Scribd
Upload
324 views18 pages

Oleg N. Scherbakov System Log Analysis

This document provides system information from a computer running a 64-bit version of Windows Vista Home Premium. It lists details such as the amount of physical memory, paging file space, system drives and their available space, as well as installed software, running processes, modules, services, and device drivers.

Uploaded by

boreddude001
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
324 views18 pages

Oleg N. Scherbakov System Log Analysis

This document provides system information from a computer running a 64-bit version of Windows Vista Home Premium. It lists details such as the amount of physical memory, paging file space, system drives and their available space, as well as installed software, running processes, modules, services, and device drivers.

Uploaded by

boreddude001
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

OTL logfile created on: 6/17/2013 [Link] PM - Run 2

OTL by OldTimer - Version [Link]


Folder = C:\Users\home\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - T
ype = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyy
y
3.96 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.38% Memor
y free
8.10 Gb Paging File | 6.19 Gb Available in Paging File | 76.50% Paging File free
Paging file location(s): ?:\[Link] [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Fil
es (x86)
Drive C: | 288.29 Gb Total Space | 45.54 Gb Free Space | 15.80% Space Free | Par
tition Type: NTFS
Drive E: | 9.77 Gb Total Space | 3.12 Gb Free Space | 31.92% Space Free | Partit
ion Type: NTFS
Drive G: | 465.64 Gb Total Space | 1.55 Gb Free Space | 0.33% Space Free | Parti
tion Type: FAT32
Drive H: | 149.05 Gb Total Space | 15.59 Gb Free Space | 10.46% Space Free | Par
tition Type: NTFS
Drive I: | 298.02 Gb Total Space | 1.75 Gb Free Space | 0.59% Space Free | Parti
tion Type: FAT32
Computer Name: HOME-PC | User Name: home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitel
ist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/06/17 [Link] | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\User
s\home\Desktop\OTL (1).exe
PRC - [2013/05/10 [Link] | 000,065,640 | ---- | M] (Adobe Systems Incorporated
) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\[Link]
PRC - [2013/03/27 [Link] | 002,447,888 | ---- | M] (Check Point Software Techn
ologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\[Link]
PRC - [2013/03/27 [Link] | 000,073,832 | ---- | M] (Check Point Software Techn
ologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\[Link]
PRC - [2013/01/26 [Link] | 004,480,768 | ---- | M] (Akamai Technologies, Inc.)
-- C:\Users\home\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/28 [Link] | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\P
[Link]
PRC - [2010/12/22 [Link] | 001,122,304 | ---- | M] (Zhorn Software) -- C:\Prog
ram Files (x86)\Stickies\[Link]
PRC - [2009/08/28 [Link] | 000,966,656 | ---- | M] () -- C:\Users\home\Local S
ettings\Apps\[Link]\[Link]
PRC - [2009/02/03 [Link] | 000,427,192 | ---- | M] (Cisco Systems, Inc.) -- C:
\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\[Link]
PRC - [2008/09/23 [Link] | 000,155,648 | ---- | M] (Stardock Corporation) -- C
:\Program Files\Dell\DellDock\[Link]
PRC - [2008/06/03 [Link] | 000,446,635 | ---- | M] (Creative Technology Ltd.)
-- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\[Link]
PRC - [2008/05/23 [Link] | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Pro
gram Files\CyberLink\PowerDVD DX\[Link]
PRC - [2008/05/07 [Link] | 000,354,840 | ---- | M] (Intel Corporation) -- C:\P
rogram Files (x86)\Intel\Intel Matrix Storage Manager\[Link]
PRC - [2008/05/07 [Link] | 000,178,712 | ---- | M] (Intel Corporation) -- C:\P

rogram Files (x86)\Intel\Intel Matrix Storage Manager\[Link]


[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2010/12/22 [Link] | 000,049,152 | ---- | M] () -- C:\Program Files (x86
)\Stickies\[Link]
MOD - [2009/08/28 [Link] | 000,966,656 | ---- | M] () -- C:\Users\home\Local S
ettings\Apps\[Link]\[Link]
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2013/01/27 [Link] | 000,379,360 | ---- | M] (Microsoft Co
rporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\N
[Link] -- (NisSrv)
SRV:[b]64bit:[/b] - [2013/01/27 [Link] | 000,022,056 | ---- | M] (Microsoft Co
rporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEn
[Link] -- (MsMpSvc)
SRV:[b]64bit:[/b] - [2012/11/22 [Link] | 000,828,072 | ---- | M] (Check Point
Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceFi
eld\[Link] -- (IswSvc)
SRV:[b]64bit:[/b] - [2008/11/20 [Link] | 000,031,744 | ---- | M] () [Auto | Ru
nning] -- C:\Windows\SysNative\[Link] -- (wltrysvc)
SRV:[b]64bit:[/b] - [2008/09/23 [Link] | 000,155,648 | ---- | M] (Stardock Cor
poration) [Auto | Running] -- C:\Program Files\Dell\DellDock\[Link] -- (D
ockLoginService)
SRV:[b]64bit:[/b] - [2008/09/16 [Link] | 000,251,904 | ---- | M] (IDT, Inc.) [
Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_d
14bcbef\[Link] -- (STacSV)
SRV:[b]64bit:[/b] - [2008/09/16 [Link] | 000,086,016 | ---- | M] (Andrea Elect
ronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRep
ository\stwrt64.inf_d14bcbef\[Link] -- (AESTFilters)
SRV:[b]64bit:[/b] - [2008/01/20 [Link] | 000,383,544 | ---- | M] (Microsoft Co
rporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\[Link] -- (W
inDefend)
SRV:[b]64bit:[/b] - [2007/05/25 [Link] | 000,567,216 | ---- | M] ( ) [Auto | R
unning] -- C:\Windows\SysNative\[Link] -- (lxdc_device)
SRV:[b]64bit:[/b] - [2006/11/02 [Link] | 000,046,592 | ---- | M] (Microsoft Co
rporation) [Auto | Stopped] -- C:\Windows\SysNative\[Link] -- (yksvc)
SRV - [2013/06/12 [Link] | 000,256,904 | ---- | M] (Adobe Systems Incorporated
) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateS
[Link] -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 [Link] | 000,065,640 | ---- | M] (Adobe Systems Incorporated
) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.e
xe -- (AdobeARMservice)
SRV - [2013/03/27 [Link] | 002,447,888 | ---- | M] (Check Point Software Techn
ologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsm
[Link] -- (vsmon)
SRV - [2012/11/13 [Link] | 000,666,720 | ---- | M] ([Link] Co., Ltd.) [On
_Demand | Stopped] -- C:\Windows\SysWOW64\[Link] -- (xsherlock)
SRV - [2012/07/13 [Link] | 000,160,944 | R--- | M] (Skype Technologies) [Auto
| Stopped] -- C:\Program Files (x86)\Skype\Updater\[Link] -- (SkypeUpdate)
SRV - [2011/12/28 [Link] | 000,075,136 | ---- | M] () [Auto | Running] -- C:\W
indows\SysWOW64\[Link] -- (PnkBstrA)
SRV - [2011/08/07 [Link] | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [
On_Demand | Stopped] -- C:\Windows\SysWOW64\[Link] -- (npggsvc)
SRV - [2010/03/18 [Link] | 000,130,384 | ---- | M] (Microsoft Corporation) [Au
to | Stopped] -- C:\Windows\[Link]\Framework\v4.0.30319\[Link] -- (
clr_optimization_v4.0.30319_32)

SRV - [2009/03/29 [Link] | 000,066,368 | ---- | M] (Microsoft Corporation) [Di


sabled | Stopped] -- C:\Windows\[Link]\Framework\v2.0.50727\[Link]
-- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/03 [Link] | 000,427,192 | ---- | M] (Cisco Systems, Inc.) [Auto
| Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent
.exe -- (vpnagent)
SRV - [2008/05/07 [Link] | 000,354,840 | ---- | M] (Intel Corporation) [Auto |
Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.
exe -- (IAANTMON)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2013/01/20 [Link] | 000,130,008 | ---- | M] (Microsoft Co
rporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.s
ys -- (NisDrv)
DRV:[b]64bit:[/b] - [2012/12/13 [Link] | 000,443,992 | ---- | M] (Check Point
Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\D
RIVERS\[Link] -- (Vsdatant)
DRV:[b]64bit:[/b] - [2012/11/22 [Link] | 000,033,712 | ---- | M] (Check Point
Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\
ZAForceField\[Link] -- (ISWKL)
DRV:[b]64bit:[/b] - [2012/06/03 [Link] | 000,231,376 | ---- | M] (TrueCrypt Fo
undation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.
sys -- (truecrypt)
DRV:[b]64bit:[/b] - [2012/02/29 [Link] | 000,016,384 | ---- | M] (Microsoft Co
rporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_re
[Link] -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/06/15 [Link] | 000,557,848 | ---- | M] (Intel Corpor
ation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\[Link] -- (
iaStor)
DRV:[b]64bit:[/b] - [2011/05/26 [Link] | 000,117,336 | ---- | M] (AhnLab, Inc.
) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\[Link] -- (A
MonTDLH)
DRV:[b]64bit:[/b] - [2010/11/06 [Link] | 000,024,176 | ---- | M] () [Kernel |
On_Demand | Running] -- C:\Program Files\PeerBlock\[Link] -- (pbfilter)
DRV:[b]64bit:[/b] - [2010/08/25 [Link] | 000,016,776 | ---- | M] () [Kernel |
On_Demand | Stopped] -- C:\Windows\SysNative\[Link] -- (prwntdrv)
DRV:[b]64bit:[/b] - [2010/07/12 [Link] | 000,055,856 | ---- | M] (Sonic Soluti
ons) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\[Link] -- (
PxHlpa64)
DRV:[b]64bit:[/b] - [2010/06/28 [Link] | 000,155,256 | ---- | M] (AhnLab, Inc.
) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\m
[Link] -- (MfIPSEnt)
DRV:[b]64bit:[/b] - [2010/06/28 [Link] | 000,126,072 | ---- | M] (AhnLab, Inc.
) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\ASP\MyFirewall 4.0\m
[Link] -- (MfFWEnt)
DRV:[b]64bit:[/b] - [2009/09/30 [Link] | 000,046,592 | ---- | M] (Microsoft Co
rporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb
.sys -- (WpdUsb)
DRV:[b]64bit:[/b] - [2009/07/20 [Link] | 000,025,656 | ---- | M] (AhnLab, Inc.
) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\[Link] -(CdmDrvNt)
DRV:[b]64bit:[/b] - [2009/03/26 [Link] | 000,071,168 | ---- | M] (Realtek Semi
conductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\
[Link] -- (RTSTOR)
DRV:[b]64bit:[/b] - [2009/03/19 [Link] | 000,311,296 | ---- | M] (Creative Tec
hnology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA0
[Link] -- (OA009Vid)
DRV:[b]64bit:[/b] - [2009/03/06 [Link] | 000,159,840 | ---- | M] (Creative Tec

hnology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA0


[Link] -- (OA009Ufd)
DRV:[b]64bit:[/b] - [2009/02/03 [Link] | 000,019,456 | ---- | M] (Cisco System
s, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\vpnva64.
sys -- (vpnva)
DRV:[b]64bit:[/b] - [2008/11/29 [Link] | 000,028,208 | ---- | M] (Windows (R)
Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\Sys
Native\DRIVERS\[Link] -- (KMWDFILTER)
DRV:[b]64bit:[/b] - [2008/11/20 [Link] | 000,022,520 | ---- | M] (Broadcom Cor
poration) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RL
[Link] -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2008/10/27 [Link] | 001,374,712 | ---- | M] (Broadcom Cor
poration) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl66
[Link] -- (BCM43XX)
DRV:[b]64bit:[/b] - [2008/09/17 [Link] | 007,897,216 | ---- | M] (Intel Corpor
ation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.s
ys -- (igfx)
DRV:[b]64bit:[/b] - [2008/09/16 [Link] | 000,458,752 | ---- | M] (IDT, Inc.) [
Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\[Link] -- (ST
HDA)
DRV:[b]64bit:[/b] - [2008/09/03 [Link] | 000,199,728 | ---- | M] (Alps Electri
c Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfi
[Link] -- (ApfiltrService)
DRV:[b]64bit:[/b] - [2008/09/01 [Link] | 000,392,192 | ---- | M] (Marvell) [Ke
rnel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\[Link] -- (yuko
nx64)
DRV:[b]64bit:[/b] - [2008/02/13 [Link] | 000,017,920 | ---- | M] (A4Tech Co.,L
td.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\[Link]
-- (Amusbprt)
DRV:[b]64bit:[/b] - [2008/01/20 [Link] | 000,317,952 | ---- | M] (Intel Corpor
ation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.s
ys -- (e1express)
DRV:[b]64bit:[/b] - [2007/10/15 [Link] | 000,012,288 | ---- | M] ((Standard mo
use types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64
.sys -- (Amfilter)
DRV:[b]64bit:[/b] - [2006/11/02 [Link] | 002,488,320 | ---- | M] (ATI Technolo
gies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmd
[Link] -- (R300)
DRV - [2012/02/02 [Link] | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [
Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\[Link] -- (NPPTNT2)
DRV - [2010/08/25 [Link] | 000,013,704 | ---- | M] () [Kernel | On_Demand | St
opped] -- C:\Windows\SysWOW64\[Link] -- (prwntdrv)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}:
"URL" = [Link]
}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7
DKUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link]
[Link]/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090113
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http:/
/[Link]/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank


IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http:/
/[Link]/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5CD0240E-4585-4BA8-B77D-14F058C9F7F4}: "URL" = http:/
/[Link]/search?q={searchTerms}&sourceid=ie7&rls=[Link]:{language}
:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{AAFEBCE4-37E4-4169-B939-5A517582FD5C}: "URL" = http:/
/[Link]/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=a07d
07ec657c40c79ed148e5f5cfb016&tu=10G90008a2B0008&sku=&tstsId=&ver=&&r=531
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEna
ble" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOve
rride" = <local>
[color=#E56717]========== FireFox ==========[/color]
FF - [Link]..[Link]: "about:blank"
FF - [Link]..[Link]: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:
6.0.22
FF - [Link]..[Link]: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:
6.0.24
FF - [Link]..[Link]: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:
6.0.26
FF - [Link]..[Link]: webmaster@[Link].2
FF - [Link]..[Link]: foxyproxy@[Link].1.2
FF - [Link]..[Link]: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:
6.0.29
FF - [Link]..[Link]: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6
.0.22
FF - [Link]..[Link]: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6
.0.24
FF - [Link]..[Link]: moveplayer@[Link]
FF - [Link]..[Link]: web@[Link].4
FF - [Link] - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@[Link]/FlashPlayer: C:\Windo
ws\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@[Link]/DTPlugin,version=10.7.
2: C:\Windows\system32\[Link] (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@[Link]/JavaPlugin,version=10.
7.2: C:\Program Files\Java\jre7\bin\plugin2\[Link] (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@[Link]/FlashPlayer: C:\Windows\SysWOW64\Ma
cromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@[Link]/asp/npaosmgr.1: C:\Program Files (
x86)\AhnLab\ASP\Components\aosmgr\[Link] (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@[Link]/DivX Player Plugin,version=1.0.0: C:
\Program Files (x86)\DivX\DivX Player\[Link] File not found
FF - HKLM\Software\MozillaPlugins\@[Link]/GoogleEarthPlugin: C:\Program File
s (x86)\Google\Google Earth\plugin\[Link] (Google)
FF - HKLM\Software\MozillaPlugins\@[Link]/DTPlugin,version=10.7.2: C:\Windows\
SysWOW64\[Link] (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@[Link]/JavaPlugin,version=10.7.2: C:\Progra
m Files (x86)\Java\jre7\bin\plugin2\[Link] (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@[Link]/YahooMessengerStatePlugin
;version=[Link]: C:\Program Files (x86)\Yahoo!\Shared\[Link] (Yahoo! Inc.
)
FF - HKLM\Software\MozillaPlugins\@[Link]/NpCtrl,version=1.0: c:\Program
Files (x86)\Microsoft Silverlight\5.1.20125.0\[Link] ( Microsoft Corporation
)

FF - HKLM\Software\MozillaPlugins\@[Link]/WPF,version=3.5: c:\Windows\Mic
[Link]\Framework\v3.5\Windows Presentation Foundation\[Link] (Microsoft C
orporation)
FF - HKLM\Software\MozillaPlugins\@[Link]/NxGame: C:\ProgramData\Nexon\NGM\np
[Link] (Nexon)
FF - HKLM\Software\MozillaPlugins\@[Link]/NxGame: \NGM\[Link] File no
t found
FF - HKLM\Software\MozillaPlugins\@[Link]/PandoWebPlugin: C:\Program
Files (x86)\Pando Networks\Media Booster\[Link] (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@[Link]/Google Update;version=3: C:\
Program Files (x86)\Google\Update\[Link]\[Link] (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@[Link]/Google Update;version=9: C:\
Program Files (x86)\Google\Update\[Link]\[Link] (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@[Link]/veetleCorePlugin,version=0.9.18: C
:\Program Files (x86)\Veetle\plugins\[Link] (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@[Link]/veetlePlayerPlugin,version=0.9.18:
C:\Program Files (x86)\Veetle\Player\[Link] (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@[Link]/VeohPlayer: C:\Program Files (x86)\V
eoh Networks\Veoh\Plugins\noreg\[Link] (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@[Link]/VeohTVPlugin: C:\Program Files (x86)
\Veoh Networks\VeohWebPlayer\[Link] (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@[Link]/VeohWebPlayer: C:\Program Files (x86
)\Veoh Networks\VeohWebPlayer\[Link] (Veoh)
FF - HKLM\Software\MozillaPlugins\@[Link]/vlc,version=2.0.6: C:\Program Fi
les (x86)\VideoLAN\VLC\[Link] (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@[Link]/npVeraport20: C:\Program Files (x
86)\Wizvera\Veraport20\[Link] ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Rea
der 10.0\Reader\AIR\[Link] (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@[Link]/FBPlugin,version=1.0.3: C:\Users
\home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@[Link]/Quantum Media Player: C:\Use
rs\home\AppData\Roaming\Move Networks\plugins\[Link] (Move Networ
ks)
FF - HKCU\Software\MozillaPlugins\@[Link]/Google Update;version=3: C:\
Users\home\AppData\Local\Google\Update\[Link]\[Link] (Google In
c.)
FF - HKCU\Software\MozillaPlugins\@[Link]/Google Update;version=9: C:\
Users\home\AppData\Local\Google\Update\[Link]\[Link] (Google In
c.)
FF - HKCU\Software\MozillaPlugins\[Link]/PandoWebPlugin: C:\Program F
iles (x86)\Pando Networks\Media Booster\[Link] (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB
3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2013/06/15 [Link] | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D
-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
[2013/06/15 [Link] | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Compone
nts: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/05 [Link] | 00
0,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins
: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/05 [Link] | 000,000,
000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\web@[Link]: C:\Pro
gram Files (x86)\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/03 [Link]
| 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetwo
[Link]: C:\Users\home\AppData\Roaming\Move Networks [2010/03/14 [Link] | 000,

000,000 | ---D | M]
[2010/03/14 [Link] | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\
AppData\Roaming\Mozilla\Extensions
[2009/08/02 [Link] | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\
AppData\Roaming\Mozilla\Extensions\MediaCoder
[2011/09/21 [Link] | 000,000,000 | ---D | M] (No name found) -- C:\Users\home\
AppData\Roaming\Mozilla\Firefox\Profiles\[Link]\extensions
[2011/09/21 [Link] | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\
home\AppData\Roaming\Mozilla\Firefox\Profiles\[Link]\extensions\foxypr
oxy@[Link]
[2011/07/18 [Link] | 000,031,748 | ---- | M] () (No name found) -- C:\Users\ho
me\AppData\Roaming\Mozilla\Firefox\Profiles\[Link]\extensions\webmaste
r@[Link]
[2012/06/15 [Link] | 000,000,000 | ---D | M] (No name found) -- C:\Program Fil
es (x86)\Mozilla Firefox\extensions
[2011/02/26 [Link] | 000,000,000 | ---D | M] (Java Console) -- C:\Program File
s (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/27 [Link] | 000,000,000 | ---D | M] (Java Console) -- C:\Program File
s (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/15 [Link] | 000,000,000 | ---D | M] (Java Console) -- C:\Program File
s (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/07/14 [Link] | 000,000,000 | ---D | M] (Microsoft .NET Framework Assista
nt) -- C:\WINDOWS\[Link]\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\D
OTNETASSISTANTEXTENSION
[2011/06/29 [Link] | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Progra
m Files (x86)\mozilla firefox\components\[Link]
[2011/12/09 [Link] | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Fi
les (x86)\mozilla firefox\plugins\[Link]
[2010/01/01 [Link] | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozi
lla firefox\searchplugins\[Link]
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerm
s}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{go
ogle:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:ins
tantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{goog
le:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPositio
n}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: about:Tabs
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\home\AppData\Local\Google\Chrom
e\Application\27.0.1453.110\[Link]
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\home\AppData\Local\Google\C
hrome\Application\27.0.1453.110\[Link]
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\home\AppData\Local\Google\Chr
ome\Application\27.0.1453.110\[Link]
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPS
WF32_11_3_300_265.dll
CHR - plugin: IE Tab Multi (Enabled) = C:\Users\home\AppData\Local\Google\Chrome
\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\plugin/
[Link]
CHR - plugin: IE Tab Multi (SPA) (Enabled) = C:\Users\home\AppData\Local\Google\
Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea\1.0.0.1_0\p
lugin/[Link]
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0
\Reader\Browser\[Link]

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:


\Program Files (x86)\Mozilla Firefox\plugins\[Link]
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files
(x86)\Mozilla Firefox\plugins\[Link]
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mo
zilla Firefox\plugins\[Link]
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla F
irefox\plugins\[Link]
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\[Link]
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\[Link]
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\[Link]
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\[Link]
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\[Link]
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\[Link]
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla
Firefox\plugins\[Link]
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Moz
illa Firefox\plugins\[Link]
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\home\AppData\Roaming\Mozil
la\plugins\[Link]
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\home\App
Data\Roaming\Mozilla\plugins\[Link]
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Goog
le Earth\plugin\[Link]
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3
.21.115\[Link]
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\
jre7\bin\plugin2\[Link]
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks
\Media Booster\[Link]
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\
[Link]
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\n
[Link]
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files (x86)\Veoh Networks\Veo
hWebPlayer\[Link]
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files (x86)\Veoh Netwo
rks\VeohWebPlayer\[Link]
CHR - plugin: NPVeohVersion plugin (Enabled) = C:\Program Files (x86)\Veoh Netwo
rks\Veoh\Plugins\noreg\[Link]
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npv
[Link]
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64
\TrustChecker\bin\[Link]
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\Nexon\NGM\npnxgam
[Link]
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\home\AppData\Roaming\Facebook
\npfbplugin_1_0_3.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\home\AppData\Roam
ing\Move Networks\plugins\[Link]
CHR - plugin: Java Deployment Toolkit [Link] (Enabled) = C:\Windows\SysWOW64\n
[Link]
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft S
ilverlight\5.1.10411.0\[Link]

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.N


ET\Framework\v3.5\Windows Presentation Foundation\[Link]
CHR - Extension: reddit companion = C:\Users\home\AppData\Local\Google\Chrome\Us
er Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe\1.1.2_0\
CHR - Extension: YouTube = C:\Users\home\AppData\Local\Google\Chrome\User Data\D
efault\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\home\AppData\Local\Google\Chrome\User D
ata\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: 4chan Backtracebook = C:\Users\home\AppData\Local\Google\Chrome
\User Data\Default\Extensions\cjnalefakhffmjkhijpgdhkfeadhaljd\4.4_0\
CHR - Extension: Google Search = C:\Users\home\AppData\Local\Google\Chrome\User
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Proxy SwitchySharp = C:\Users\home\AppData\Local\Google\Chrome\
User Data\Default\Extensions\dpplabbmogkhghncfbfdeeokoefdjegm\1.9.52_0\
CHR - Extension: Facebook Disconnect = C:\Users\home\AppData\Local\Google\Chrome
\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Jeffrey's Exif viewer = C:\Users\home\AppData\Local\Google\Chro
me\User Data\Default\Extensions\glpbdeclgjmeoojlmhpamjddandmplki\1.0.8_0\
CHR - Extension: karma_decay_chrome.[Link] = C:\Users\home\AppData\Local\Google
\Chrome\User Data\Default\Extensions\goagnjjfnnhjeodgcilbcpdcpabaajld\1.0_0\
CHR - Extension: IE Tab = C:\Users\home\AppData\Local\Google\Chrome\User Data\De
fault\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.6.12.2_0\
CHR - Extension: uSelect iDownload = C:\Users\home\AppData\Local\Google\Chrome\U
ser Data\Default\Extensions\ileabdhfjmgaognikmjgmhhkjffggejc\1.9_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\home\AppData\Local\Google\C
hrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.2.0.1_0\
CHR - Extension: FVD Video Downloader = C:\Users\home\AppData\Local\Google\Chrom
e\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.2.0_0\
CHR - Extension: Download Master = C:\Users\home\AppData\Local\Google\Chrome\Use
r Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\3.0.1.2_0\
CHR - Extension: Smooth Gestures = C:\Users\home\AppData\Local\Google\Chrome\Use
r Data\Default\Extensions\nmndalkkpgannmgccacmlmpaphdjbdkd\0.15.4_0\
CHR - Extension: Gmail = C:\Users\home\AppData\Local\Google\Chrome\User Data\Def
ault\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/06/16 [Link] | 000,000,027 | ---- | M]) - C:\Windows\Sys
Native\drivers\etc\Hosts
O1 - Hosts: [Link]
localhost
O2:[b]64bit:[/b] - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-833457288578C627} - C:\Program Files (x86)\Shareaza\[Link] File not found
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB
-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\[Link] (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4
D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\b
in\[Link] (Check Point Software Technologies)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC
74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\[Link] (Oracle Corporation
)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C
:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\[Link]\
bh\[Link] (Check Point Software Technologies LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files (x86)\Java\jre7\bin\[Link] (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB
7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\Trust
[Link] (Check Point Software Technologies)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777}
- C:\Program Files (x86)\Dell\BAE\[Link] (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A
9} - C:\Program Files (x86)\Java\jre7\bin\[Link] (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\P


rogram Files (x86)\Yahoo!\Companion\Installs\cpn\[Link] (Yahoo! In
c)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0
-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker
\bin\[Link] (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar
.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C
7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonea
larm\[Link]\[Link] (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112D
AE} - C:\Program Files (x86)\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.d
ll (Veoh Networks)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA
1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\Tru
[Link] (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD
4F} - No CLSID value found.
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE
2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\T
rustchecker\bin\[Link] (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4E
C6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChec
ker\bin\[Link] (Check Point Software Technologies)
O4:[b]64bit:[/b] - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\[Link] (Al
ps Electric Co., Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNati
ve\[Link] (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\[Link] (Int
el Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Mat
rix Storage Manager\[Link] (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\[Link] (Int
el Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\Fo
[Link] (Check Point Software Technologies)
O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\
[Link] (Microsoft Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\[Link] (
Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\[Link]
e (IDT, Inc.)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriai
[Link] (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple App
lication Support\[Link] (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell W
ebcam Central\[Link] (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\[Link]
e (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.
exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\home\AppData\Local\Akama
i\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [[Link]] C:\Users\home\Local Settings\Apps\[Link]\[Link] ()
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\[Link] (PeerBlock
, LLC)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\[Link] ()

O4 - Startup: C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Program


s\Startup\[Link] = C:\Program Files (x86)\Stickies\[Link] (Zhorn Sof
tware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives
= 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives
= 0
O8:[b]64bit:[/b] - Extra context menu item: Download with GetRight - C:\Program
Files (x86)\GetRight\[Link] ()
O8:[b]64bit:[/b] - Extra context menu item: Download with ImTOO Download YouTube
Video - C:\Program Files (x86)\ImTOO\Download YouTube Video\upod_link.HTM ()
O8:[b]64bit:[/b] - Extra context menu item: Open with GetRight Browser - C:\Prog
ram Files (x86)\GetRight\[Link] ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\Ge
tRight\[Link] ()
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Pr
ogram Files (x86)\ImTOO\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86
)\GetRight\[Link] ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C
608501} - C:\Program Files (x86)\Java\jre7\bin\[Link] ()
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [Link]
download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/[Link] (Windo
ws Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [Link]
/pub/shockwave/cabs/director/[Link] (Shockwave ActiveX Control)
O16 - DPF: {477D5B9A-6479-44F8-9718-9340119B0308} [Link]
ce/download/veraport/down/[Link] (Veraport20Ctl Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} [Link]
profiler/[Link] (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Link]
.0/jinstall-1_7_0_05-[Link] (Reg Error: Value error.)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} [Link]
erScanner/[Link] ([Link])
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} [Link]
profiler/[Link] ([Link])
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} [Link]
.0/jinstall-1_7_0_05-[Link] (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Link]
.0/jinstall-1_7_0_05-[Link] (Java Plug-in 10.7.2)
O16 - DPF: {D96365C6-ACCB-4546-A878-E16178C48FF0} [Link]
[Link] (CHZERO MAP CTRL 2009)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [Link]
S/getPlusPlus/1.6/[Link] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = [Link] 75
.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CD5508C-70D3-473A-8
9DD-848D98597090}: DhcpNameServer = [Link] [Link]
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap - No CLSID value found

O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found


O18:[b]64bit:[/b] - Protocol\Handler\s-http - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61}
- C:\Program Files (x86)\Common Files\System\Ole DB\[Link] (Microsoft Corp
oration)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:
\Program Files (x86)\Common Files\System\Ole DB\[Link] (Microsoft Corporati
on)
O18 - Protocol\Handler\s-http {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Progra
m Files (x86)\Initech\SHTTP\[Link] ((c) INITECH)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Pro
gram Files (x86)\Common Files\Skype\[Link] (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - ([Link]) - C:\Windows\explorer.
exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\[Link])
- C:\Windows\SysNative\[Link] (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ([Link]) - C:\Windows\SysWow64\[Link] (
Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\[Link]) - C:\Windows\
SysWOW64\[Link] (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - ([Link]) - C:\Window
s\SysNative\[Link] (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/col
or]
[2013/06/17 [Link] | 000,000,000
[2013/06/17 [Link] | 000,000,000
[2013/06/17 [Link] | 000,602,112
\Desktop\OTL (1).exe
[2013/06/17 [Link] | 000,545,954
home\Desktop\[Link]
[2013/06/16 [Link] | 000,000,000
[2013/06/16 [Link] | 000,518,144
xe
[2013/06/16 [Link] | 000,406,528
e
[2013/06/16 [Link] | 000,060,416
e
[2013/06/16 [Link] | 000,000,000
[2013/06/16 [Link] | 000,000,000
[2013/06/15 [Link] | 001,814,144
ers\home\Desktop\[Link]
[2013/06/15 [Link] | 001,814,144
ers\home\Desktop\[Link]
[2013/06/15 [Link] | 005,080,151

| ---D | C] -- C:\Windows\ERUNT
| ---D | C] -- C:\JRT
| ---- | C] (OldTimer Tools) -- C:\Users\home
| ---- | C] (Oleg N. Scherbakov) -- C:\Users\
| -HSD | C] -- C:\$[Link]
| ---- | C] (SteelWerX) -- C:\Windows\SWREG.e
| ---- | C] (SteelWerX) -- C:\Windows\[Link]
| ---- | C] (NirSoft) -- C:\Windows\[Link]
| ---D | C] -- C:\Qoobox
| ---D | C] -- C:\Windows\erdnt
| ---- | C] (Bleeping Computer, LLC) -- C:\Us
| ---- | C] (Bleeping Computer, LLC) -- C:\Us
| R--- | C] (Swearware) -- C:\Users\home\Desk

top\[Link]
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\RK_Quara
ntine
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\Users\home\Documents\ForceF
ield Shared Files
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Ma
cromedia
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windo
ws\Start Menu\Programs\Check Point
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check P
oint Software Technologies LTD
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\
Check Point Software Technologies LTD
[2013/06/15 [Link] | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPo
int
[2013/06/15 [Link] | 000,688,992 | R--- | C] (Swearware) -- C:\Users\home\Desk
top\[Link]
[2013/06/14 [Link] | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' A
nti-Malware (portable)
[2013/06/14 [Link] | 000,000,000 | ---D | C] -- C:\Users\home\Desktop\mbar
[2013/06/13 [Link] | 006,018,568 | ---- | C] (Trend Micro, Inc.
) -- C:\Users\home\Desktop\[Link]
[2013/06/12 [Link] | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\[Link]
[2013/06/12 [Link] | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\[Link]
[2013/06/12 [Link] | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\[Link]
[2013/06/12 [Link] | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\[Link]
[2013/06/12 [Link] | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\[Link]
[2013/06/12 [Link] | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/12 [Link] | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\[Link]
[2013/06/12 [Link] | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/11 [Link] | 001,078,272 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/11 [Link] | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysWow64\[Link]
[2013/06/11 [Link] | 001,269,248 | ---- | C] (Microsoft Corporation) -- C:\Win
dows\SysNative\[Link]
[2013/06/11 [Link] | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Win

dows\SysNative\[Link]
[2013/06/11 [Link] | 000,050,688 | ---- |
dows\SysNative\[Link]
[2013/06/11 [Link] | 000,041,984 | ---- |
dows\SysWow64\[Link]
[2013/06/11 [Link] | 000,030,720 | ---- |
dows\SysNative\[Link]
[2013/06/11 [Link] | 000,024,576 | ---- |
dows\SysWow64\[Link]
[2013/06/11 [Link] | 000,686,080 | ---- |
dows\SysNative\[Link]
[2013/06/11 [Link] | 000,443,904 | ---- |
dows\SysWow64\[Link]
[2013/06/11 [Link] | 000,037,376 | ---- |
dows\SysWow64\[Link]
[2013/06/05 [Link] | 000,000,000 | ---D |
[2013/06/05 [Link] | 000,000,000 | ---D |
ws\Start Menu\Programs\Python 2.7
[2013/06/05 [Link] | 000,000,000 | ---D |
[2013/06/05 [Link] | 000,000,000 | ---D |
ws\Start Menu\Programs\QuickTime
[2013/06/05 [Link] | 000,000,000 | ---D |
me
[2013/06/05 [Link] | 000,000,000 | ---D |
[2013/06/04 [Link] | 000,000,000 | ---D |
ws\Start Menu\Programs\GNU Octave (3.6.4)
[2013/06/04 [Link] | 000,000,000 | ---D |
[2013/06/04 [Link] | 000,000,000 | ---D |
[1 C:\Windows\SysNative\drivers\*.tmp files
p -> ]

C] (Microsoft Corporation) -- C:\Win


C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] (Microsoft Corporation) -- C:\Win
C] -- C:\Users\home\.idlerc
C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\Python27
C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\Program Files (x86)\QuickTi
C] -- C:\ProgramData\Apple Computer
C] -- C:\ProgramData\Microsoft\Windo
C] -- C:\Software
C] -- C:\Octave
-> C:\Windows\SysNative\drivers\*.tm

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2013/06/17 [Link] | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
[Link]
[2013/06/17 [Link] | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296F
B0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/17 [Link] | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296F
B0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/17 [Link] | 000,067,584 | --S- | M] () -- C:\Windows\[Link]
[2013/06/17 [Link] | 000,000,329 | ---- | M] () -- C:\Windows\DeleteOnReboot.b
at
[2013/06/17 [Link] | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flas
h Player [Link]
[2013/06/17 [Link] | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\home
\Desktop\OTL (1).exe
[2013/06/17 [Link] | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\
home\Desktop\[Link]
[2013/06/17 [Link] | 000,648,201 | ---- | M] () -- C:\Users\home\Desktop\adwcl
[Link]
[2013/06/17 [Link] | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
[Link]
[2013/06/17 [Link] | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
[Link]
[2013/06/17 [Link] | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpda
[Link]
[2013/06/16 [Link] | 000,005,972 | ---- | M] () -- C:\Users\home\AppData\Local
\[Link]
[2013/06/16 [Link] | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\driver
s\etc\hosts

[2013/06/15 [Link] | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Us


ers\home\Desktop\[Link]
[2013/06/15 [Link] | 001,814,144 | ---- | M] (Bleeping Computer, LLC) -- C:\Us
ers\home\Desktop\[Link]
[2013/06/15 [Link] | 005,080,151 | R--- | M] (Swearware) -- C:\Users\home\Desk
top\[Link]
[2013/06/15 [Link] | 000,417,563 | ---- | M] () -- C:\Windows\SysNative\driver
s\[Link]
[2013/06/15 [Link] | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Zon
eAlarm [Link]
[2013/06/15 [Link] | 000,688,992 | R--- | M] (Swearware) -- C:\Users\home\Desk
top\[Link]
[2013/06/14 [Link] | 000,791,040 | ---- | M] () -- C:\Users\home\Desktop\Rogue
[Link]
[2013/06/14 [Link] | 013,169,742 | ---- | M] () -- C:\Users\home\Desktop\[Link]
[2013/06/14 [Link] | 000,054,725 | ---- | M] () -- C:\Users\home\Desktop\40188
1_369322526501674_439372319_n.jpg
[2013/06/13 [Link] | 000,174,050 | ---- | M] () -- C:\Users\home\Desktop\Untit
[Link]
[2013/06/13 [Link] | 006,018,568 | ---- | M] (Trend Micro, Inc.
) -- C:\Users\home\Desktop\[Link]
[2013/06/13 [Link] | 000,165,376 | ---- | M] () -- C:\Users\home\AppData\Local
\[Link]
[2013/06/12 [Link] | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C
:\Windows\SysWow64\[Link]
[2013/06/12 [Link] | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C
:\Windows\SysWow64\[Link]
[2013/06/09 [Link] | 000,002,557 | ---- | M] () -- C:\Users\home\Desktop\HiJac
[Link]
[2013/06/08 [Link] | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Mal
warebytes [Link]
[2013/06/06 [Link] | 000,011,377 | ---- | M] () -- C:\Users\home\[Link]
[2013/06/06 [Link] | 000,002,041 | ---- | M] () -- C:\Users\home\Application D
ata\Microsoft\Internet Explorer\Quick Launch\Google [Link]
[2013/06/05 [Link] | 000,000,424 | ---- | M] () -- C:\Users\home\.octaverc
[2013/06/05 [Link] | 000,544,427 | ---- | M] () -- C:\Users\home\Desktop\short
-[Link]
[2013/06/05 [Link] | 000,000,724 | ---- | M] () -- C:\Users\home\Desktop\Domai
[Link] - [Link]
[2013/06/04 [Link] | 000,000,261 | ---- | M] () -- C:\Users\home\.octave_hist
[2013/06/04 [Link] | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Oct
ave [Link]
[2013/05/26 [Link] | 000,756,338 | ---- | M] () -- C:\Windows\SysNative\PerfSt
[Link]
[2013/05/26 [Link] | 000,640,870 | ---- | M] () -- C:\Windows\SysNative\perfh0
[Link]
[2013/05/26 [Link] | 000,119,090 | ---- | M] () -- C:\Windows\SysNative\perfc0
[Link]
[2013/05/25 [Link] | 000,040,119 | ---- | M] () -- C:\Users\home\Desktop\SmT0T
[Link]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tm
p -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/06/17 [Link] | 000,000,329 | ---- | C] () -- C:\Windows\DeleteOnReboot.b
at
[2013/06/17 [Link] | 000,648,201 | ---- | C] () -- C:\Users\home\Desktop\adwcl
[Link]

[2013/06/16 [Link] | 000,256,000 | ---[2013/06/16 [Link] | 000,208,896 | ---[2013/06/16 [Link] | 000,098,816 | ---[2013/06/16 [Link] | 000,080,412 | ---[2013/06/16 [Link] | 000,068,096 | ---[2013/06/15 [Link] | 000,417,563 | ---s\[Link]
[2013/06/14 [Link] | 000,791,040 | ---[Link]
[2013/06/14 [Link] | 013,169,742 | ---[Link]
[2013/06/14 [Link] | 000,054,725 | ---1_369322526501674_439372319_n.jpg
[2013/06/13 [Link] | 000,174,050 | ---[Link]
[2013/06/05 [Link] | 000,544,427 | ----[Link]
[2013/06/05 [Link] | 000,000,424 | ---[2013/06/05 [Link] | 000,000,724 | ---[Link] - [Link]
[2013/06/04 [Link] | 000,000,261 | ---[2013/06/04 [Link] | 000,001,693 | ---ave [Link]
[2013/05/25 [Link] | 000,040,119 | ---[Link]
[2012/12/14 [Link] | 000,645,632 | ---[Link]
[2012/12/14 [Link] | 000,240,640 | ---.dll
[2012/07/29 [Link] | 000,047,280 | ---\[Link]
[2012/07/29 [Link] | 000,000,024 | ---[Link]
[2012/07/29 [Link] | 000,024,576 | ---ll
[2011/12/30 [Link] | 000,175,616 | ---ll
[2011/12/30 [Link] | 000,079,360 | ---dll
[2011/12/28 [Link] | 000,234,768 | ---[Link]
[2011/12/28 [Link] | 000,075,136 | ---[Link]
[2011/12/10 [Link] | 000,000,000 | ---\{2205DC0E-1DA3-4C4A-8515-33A3AE64A23F}
[2011/12/04 [Link] | 000,005,255 | ---[Link]
[2011/08/25 [Link] | 000,000,036 | ---[Link]
[2011/06/30 [Link] | 000,098,696 | ---[Link]
[2011/06/30 [Link] | 000,013,704 | ---[Link]
[2011/03/29 [Link] | 000,000,483 | RH-[2010/09/28 [Link] | 000,000,867 | ---(with feedback).sps
[2010/07/14 [Link] | 000,009,704 | ---[Link]
[2010/07/14 [Link] | 000,009,704 | ---k

|
|
|
|
|
|

C]
C]
C]
C]
C]
C]

()
()
()
()
()
()

-------

C:\Windows\[Link]
C:\Windows\[Link]
C:\Windows\[Link]
C:\Windows\[Link]
C:\Windows\[Link]
C:\Windows\SysNative\driver

| C] () -- C:\Users\home\Desktop\Rogue
| C] () -- C:\Users\home\Desktop\mbar| C] () -- C:\Users\home\Desktop\40188
| C] () -- C:\Users\home\Desktop\Untit
| C] () -- C:\Users\home\Desktop\short
| C] () -- C:\Users\home\.octaverc
| C] () -- C:\Users\home\Desktop\Domai
| C] () -- C:\Users\home\.octave_hist
| C] () -- C:\Users\Public\Desktop\Oct
| C] () -- C:\Users\home\Desktop\SmT0T
| C] () -- C:\Windows\SysWow64\xvidcor
| C] () -- C:\Windows\SysWow64\xvidvfw
| C] () -- C:\Windows\SysWow64\drivers
| C] () -- C:\Windows\SysWow64\scskCon
| C] () -- C:\Windows\INIUpdateAdmin.d
| C] () -- C:\Windows\SysWow64\unrar.d
| C] () -- C:\Windows\SysWow64\ff_vfw.
| C] () -- C:\Windows\SysWow64\PnkBstr
| C] () -- C:\Windows\SysWow64\PnkBstr
| C] () -- C:\Users\home\AppData\Local
| C] () -- C:\Users\home\.recently-use
| C] () -- C:\Users\home\.[Link].
| C] () -- C:\Windows\SysWow64\setuppr
| C] () -- C:\Windows\SysWow64\prwntdr
| C] () -- C:\Users\home\[Link]
| C] () -- C:\Users\home\sean - delay
| C] () -- C:\Users\home\[Link]
| C] () -- C:\Users\home\[Link]

[2010/07/14 [Link] | 000,009,704 | ---[2009/12/19 [Link] | 000,002,146 | ---[2009/12/07 [Link] | 000,001,064 | RH-[2009/12/07 [Link] | 000,000,483 | RH-[2009/06/24 [Link] | 000,000,204 | ---ng\[Link]
[2009/06/09 [Link] | 000,004,200 | ---eg
[2009/06/09 [Link] | 000,001,264 | ---g
[2009/06/09 [Link] | 000,000,579 | ---d
[2009/06/09 [Link] | 000,004,200 | ---[Link]
[2009/06/09 [Link] | 000,001,264 | ---[Link]
[2009/06/09 [Link] | 000,000,579 | ---[Link]
[2009/05/26 [Link] | 000,000,056 | -H-[2009/05/04 [Link] | 000,005,972 | ---\[Link]
[2009/03/04 [Link] | 000,011,377 | ---[2009/03/04 [Link] | 000,165,376 | ---\[Link]

|
|
|
|
|

C]
C]
C]
C]
C]

()
()
()
()
()

------

C:\Users\home\[Link]
C:\Users\home\[Link]
C:\Users\home\[Link]
C:\Users\home\[Link]
C:\Users\home\AppData\Roami

| C] () -- C:\Program Files\TweakMSO.r
| C] () -- C:\Program Files\[Link]
| C] () -- C:\Program Files\[Link]
| C] () -- C:\Program Files (x86)\Twea
| C] () -- C:\Program Files (x86)\NoRe
| C] () -- C:\Program Files (x86)\inst
| C] () -- C:\ProgramData\[Link]
| C] () -- C:\Users\home\AppData\Local
| C] () -- C:\Users\home\[Link]
| C] () -- C:\Users\home\AppData\Local

[color=#E56717]========== ZeroAccess Check ==========[/color]


[2006/11/02 [Link] | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop
.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}
\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0
c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}
\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-4
09d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1
}\InProcServer32] /64
"" = C:\Windows\SysNative\[Link] -- [2012/06/08 [Link] | 012,899,840 | --- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a30c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\[Link] -- [2012/06/08 [Link] | 011,586,048 | --- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F
}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\[Link] -- [2009/04/11 [Link] | 000,891,39
2 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDAD6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\[Link] -- [2009/04/10 [Link] | 000,614,9
12 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1
}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\[Link] -- [2008/01/20 [Link] | 000,513,024
| ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB3285FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\[Link]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data
@Alternate Data
[Link]
@Alternate Data
@Alternate Data
@Alternate Data
@Alternate Data

Stream - 16 bytes -> C:\Users\home\Downloads:[Link]


Stream - 16 bytes -> C:\Users\home\Documents\Shareaza Downloads:
Stream
Stream
Stream
Stream

< End of report >

16 bytes -> C:\Temp:[Link]


135 bytes -> C:\ProgramData\TEMP:9E00596C
131 bytes -> C:\ProgramData\TEMP:F8D65F32
110 bytes -> C:\ProgramData\TEMP:2C595FF3

You might also like