- C:\Windows\System32\drivers\x10uif.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 83 94 42 02 41 7D 32 4C A0 45 F0 0E A3 8D 53 4C  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {42C76EC4-2FDD-4157-8D47-7A5AADDF71C5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B78DADB4B-7468-4c1c-8612-00FBF356A9FF%7D:1.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\living room\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\living room\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\living room\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\living room\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{78DADB4B-7468-4c1c-8612-00FBF356A9FF}: C:\Program Files\Kotato\YouTube Downloader\YTD_FF.xpi [2013/03/15 22:21:58 | 000,012,553 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/17 18:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2012/11/16 08:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\Mozilla\Extensions
[2009/06/24 12:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/07/09 08:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\l2e4rdfm.default-1368744190535\extensions
[2013/06/14 06:19:27 | 000,001,793 | ---- | M] () -- C:\Users\living room\AppData\Roaming\Mozilla\Firefox\Profiles\l2e4rdfm.default-1368744190535\searchplugins\Bing.xml
[2013/05/17 10:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 06:28:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/16 19:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/05/16 19:45:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/15 22:21:58 | 000,012,553 | ---- | M] () (No name found) -- C:\PROGRAM FILES\KOTATO\YOUTUBE DOWNLOADER\YTD_FF.XPI
[2013/06/12 14:50:38 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\USERS\LIVING ROOM\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2009/09/02 03:02:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/06/28 11:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/07/29 09:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwangwang.dll
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013/05/15 17:03:54 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - C:\Program Files\OApps\SelectionLinks.dll File not found
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\living room\AppData\Local\TopArcadeHits\Toparcadehits.dll File not found
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download video on this page - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8 - Extra context menu item: Download video this links to - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\living room\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Download Video - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O9 - Extra 'Tools' menuitem : Download video on this page - {731DC20B-51DE-4681-BBB9-69593E9F99A2} - C:\Program Files\Kotato\YouTube Downloader\YTD_IE.dll (Kotato)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87C8EF4C-3C70-48DF-B45E-AA9E715AFEDD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEBE16C0-2C6B-4D0E-9ADB-0308A15D90C1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Inspiron_DT_1152x864_01.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk - C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^living room^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\living room\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GoogleChromeAutoLaunch_E4CF6F0BE5F766C9ED366A4E457C8CEB - hkey= - key= - C:\Users\living room\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
MsConfig - StartUpReg: Intuit SyncManager - hkey= - key= - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: PMX Daemon - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Smart File Advisor - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: YMailAdvisor - hkey= - key= - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/17 18:20:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.scr
[2013/07/17 18:07:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/17 18:05:56 | 000,559,159 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\living room\Desktop\JRT.exe
[2013/07/17 16:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
[2013/07/17 16:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CamStudio 2.7
[2013/07/17 15:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\DebugMode
[2013/07/16 12:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/07/16 12:08:36 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\Kotato
[2013/07/16 12:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2013/07/16 12:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Kotato
[2013/07/11 07:39:28 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\test2
[2013/07/10 18:44:17 | 000,000,000 | ---D | C] -- C:\Users\living room\Desktop\test
[2013/07/09 10:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/07/09 08:14:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/09 06:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/09 06:27:15 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/09 06:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/02 12:21:08 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\AnvsoftPdfTools
[2013/07/02 12:21:08 | 000,000,000 | ---D | C] -- C:\Users\living room\Documents\Anvsoft
[2013/07/01 13:48:30 | 000,000,000 | ---D | C] -- C:\New Folder
[2013/06/30 10:53:38 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/30 10:53:15 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/30 10:53:15 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/30 10:53:15 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/23 14:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013/06/23 14:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\OpenIt
[2013/06/21 14:23:06 | 000,355,744 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/06/18 06:48:09 | 000,242,504 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013/06/18 06:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
[2013/06/18 06:40:41 | 000,633,344 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013/06/18 06:40:41 | 000,486,536 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013/06/18 06:35:32 | 000,164,952 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013/06/17 21:41:50 | 000,069,640 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
[2013/06/17 18:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013/06/17 18:49:54 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2013/06/17 18:48:56 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2013/06/17 18:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2013/06/17 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Roaming\Winamp
[2013/06/17 18:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013/06/17 18:38:24 | 000,000,000 | ---D | C] -- C:\Users\living room\AppData\Local\Mixxx
[2013/06/17 18:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mixxx
[2013/02/11 08:03:42 | 003,350,608 | ---- | C] (JAM Software                                                ) -- C:\Users\living room\TreeSizeFreeSetup.exe
[2013/02/08 17:41:13 | 001,302,529 | ---- | C] (AbyssMedia.com                                              ) -- C:\Users\living room\bpmcounter.exe
[2013/01/14 17:39:35 | 007,283,839 | ---- | C] (MPC-HC Team                                                 ) -- C:\Users\living room\MPC-HC.1.6.5.6366.x86.exe
[2012/11/09 19:20:07 | 001,287,528 | ---- | C] (Microsoft Corporation) -- C:\Users\living room\wlsetup-web.exe
[2012/01/27 12:14:00 | 009,354,240 | ---- | C] (Irfan Skiljan) -- C:\Users\living room\irfanview_plugins_432_setup.exe
[2012/01/27 12:08:18 | 001,528,832 | ---- | C] (Irfan Skiljan) -- C:\Users\living room\iview432_setup.exe
[2010/12/02 10:01:00 | 008,567,280 | ---- | C] (Mozilla) -- C:\Users\living room\Firefox Setup 3.6.12.exe
[2010/11/07 09:44:38 | 016,694,120 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Users\living room\FreeVideoToMp3Converter.exe
[2010/11/05 17:42:33 | 020,708,336 | ---- | C] (DVDVideoSoft Ltd.                                           ) -- C:\Users\living room\FreeYouTubeToMp3Converter.exe
[2010/09/30 11:57:02 | 002,321,408 | ---- | C] (InstallShield Software Corporation) -- C:\Users\living room\cc20i08.exe
[2010/09/27 09:15:43 | 009,565,744 | ---- | C] (Photozig, Inc.                                              ) -- C:\Users\living room\pza_setup_EXP_09.07.26_v1.0.307.exe
[2010/09/27 08:55:09 | 002,863,720 | ---- | C] (NCH Software) -- C:\Users\living room\pstagefree.exe
[2010/09/23 13:03:43 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Users\living room\FixitCenter_Run.exe
[2010/09/08 06:46:15 | 004,585,944 | ---- | C] (ManiacTools.com                                             ) -- C:\Users\living room\mp3-splitter-joiner.exe
[2010/06/01 17:58:03 | 013,805,992 | ---- | C] (SmartSoft Ltd) -- C:\Users\living room\SFTPMSI.exe
[2009/11/25 19:06:02 | 032,937,968 | ---- | C] (eBay Inc.                                                    ) -- C:\Program Files\setupUS.exe
[2009/10/12 08:56:07 | 007,915,904 | ---- | C] (SightSpeed Inc.) -- C:\Program Files\DellVideoChat_Installer.exe
[2009/09/17 06:55:08 | 027,024,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[2009/09/15 08:47:50 | 002,025,768 | ---- | C] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/08/24 14:17:07 | 028,868,320 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2009/08/24 14:08:20 | 025,685,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/17 18:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 18:20:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\living room\Desktop\OTL.scr
[2013/07/17 18:05:57 | 000,559,159 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\living room\Desktop\JRT.exe
[2013/07/17 17:52:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172064135-305381459-1892373960-1000UA.job
[2013/07/17 17:16:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 17:16:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 16:04:51 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2013/07/17 16:03:36 | 000,707,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/17 16:03:36 | 000,143,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/17 13:16:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/17 13:16:31 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/17 11:52:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2172064135-305381459-1892373960-1000Core.job
[2013/07/16 20:35:16 | 000,065,430 | ---- | M] () -- C:\Users\living room\Desktop\Passwords.rtf
[2013/07/16 12:14:26 | 000,000,897 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/07/16 12:08:23 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2013/07/16 08:39:41 | 000,089,335 | ---- | M] () -- C:\Users\living room\Desktop\Untitled.jpg
[2013/07/13 07:55:50 | 000,002,116 | ---- | M] () -- C:\Users\living room\Desktop\Google Chrome.lnk
[2013/07/12 12:21:23 | 000,032,136 | ---- | M] () -- C:\Users\living room\Desktop\Potential QKD Customers.rtf
[2013/07/10 14:24:51 | 000,005,325 | ---- | M] () -- C:\Users\living room\Desktop\Mac-Software-Repairs.html
[2013/07/10 13:50:29 | 000,002,553 | ---- | M] () -- C:\Users\living room\Desktop\Mac software.rtf
[2013/07/10 13:48:31 | 000,005,184 | ---- | M] () -- C:\Users\living room\Desktop\Mac-Software-Repair.html
[2013/07/10 13:14:09 | 000,003,741 | ---- | M] () -- C:\Users\living room\Desktop\Services for DJ's.rtf
[2013/07/10 13:08:26 | 000,007,413 | ---- | M] () -- C:\Users\living room\Desktop\Services-For-DJ's.html
[2013/07/10 12:30:55 | 000,034,577 | ---- | M] () -- C:\Users\living room\Desktop\Home music.rtf
[2013/07/10 12:30:43 | 000,005,304 | ---- | M] () -- C:\Users\living room\Desktop\Home Music.html
[2013/07/09 10:39:14 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/09 08:50:26 | 000,000,600 | ---- | M] () -- C:\Users\living room\AppData\Roaming\winscp.rnd
[2013/07/09 07:33:20 | 000,056,722 | ---- | M] () -- C:\Users\living room\Desktop\Wholesale Flyer.rtf
[2013/07/09 06:27:27 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/08 10:27:59 | 000,000,162 | -H-- | M] () -- C:\Users\living room\Desktop\~$olesale Flyer.rtf
[2013/07/01 06:37:09 | 000,000,005 | ---- | M] () -- C:\Users\living room\AppData\Roaming\WBPU-TTL.DAT
[2013/06/30 10:52:56 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/06/30 10:52:52 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/06/30 10:52:52 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/06/30 10:52:52 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/06/30 10:52:51 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2013/06/30 10:52:50 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/06/27 06:01:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/27 06:01:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/23 14:38:13 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/06/21 14:23:06 | 000,355,744 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013/06/18 06:48:09 | 000,242,504 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013/06/18 06:41:24 | 001,617,721 | ---- | M] () -- C:\ProgramData\1371551723.bdinstall.bin
[2013/06/17 21:41:50 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
[2013/06/17 18:50:01 | 000,000,838 | ---- | M] () -- C:\Users\living room\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2013/06/17 18:50:01 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
 
========== Files Created - No Company Name ==========
 
[2013/07/17 16:04:51 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\CamStudio.lnk
[2013/07/16 12:14:26 | 000,000,897 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/07/16 12:08:23 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2013/07/16 08:39:41 | 000,089,335 | ---- | C] () -- C:\Users\living room\Desktop\Untitled.jpg
[2013/07/10 13:49:36 | 000,005,325 | ---- | C] () -- C:\Users\living room\Desktop\Mac-Software-Repairs.html
[2013/07/10 13:48:30 | 000,005,184 | ---- | C] () -- C:\Users\living room\Desktop\Mac-Software-Repair.html
[2013/07/10 13:08:26 | 000,007,413 | ---- | C] () -- C:\Users\living room\Desktop\Services-For-DJ's.html
[2013/07/10 12:15:41 | 000,005,304 | ---- | C] () -- C:\Users\living room\Desktop\Home Music.html
[2013/07/10 10:42:00 | 000,002,553 | ---- | C] () -- C:\Users\living room\Desktop\Mac software.rtf
[2013/07/10 10:16:35 | 000,003,741 | ---- | C] () -- C:\Users\living room\Desktop\Services for DJ's.rtf
[2013/07/10 07:16:44 | 000,034,577 | ---- | C] () -- C:\Users\living room\Desktop\Home music.rtf
[2013/07/09 10:39:14 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/09 06:27:27 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/08 10:27:59 | 000,000,162 | -H-- | C] () -- C:\Users\living room\Desktop\~$olesale Flyer.rtf
[2013/06/23 15:37:05 | 000,000,005 | ---- | C] () -- C:\Users\living room\AppData\Roaming\WBPU-TTL.DAT
[2013/06/23 14:38:13 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013/06/18 06:41:23 | 001,617,721 | ---- | C] () -- C:\ProgramData\1371551723.bdinstall.bin
[2013/06/17 18:50:01 | 000,000,838 | ---- | C] () -- C:\Users\living room\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2013/06/17 18:50:01 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013/05/16 12:26:10 | 011,340,067 | ---- | C] () -- C:\Users\living room\Laundry.mp3
[2013/05/12 07:13:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/12 07:13:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/12 07:13:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/12 07:13:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/12 07:13:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/10 12:25:00 | 000,002,240 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/03/29 21:55:44 | 000,055,416 | ---- | C] () -- C:\Windows\System32\drivers\psmounterex.sys
[2013/03/25 13:29:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2013/01/25 11:58:58 | 002,222,932 | ---- | C] () -- C:\Users\living room\mkvtoolnix-0.4.2.zip
[2013/01/25 11:56:13 | 000,719,218 | ---- | C] () -- C:\Users\living room\MKVExtractGUI-2.2.2.9.zip
[2012/11/15 09:27:39 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/11/14 18:08:34 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/11/12 12:08:41 | 012,816,117 | ---- | C] () -- C:\Users\living room\avidemux_2.6.0_win32.exe
[2012/09/27 16:54:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/04/11 20:56:07 | 000,000,079 | ---- | C] () -- C:\Windows\EWF840.ini
[2011/11/07 17:50:12 | 000,025,088 | ---- | C] () -- C:\Users\living room\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 18:37:22 | 000,000,820 | ---- | C] () -- C:\Users\living room\.recently-used.xbel
[2011/01/28 08:33:19 | 000,000,112 | ---- | C] () -- C:\Users\living room\AppData\Roaming\default.pls
[2010/12/22 18:44:32 | 030,065,900 | ---- | C] () -- C:\Users\living room\install_virtualdj_pro_full_v7.0.2.exe
[2010/10/21 08:52:30 | 000,009,810 | ---- | C] () -- C:\Users\living room\index.html
[2010/10/18 07:28:19 | 000,000,134 | -H-- | C] () -- C:\Users\living room\AppData\Roaming\lakerda1967.sys
[2010/10/18 07:26:39 | 000,010,584 | ---- | C] () -- C:\Users\living room\AppData\Roaming\docXConverter (3).ini
[2010/10/08 06:49:44 | 000,000,600 | ---- | C] () -- C:\Users\living room\AppData\Roaming\winscp.rnd
[2010/09/29 07:31:27 | 006,909,232 | ---- | C] (                                                            ) -- C:\Users\living room\Real_Alternative_202.exe
[2010/09/08 06:52:12 | 000,736,425 | ---- | C] () -- C:\Users\living room\mergemp3.zip
[2010/05/30 11:19:17 | 000,222,789 | ---- | C] () -- C:\Users\living room\fedexreceipt.pdf
[2010/05/12 09:01:54 | 004,327,936 | ---- | C] () -- C:\Program Files\mysql-connector-odbc-5.1.5-win32.msi
[2009/11/20 11:47:31 | 001,374,154 | ---- | C] () -- C:\Program Files\wrar390.exe
[2009/11/18 20:33:14 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/29 14:44:56 | 000,025,199 | ---- | C] () -- C:\ProgramData\dldo
[2009/01/28 08:26:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/01/28 07:53:06 | 000,008,337 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008/06/13 08:09:19 | 000,001,024 | ---- | C] () -- C:\Users\living room\.rnd
[2008/06/08 20:55:58 | 000,000,005 | ---- | C] () -- C:\Users\living room\AppData\Roaming\closedList.awt
[2008/06/08 20:53:13 | 000,000,058 | ---- | C] () -- C:\Users\living room\AppData\Roaming\openList.awt
[2008/06/08 20:50:20 | 000,000,005 | ---- | C] () -- C:\Users\living room\AppData\Roaming\closedListSW.awt
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 12:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/01/23 12:38:21 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\968 Series
[2008/07/24 16:30:42 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Acoustica
[2013/07/02 12:21:08 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\AnvsoftPdfTools
[2010/10/01 06:49:42 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\ATViewer
[2013/06/29 16:27:02 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Audacity
[2012/11/12 20:06:46 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\avidemux
[2009/11/18 20:15:28 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\BitZipper
[2012/11/23 13:18:34 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Broad Intelligence
[2013/05/17 07:36:03 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Canneverbe Limited
[2010/09/29 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/08 08:02:48 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\CoffeeCup Software
[2013/04/30 10:13:24 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\CoreFTP
[2008/06/11 21:31:18 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DataSafeOnline
[2013/07/02 13:25:17 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Downloaded Installations
[2012/11/02 11:45:03 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Dropbox
[2012/12/13 09:26:35 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\DVDVideoSoft
[2012/04/12 08:05:59 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Epson
[2010/05/21 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\EventGhost
[2013/06/06 14:11:04 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\FileOpen
[2011/08/12 10:32:24 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\FileZilla
[2011/07/07 13:30:59 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\FireShot
[2009/03/19 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Fisher-Price
[2012/05/04 11:50:47 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\GetRightToGo
[2011/09/13 13:57:10 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\GoldWaveCDDB
[2011/03/10 18:37:22 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\gtk-2.0
[2009/08/13 18:16:17 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\HandBrake
[2011/06/02 14:27:11 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\ImgBurn
[2013/05/31 15:55:35 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\iMobie
[2010/08/06 10:16:11 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Inkscape
[2013/04/29 12:29:41 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\IrfanView
[2013/02/11 08:04:34 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\JAM Software
[2011/02/20 14:35:36 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Keyword Advantage
[2013/07/16 12:08:36 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Kotato
[2012/04/11 21:46:08 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Leader Technologies
[2010/02/05 18:12:43 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Leadertech
[2010/10/27 11:32:15 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\LimeWire
[2012/12/21 18:51:27 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\MediaPlayerClassicPackages
[2010/11/29 14:55:46 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\mp3DirectCut
[2010/08/06 11:07:12 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\NCH Swift Sound
[2013/06/06 14:12:30 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Nitro
[2010/05/27 18:09:50 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Nitro PDF
[2010/10/23 08:20:20 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Notepad++
[2010/11/01 15:20:12 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\OpenOffice.org
[2010/09/27 16:00:12 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Photozig Albums
[2013/05/10 12:08:51 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\player
[2013/04/04 11:45:27 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\QuickScan
[2009/10/09 06:03:11 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Recordpad
[2009/05/07 17:42:21 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\SmartDraw
[2008/09/26 11:22:43 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Stamps.com Internet Postage
[2009/04/03 12:21:20 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Startly
[2013/05/31 08:11:31 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Syncios
[2013/03/19 10:01:52 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\TeamViewer
[2010/12/26 09:29:40 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\TS3Client
[2010/08/06 10:57:57 | 000,000,000 | ---D | M] -- C:\Users\living room\AppData\Roaming\Western Digital
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2009/11/12 17:24:10 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/07/09 11:23:32 | 000,002,222 | ---- | M] () -- C:\AdwCleaner[S7].txt
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013/07/17 13:16:31 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/08/06 10:24:30 | 000,001,591 | ---- | M] () -- C:\InstallHelper.log
[2010/09/30 11:57:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/30 11:57:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/23 15:49:56 | 000,000,571 | ---- | M] () -- C:\NTDClient.log
[2013/07/17 13:16:30 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys
[2009/09/09 13:47:14 | 000,000,186 | ---- | M] () -- C:\picsetup.log
[2013/04/17 20:35:46 | 002,162,688 | ---- | M] () -- C:\picsPremiumRenewal.msi
[2012/03/15 11:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
[2013/05/12 08:57:43 | 000,126,646 | ---- | M] () -- C:\TDSSKiller.2.8.17.0_12.05.2013_08.56.39_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/10/20 04:23:34 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\dlcjPP5C.DLL
[2007/07/18 11:42:20 | 000,113,664 | ---- | M] () -- C:\Windows\system32\Spool\prtprocs\w32x86\dldodrpp.dll
[2009/09/28 20:34:40 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2009/10/12 08:56:08 | 007,915,904 | ---- | M] (SightSpeed Inc.) -- C:\Program Files\DellVideoChat_Installer.exe
[2008/01/20 22:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/05/12 09:03:57 | 001,536,000 | ---- | M] () -- C:\Program Files\EasyAuctionsTracker2010D.xls
[2009/08/24 14:20:40 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2010/05/12 09:02:00 | 004,327,936 | ---- | M] () -- C:\Program Files\mysql-connector-odbc-5.1.5-win32.msi
[2009/09/17 06:55:58 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\PowerPointViewer.exe
[2009/11/25 19:06:54 | 032,937,968 | ---- | M] (eBay Inc.                                                    ) -- C:\Program Files\setupUS.exe
[2009/09/15 08:47:55 | 002,025,768 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\SkypeSetup.exe
[2009/08/24 14:09:17 | 025,685,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wordview_en-us.exe
[2009/11/20 11:47:41 | 001,374,154 | ---- | M] () -- C:\Program Files\wrar390.exe
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/07/03 06:28:21 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/07/03 06:28:21 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/07/03 06:28:21 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/07/03 06:28:23 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/07/03 06:28:23 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/07/03 06:28:23 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.5DLZKIVMORQXILTWEKKJPCO5II\InstallInfo\\ReinstallCommand: "C:\Users\living room\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.5DLZKIVMORQXILTWEKKJPCO5II\InstallInfo\\HideIconsCommand: "C:\Users\living room\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.5DLZKIVMORQXILTWEKKJPCO5II\InstallInfo\\ShowIconsCommand: "C:\Users\living room\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.5DLZKIVMORQXILTWEKKJPCO5II\shell\open\command\\: "C:\Users\living room\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/07/12 14:49:47 | 000,846,288 | ---- | M]

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Toparcadehits adware help?
« Reply #3 on: July 18, 2013, 02:55:47 AM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.5 (07.17.2013:3)
OS: Windows Vista (TM) Home Basic x86
Ran by living room on Wed 07/17/2013 at 18:07:13.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{42C76EC4-2FDD-4157-8D47-7A5AADDF71C5}



~~~ Files

Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\Users\living room\appdata\local\iac"
Successfully deleted: [Folder] "C:\Users\living room\appdata\local\toparcadehits"
Successfully deleted: [Folder] "C:\Users\living room\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\living room\AppData\Roaming\microsoft\windows\start menu\programs\toparcadehits"
Successfully deleted: [Folder] "C:\Windows\system32\arfc"
Successfully deleted: [Folder] "C:\Windows\system32\jmdp"
Successfully deleted: [Empty Folder] C:\Users\living room\appdata\local\{67283F51-18DE-47AC-A504-9D5FAF447889}
Successfully deleted: [Empty Folder] C:\Users\living room\appdata\local\{98FAA344-28A4-4E7E-86E8-A2D84E47657E}
Successfully deleted: [Empty Folder] C:\Users\living room\appdata\local\{B45FA4E8-A5E5-4C49-8D17-5F5F198D9818}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\lesstabs@lesstabs.com
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{7d4f1959-3f72-49d5-8e59-f02f8aa6815d}
Successfully deleted the following from C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\l2e4rdfm.default-1368744190535\prefs.js

user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_referrer", "hxxp://mysearch.avg.com/tab?pid=safeguard&sg=0&cid=%7B6c8afe12-e328-4be6-8e82-0ffb61fe9527%7D&mid=
user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_temp_referer", "hxxp://mysearch.avg.com/tab?pid=safeguard&sg=0&cid=%7B6c8afe12-e328-4be6-8e82-0ffb61fe9527%7D&
Emptied folder: C:\Users\living room\AppData\Roaming\mozilla\firefox\profiles\l2e4rdfm.default-1368744190535\minidumps [47 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Dumping contents of C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\aadddadidfdhggggdidddgdfdedhgege
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\Extensions
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\Preferences
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\Web Data
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\aadddadidfdhggggdidddgdfdedhgege\manifest.json
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\eihlgbnhhkigaajnpjohgjldcmdhjiol
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi

Successfully deleted: [Folder] C:\Users\living room\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/17/2013 at 18:17:34.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Starbuck

  • Site Owner
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3408
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Toparcadehits adware help?
« Reply #2 on: July 17, 2013, 11:36:49 PM »
Hi Mike,

Things are going fine thanks.
Yes, this can be a PITA to remove.
Let's see what JRT can do and then we'll get an OTL report.
We have to remove it manually, but we'll give JRT a try and see if it finds it.

Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.


Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button.



  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit: 
JRT.txt
and both reports from OTL


Thanks.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
[RESOLVED] Toparcadehits adware help?
« Reply #1 on: July 17, 2013, 02:33:32 PM »
Hey Pete, how's it going? I got this adware on my pc a while back, I tried all normal scans [Mbam, roguekiller, adwcleaner, Ccleaner and after each scan it would not show for a few days then would appear, help please?
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle