daily pastebin goal
34%
SHARE
TWEET

Untitled

thatoneging Jun 2nd, 2013 631 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. OTL logfile created on: 6/2/2013 3:22:52 AM - Run 1
  2. OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ETHAN\Downloads
  3. 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
  4. Internet Explorer (Version = 9.10.9200.16576)
  5. Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
  6.  
  7. 3.95 Gb Total Physical Memory | 0.56 Gb Available Physical Memory | 14.22% Memory free
  8. 7.90 Gb Paging File | 2.64 Gb Available in Paging File | 33.47% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 279.60 Gb Total Space | 101.14 Gb Free Space | 36.17% Space Free | Partition Type: NTFS
  13. Drive D: | 14.33 Gb Total Space | 1.59 Gb Free Space | 11.13% Space Free | Partition Type: NTFS
  14. Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.23% Space Free | Partition Type: FAT32
  15. Drive F: | 40.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
  16.  
  17. Computer Name: ETHAN-HP | User Name: ETHAN | Logged in as Administrator.
  18. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
  19. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  20.  
  21. [color=#E56717]========== Processes (SafeList) ==========[/color]
  22.  
  23. PRC - [2013/06/02 03:20:51 | 000,712,264 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Temp\is-0E4T1.tmp\mbam-setup-1.75.0.1300.tmp
  24. PRC - [2013/06/02 03:18:49 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\ETHAN\Downloads\aswMBR (1).exe
  25. PRC - [2013/06/02 03:18:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ETHAN\Downloads\OTL.com
  26. PRC - [2013/06/02 03:18:14 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\ETHAN\Downloads\mbam-setup-1.75.0.1300.exe
  27. PRC - [2013/06/02 03:15:16 | 000,890,839 | ---- | M] () -- C:\Users\ETHAN\Downloads\SecurityCheck.exe
  28. PRC - [2013/06/02 03:04:55 | 000,021,504 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\ajYsi\spoolsv.exe
  29. PRC - [2013/06/02 03:04:22 | 000,805,888 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\a69.exe
  30. PRC - [2013/06/01 13:24:22 | 000,753,664 | -HS- | M] (Adobe Systems Incorporated) -- C:\Users\ETHAN\AppData\Roaming\xsekq.exe
  31. PRC - [2013/06/01 00:14:08 | 000,021,504 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\iXMgX\explorer.exe
  32. PRC - [2013/06/01 00:13:53 | 000,805,888 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\BTC-m.exe
  33. PRC - [2013/05/31 22:01:11 | 001,157,632 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\bitcoin.exe
  34. PRC - [2013/05/31 17:56:00 | 001,393,664 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\s39tn.exe
  35. PRC - [2013/05/31 04:17:07 | 000,055,808 | ---- | M] (Systemt) -- C:\Users\ETHAN\AppData\Roaming\WindowsFiles\shell.exe
  36. PRC - [2013/05/31 04:17:07 | 000,055,808 | ---- | M] (Systemt) -- C:\Users\ETHAN\AppData\Roaming\WindowsFiles\macromedia.exe
  37. PRC - [2013/05/29 22:20:40 | 000,120,832 | -HS- | M] (Adobe Systems Incorporated) -- C:\Users\ETHAN\AppData\Roaming\Acrobat\Acrobat.exe
  38. PRC - [2013/05/27 22:16:59 | 001,045,072 | ---- | M] (BitTorrent Inc.) -- C:\Users\ETHAN\Downloads\utorrent.exe
  39. PRC - [2013/05/24 23:52:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
  40. PRC - [2013/05/10 21:18:14 | 004,573,184 | ---- | M] (Spotify Ltd) -- C:\Users\ETHAN\AppData\Roaming\Spotify\spotify.exe
  41. PRC - [2013/04/23 02:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
  42. PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
  43. PRC - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
  44. PRC - [2012/12/26 21:31:31 | 000,107,520 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
  45. PRC - [2012/12/14 05:33:18 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe
  46. PRC - [2012/12/14 05:33:18 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe
  47. PRC - [2012/09/29 20:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
  48. PRC - [2012/09/29 20:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
  49. PRC - [2012/09/29 20:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
  50. PRC - [2012/09/15 01:32:55 | 001,437,184 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Temp\Rar$EXa0.073\Project Neptune v2.0\Project Neptune v2.0.exe
  51. PRC - [2012/08/12 13:06:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\java.exe
  52. PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
  53. PRC - [2012/07/19 11:59:40 | 000,519,168 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
  54. PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
  55. PRC - [2012/06/07 18:01:12 | 011,824,128 | ---- | M] (Unremote.org) -- C:\Users\ETHAN\Desktop\DarkComet.exe
  56. PRC - [2012/04/13 17:25:26 | 000,474,097 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Freenet\freenet.exe
  57. PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
  58. PRC - [2011/06/15 19:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
  59. PRC - [2010/12/22 11:48:34 | 000,241,664 | ---- | M] (Tanuki Software, Ltd.) -- C:\Users\ETHAN\AppData\Local\Freenet\wrapper\freenetwrapper.exe
  60. PRC - [2010/11/20 22:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
  61. PRC - [2010/11/20 22:24:03 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Local\Temp\AppLaunch\winlogon.exe
  62. PRC - [2010/11/20 22:24:03 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Local\Temp\AppLaunch\Service.exe
  63. PRC - [2010/11/20 22:24:03 | 001,169,224 | -HS- | M] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Local\Temp\AppLaunch\Acrobet.exe
  64. PRC - [2010/11/20 22:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
  65. PRC - [2009/07/13 20:14:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscript.exe
  66.  
  67.  
  68. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  69.  
  70. MOD - [2013/06/02 03:15:16 | 000,890,839 | ---- | M] () -- C:\Users\ETHAN\Downloads\SecurityCheck.exe
  71. MOD - [2013/06/02 03:04:55 | 000,021,504 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\ajYsi\spoolsv.exe
  72. MOD - [2013/06/01 00:14:08 | 000,021,504 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\iXMgX\explorer.exe
  73. MOD - [2013/05/30 16:42:27 | 000,078,495 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Temp\jbigi3771541046168411641lib.tmp
  74. MOD - [2013/05/30 16:42:27 | 000,040,960 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Temp\jcpuid2807320525171282457lib.tmp
  75. MOD - [2013/05/24 23:52:13 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
  76. MOD - [2013/05/23 00:44:07 | 000,393,168 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
  77. MOD - [2013/05/23 00:44:06 | 013,136,336 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
  78. MOD - [2013/05/23 00:43:59 | 004,051,408 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
  79. MOD - [2013/05/23 00:43:06 | 000,599,504 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
  80. MOD - [2013/05/23 00:43:05 | 000,124,368 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll
  81. MOD - [2013/05/23 00:43:03 | 001,597,392 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
  82. MOD - [2013/05/18 03:10:47 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
  83. MOD - [2013/05/18 03:10:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
  84. MOD - [2013/05/18 03:10:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
  85. MOD - [2013/05/18 03:09:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
  86. MOD - [2013/05/18 03:09:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
  87. MOD - [2013/05/15 20:48:40 | 002,010,624 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_core220.dll
  88. MOD - [2013/05/15 20:48:40 | 001,241,088 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\opencv_imgproc220.dll
  89. MOD - [2013/05/10 21:18:14 | 024,985,600 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\Spotify\Data\libcef.dll
  90. MOD - [2013/02/23 03:01:04 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll
  91. MOD - [2013/02/07 12:35:40 | 000,579,904 | ---- | M] () -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
  92. MOD - [2013/01/12 05:02:12 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
  93. MOD - [2013/01/12 04:59:58 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f3c2e63623f7a64a35e3dd746b90edbc\PresentationFramework.Classic.ni.dll
  94. MOD - [2013/01/12 04:59:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
  95. MOD - [2013/01/12 04:58:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
  96. MOD - [2013/01/12 04:58:54 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
  97. MOD - [2013/01/12 04:58:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
  98. MOD - [2013/01/12 04:58:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
  99. MOD - [2013/01/12 04:58:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
  100. MOD - [2012/12/14 05:33:18 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe
  101. MOD - [2012/09/27 20:47:08 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyovpnc.pyd
  102. MOD - [2012/09/27 20:47:06 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.crypto.pyd
  103. MOD - [2012/09/27 20:47:06 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.SSL.pyd
  104. MOD - [2012/09/27 20:47:06 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.rand.pyd
  105. MOD - [2012/09/27 20:46:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\twisted.protocols._c_urlarg.pyd
  106. MOD - [2012/09/27 20:46:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\zope.interface._zope_interface_coptimizations.pyd
  107. MOD - [2012/09/15 01:32:55 | 001,437,184 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Temp\Rar$EXa0.073\Project Neptune v2.0\Project Neptune v2.0.exe
  108. MOD - [2012/07/19 11:59:38 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
  109. MOD - [2012/07/15 10:48:16 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.dll
  110. MOD - [2012/04/15 11:19:13 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
  111. MOD - [2012/04/13 17:25:26 | 000,474,097 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Freenet\freenet.exe
  112. MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
  113. MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
  114. MOD - [2012/02/07 10:16:12 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32com.shell.shell.pyd
  115. MOD - [2012/02/07 10:13:08 | 000,358,912 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pythoncom26.dll
  116. MOD - [2012/02/07 10:11:36 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32gui.pyd
  117. MOD - [2012/02/07 10:11:32 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32api.pyd
  118. MOD - [2012/02/07 10:10:50 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32process.pyd
  119. MOD - [2012/02/07 10:10:20 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32event.pyd
  120. MOD - [2012/02/07 10:09:54 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pywintypes26.dll
  121. MOD - [2012/02/07 09:10:40 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32pdh.pyd
  122. MOD - [2012/01/09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt32.dll
  123. MOD - [2011/02/04 08:26:00 | 000,522,752 | ---- | M] () -- C:\Users\ETHAN\Desktop\sqlite3.dll
  124. MOD - [2010/08/24 17:48:54 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\select.pyd
  125. MOD - [2010/08/24 17:48:52 | 000,286,208 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_hashlib.pyd
  126. MOD - [2010/08/24 17:48:48 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyexpat.pyd
  127. MOD - [2010/08/24 17:48:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ctypes.pyd
  128. MOD - [2010/08/24 17:48:02 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ssl.pyd
  129. MOD - [2010/08/24 17:47:50 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_socket.pyd
  130.  
  131.  
  132. [color=#E56717]========== Services (SafeList) ==========[/color]
  133.  
  134. SRV:[b]64bit:[/b] - [2012/12/16 06:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
  135. SRV:[b]64bit:[/b] - [2011/08/22 07:57:20 | 000,534,832 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\Unite\EzVpnSvc.exe -- (EzVpnSvc)
  136. SRV:[b]64bit:[/b] - [2011/06/08 14:58:48 | 000,301,568 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
  137. SRV:[b]64bit:[/b] - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
  138. SRV:[b]64bit:[/b] - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
  139. SRV:[b]64bit:[/b] - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  140. SRV - [2013/05/28 09:58:14 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
  141. SRV - [2013/05/24 23:52:13 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
  142. SRV - [2013/04/23 02:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
  143. SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
  144. SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
  145. SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
  146. SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
  147. SRV - [2013/02/25 08:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
  148. SRV - [2012/12/26 21:31:31 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\ETHAN\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
  149. SRV - [2012/12/14 05:33:18 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe -- (OpenVPNAccessClient)
  150. SRV - [2012/11/14 01:04:22 | 000,568,832 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
  151. SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
  152. SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
  153. SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
  154. SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
  155. SRV - [2011/11/29 21:17:50 | 000,138,248 | R--- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Norton Online\Engine\2.3.0.7\ccSvcHst.exe -- (NOF)
  156. SRV - [2011/05/06 01:06:46 | 000,263,496 | ---- | M] (HP) [Disabled | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
  157. SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
  158. SRV - [2011/03/07 19:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
  159. SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
  160. SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
  161. SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
  162. SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
  163. SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
  164. SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
  165. SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
  166. SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  167.  
  168.  
  169. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  170.  
  171. DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
  172. DRV:[b]64bit:[/b] - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
  173. DRV:[b]64bit:[/b] - [2013/01/31 04:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
  174. DRV:[b]64bit:[/b] - [2012/12/16 06:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
  175. DRV:[b]64bit:[/b] - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
  176. DRV:[b]64bit:[/b] - [2012/10/10 22:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
  177. DRV:[b]64bit:[/b] - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
  178. DRV:[b]64bit:[/b] - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
  179. DRV:[b]64bit:[/b] - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
  180. DRV:[b]64bit:[/b] - [2012/06/16 23:31:18 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
  181. DRV:[b]64bit:[/b] - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
  182. DRV:[b]64bit:[/b] - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
  183. DRV:[b]64bit:[/b] - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
  184. DRV:[b]64bit:[/b] - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
  185. DRV:[b]64bit:[/b] - [2012/04/09 15:37:11 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
  186. DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
  187. DRV:[b]64bit:[/b] - [2012/01/02 20:54:59 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
  188. DRV:[b]64bit:[/b] - [2011/11/23 21:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
  189. DRV:[b]64bit:[/b] - [2011/11/16 22:38:00 | 000,218,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NSMx64\0203000.012\symrdrs.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
  190. DRV:[b]64bit:[/b] - [2011/11/04 18:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NOFx64\0203000.007\ccsetx64.sys -- (ccSet_NOF)
  191. DRV:[b]64bit:[/b] - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
  192. DRV:[b]64bit:[/b] - [2011/07/20 22:51:05 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
  193. DRV:[b]64bit:[/b] - [2011/07/20 22:51:05 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  194. DRV:[b]64bit:[/b] - [2011/06/09 21:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
  195. DRV:[b]64bit:[/b] - [2011/06/08 14:58:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
  196. DRV:[b]64bit:[/b] - [2011/05/25 11:55:58 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
  197. DRV:[b]64bit:[/b] - [2011/05/16 15:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
  198. DRV:[b]64bit:[/b] - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
  199. DRV:[b]64bit:[/b] - [2011/04/15 14:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
  200. DRV:[b]64bit:[/b] - [2011/04/14 11:01:46 | 000,020,888 | ---- | M] (Comodo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmdatp.sys -- (ATP)
  201. DRV:[b]64bit:[/b] - [2011/04/08 14:25:18 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
  202. DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
  203. DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
  204. DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
  205. DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
  206. DRV:[b]64bit:[/b] - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
  207. DRV:[b]64bit:[/b] - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
  208. DRV:[b]64bit:[/b] - [2010/10/15 04:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
  209. DRV:[b]64bit:[/b] - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
  210. DRV:[b]64bit:[/b] - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
  211. DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
  212. DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
  213. DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
  214. DRV:[b]64bit:[/b] - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
  215. DRV:[b]64bit:[/b] - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
  216. DRV:[b]64bit:[/b] - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
  217. DRV:[b]64bit:[/b] - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
  218. DRV:[b]64bit:[/b] - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
  219. DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
  220. DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
  221. DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
  222. DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
  223. DRV - [2012/11/19 03:57:24 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
  224. DRV - [2012/11/13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
  225. DRV - [2012/02/16 21:05:32 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120216.018\ex64.sys -- (NAVEX15)
  226. DRV - [2012/02/16 21:05:32 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120216.018\eng64.sys -- (NAVENG)
  227. DRV - [2012/02/04 03:05:15 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
  228. DRV - [2011/11/30 21:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120215.001\BHDrvx64.sys -- (BHDrvx64)
  229. DRV - [2011/11/30 18:49:05 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120216.002\IDSviA64.sys -- (IDSVia64)
  230. DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
  231.  
  232.  
  233. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  234.  
  235.  
  236. [color=#E56717]========== Internet Explorer ==========[/color]
  237.  
  238. IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  239. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0454D44B-184E-4A12-BADB-E55C5231DCBA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
  240. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
  241. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  242. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  243. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
  244. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
  245. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  246. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  247. IE - HKLM\..\SearchScopes\{0454D44B-184E-4A12-BADB-E55C5231DCBA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
  248. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
  249. IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  250. IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  251. IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
  252. IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
  253.  
  254. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
  255. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
  256. IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  257. IE - HKCU\..\SearchScopes\{0454D44B-184E-4A12-BADB-E55C5231DCBA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
  258. IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
  259. IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
  260. IE - HKCU\..\SearchScopes\{9E3E326C-2D3F-4D5B-816D-966A15E3C1C0}: "URL" = http://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
  261. IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
  262. IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
  263. IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
  264. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  265. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.192.120.67:3128
  266.  
  267. [color=#E56717]========== FireFox ==========[/color]
  268.  
  269. FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.8.0
  270. FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
  271. FF - user.js - File not found
  272.  
  273. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
  274. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
  275. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
  276. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  277. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
  278. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
  279. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
  280. FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
  281. FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
  282. FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnLvn: C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll (COMODO)
  283. FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnRdp: C:\Program Files\COMODO\Unite\NpRdpView.dll ( )
  284. FF - HKLM\Software\MozillaPlugins\@comodo.com/EasyvpnVnc: C:\Program Files\COMODO\Unite\NpVncView.dll ( )
  285. FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
  286. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
  287. FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  288. FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
  289. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  290. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  291. FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
  292. FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
  293. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ETHAN\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
  294. FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ETHAN\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
  295. FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
  296.  
  297. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012/02/04 11:25:33 | 000,000,000 | ---D | M]
  298. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013/05/30 16:43:16 | 000,000,000 | ---D | M]
  299. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.2.0.40\coFFFw\ [2012/04/22 01:08:00 | 000,000,000 | ---D | M]
  300. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
  301. FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
  302. FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
  303. FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
  304.  
  305. [2012/12/26 21:30:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Extensions
  306. [2012/05/21 00:24:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
  307. [2012/12/26 21:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
  308. [2012/06/11 20:29:20 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
  309. [2013/05/29 03:08:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Firefox\Profiles\9x84a5zj.default\extensions
  310. [2013/03/31 13:11:57 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Firefox\Profiles\9x84a5zj.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
  311. [2013/05/29 03:08:47 | 000,248,978 | ---- | M] () (No name found) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Firefox\Profiles\9x84a5zj.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
  312. [2013/05/10 21:26:47 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\ETHAN\AppData\Roaming\Mozilla\Firefox\Profiles\9x84a5zj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
  313. [2013/05/24 23:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
  314. [2013/05/24 23:52:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  315.  
  316. [color=#E56717]========== Chrome  ==========[/color]
  317.  
  318. CHR - default_search_provider: Google (Enabled)
  319. CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
  320. CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
  321. CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
  322. CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
  323. CHR - plugin: Native Client (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
  324. CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
  325. CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll
  326. CHR - plugin: Norton Confidential (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkkogpfmmfmppkbopdikooeibnjhfpi\2.3.0.18_0\npcoplgn.dll
  327. CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.14_0\plugins/npDefaultTabSearch.dll
  328. CHR - plugin: Norton Confidential (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
  329. CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
  330. CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
  331. CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
  332. CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
  333. CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
  334. CHR - plugin: Google Update (Enabled) = C:\Users\ETHAN\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
  335. CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
  336. CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
  337. CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
  338. CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
  339. CHR - Extension: OneTab = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnocfnjkmlljbfgpkbhefnlpbiemhif\1.0_0\
  340. CHR - Extension: General Crawler = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.6_0\
  341. CHR - Extension: AdBlock = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
  342. CHR - Extension: Website Logon = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\
  343. CHR - Extension: DefaultTab = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\
  344. CHR - Extension: Norton Safety Minder = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkkogpfmmfmppkbopdikooeibnjhfpi\2.3.0.18_0\
  345. CHR - Extension: Norton Identity Protection = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
  346. CHR - Extension: OneClickDownload = C:\Users\ETHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
  347.  
  348. O1 HOSTS File: ([2013/06/01 22:50:57 | 000,001,543 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  349. O1 - Hosts: 127.0.0.1 www.novirusthanks.org
  350. O1 - Hosts: 127.0.0.1 novirusthanks.org
  351. O1 - Hosts: 127.0.0.1 94.23.68.174
  352. O1 - Hosts: 127.0.0.1 vscan.novirusthanks.org
  353. O1 - Hosts: 127.0.0.1 www.vscan.novirusthanks.org
  354. O1 - Hosts: 127.0.0.1 188.165.234.50
  355. O1 - Hosts: 127.0.0.1 38.101.213.249
  356. O1 - Hosts: 127.0.0.1 virustotal.com
  357. O1 - Hosts: 127.0.0.1 www.virustotal.com
  358. O1 - Hosts: 127.0.0.1 virusscan.jotti.org
  359. O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org
  360. O1 - Hosts: 127.0.0.1 www.virscan.org
  361. O1 - Hosts: 127.0.0.1 virscan.org
  362. O1 - Hosts: 127.0.0.1 www.virus-trap.org
  363. O1 - Hosts: 127.0.0.1 virus-trap.org
  364. O1 - Hosts: 127.0.0.1 viruschief.com
  365. O1 - Hosts: 127.0.0.1 www.viruschief.com
  366. O1 - Hosts: 127.0.0.1 virus-trap.org
  367. O1 - Hosts: 127.0.0.1 metascan-online.com
  368. O1 - Hosts: 127.0.0.1 www.metascan-online.com
  369. O1 - Hosts: 127.0.0.1 jotti.org
  370. O1 - Hosts: 127.0.0.1 www.jotti.org
  371. O1 - Hosts: 127.0.0.1 virusscan.jotti.org
  372. O1 - Hosts: 127.0.0.1 www.virusscan.jotti.org
  373. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
  374. O2:[b]64bit:[/b] - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
  375. O2 - BHO: (OneTab Add-on) - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Users\ETHAN\AppData\Roaming\OneTab\OneTab.dll (OnPageAds)
  376. O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
  377. O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
  378. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
  379. O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\ETHAN\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
  380. O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
  381. O2 - BHO: (Norton Safety Minder BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Online\AddOns\Norton Safety Minder\Engine\2.3.0.18\coieplg.dll (Symantec Corporation)
  382. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
  383. O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
  384. O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
  385. O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
  386. O3 - HKLM\..\Toolbar: (DealBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\DealBulldog Toolbar\tbcore3.dll ()
  387. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
  388. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
  389. O4 - HKLM..\Run: []  File not found
  390. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
  391. O4 - HKCU..\Run: [] C:\Users\ETHAN\AppData\Roaming\Acrobat\.exe ()
  392. O4 - HKCU..\Run: [Acrobat] C:\Users\ETHAN\AppData\Roaming\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
  393. O4 - HKCU..\Run: [AdobeBridge]  File not found
  394. O4 - HKCU..\Run: [explorer] C:\Users\ETHAN\AppData\Roaming\Acrobat\explorer.exe ()
  395. O4 - HKCU..\Run: [FBUpdate32] C:\Users\ETHAN\AppData\Roaming\Acrobat\FBUpdate32.exe (Adobe Systems Incorporated)
  396. O4 - HKCU..\Run: [Google Update] C:\Users\ETHAN\AppData\Roaming\Google\GoogleUpdate.exe (Google Inc.)
  397. O4 - HKCU..\Run: [Java(TM) Platform Auto Updater] C:\Users\ETHAN\AppData\Roaming\Acrobat\Java(TM) Platform Auto Updater.exe (Microsoft Corporation)
  398. O4 - HKCU..\Run: [Java(TM) Platform SE Auto Updater] C:\Users\ETHAN\AppData\Roaming\Acrobat\Java(TM) Platform SE Auto Updater.exe ()
  399. O4 - HKCU..\Run: [Java(TM) Runtime SE Auto Updater] C:\Users\ETHAN\AppData\Roaming\Acrobat\Java(TM) Runtime SE Auto Updater.exe ()
  400. O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
  401. O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
  402. O4 - HKCU..\Run: [MicroUpdate] C:\Users\ETHAN\AppData\Local\Temp\MSDCSC\msdcsc.exe (Microsoft Corporation)
  403. O4 - HKCU..\Run: [MinecraftCrack.exe] C:\Users\ETHAN\Desktop\FUD CRYPT\MinecraftCrack.exe ()
  404. O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
  405. O4 - HKCU..\Run: [Spotify] C:\Users\ETHAN\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
  406. O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\ETHAN\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
  407. O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
  408. O4 - HKCU..\Run: [Synaptics Pointing Device Driver] C:\Users\ETHAN\AppData\Roaming\Acrobat\Synaptics Pointing Device Driver.exe (Microsoft Corporation)
  409. O4 - HKCU..\Run: [system32] C:\Users\ETHAN\AppData\Roaming\ajYsi\spoolsv.exe ()
  410. O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-JMB5D.exe ()
  411. O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
  412. O4 - Startup: C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2icSg1FvV1ct.exe (P7jrcvNktTg6)
  413. O4 - Startup: C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bnc3JbzUS9TN.exe (P7jrcvNktTg6)
  414. O4 - Startup: C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = C:\Users\ETHAN\AppData\Roaming\WindowsFiles\usft_ext.exe.vbs ()
  415. O4 - Startup: C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start Freenet.lnk = C:\Users\ETHAN\AppData\Local\Freenet\freenet.exe ()
  416. F3:[b]64bit:[/b] - HKCU WinNT: Load - (c:\users\ethan\dxxdeuuau.exe) - c:\Users\ETHAN\dxxdeuuau.exe (Ur)a&)
  417. F3 - HKCU WinNT: Load - (c:\users\ethan\dxxdeuuau.exe) - c:\Users\ETHAN\dxxdeuuau.exe (Ur)a&)
  418. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  419. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
  420. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  421. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  422. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
  423. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
  424. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
  425. O8:[b]64bit:[/b] - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
  426. O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
  427. O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
  428. O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
  429. O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
  430. O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
  431. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
  432. O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
  433. O13[b]64bit:[/b] - gopher Prefix: missing
  434. O13 - gopher Prefix: missing
  435. O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
  436. O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
  437. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
  438. O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
  439. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
  440. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
  441. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4740A2C6-A050-43B4-BF18-37F7A959AE78}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
  442. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAE42DC8-898A-4F8A-81DF-99042457DCA9}: DhcpNameServer = 8.8.8.8 8.8.4.4
  443. O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
  444. O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
  445. O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
  446. O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
  447. O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
  448. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
  449. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  450. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  451. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  452. O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
  453. O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
  454. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  455. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  456. O32 - HKLM CDRom: AutoRun - 1
  457. O32 - AutoRun File - [2011/07/20 16:00:19 | 000,000,156 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
  458. O33 - MountPoints2\{a69a95cf-2a29-11e1-9195-806e6f6e6963}\Shell - "" = AutoRun
  459. O33 - MountPoints2\{a69a95cf-2a29-11e1-9195-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011/07/20 16:00:03 | 004,032,632 | R--- | M] (Cisco Consumer Products LLC)
  460. O34 - HKLM BootExecute: (autocheck autochk *)
  461. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  462. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  463. O35 - HKLM\..comfile [open] -- "%1" %*
  464. O35 - HKLM\..exefile [open] -- "%1" %*
  465. O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
  466. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  467. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  468. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  469. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  470. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  471. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  472.  
  473. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  474.  
  475. [2013/06/02 03:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
  476. [2013/06/02 03:04:44 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\ajYsi
  477. [2013/06/01 23:41:25 | 001,157,632 | -HS- | C] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Roaming\1815941063.8.exe
  478. [2013/06/01 23:28:58 | 001,393,664 | -HS- | C] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Roaming\240263253.2.exe
  479. [2013/06/01 22:55:47 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Element Crypter Stubs
  480. [2013/06/01 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Windows Loader
  481. [2013/06/01 22:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nimoru
  482. [2013/06/01 13:24:21 | 000,753,664 | -HS- | C] (Adobe Systems Incorporated) -- C:\Users\ETHAN\AppData\Roaming\xsekq.exe
  483. [2013/06/01 00:14:01 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\iXMgX
  484. [2013/05/31 17:56:21 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Roaming\RLK6YCDQGA.exe
  485. [2013/05/31 09:18:00 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\AegisCrypter2.3
  486. [2013/05/31 04:16:56 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\WindowsFiles
  487. [2013/05/30 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Project Neptune v2.0
  488. [2013/05/30 16:19:25 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\Google
  489. [2013/05/30 16:09:41 | 000,673,792 | ---- | C] (Microsoft Corp.) -- C:\Users\ETHAN\Desktop\DarkComet Stub.exe
  490. [2013/05/30 15:57:44 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\DC2
  491. [2013/05/30 15:56:29 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Dark Comet 2
  492. [2013/05/30 00:14:46 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\2.6GB
  493. [2013/05/29 22:47:45 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Local\{833C279C-A05E-4A23-AE56-015C43B9429F}
  494. [2013/05/29 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\E whore
  495. [2013/05/29 22:20:30 | 000,000,000 | -HSD | C] -- C:\Users\ETHAN\AppData\Roaming\msnmsg
  496. [2013/05/29 22:06:58 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Jacheline
  497. [2013/05/29 20:58:16 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\PrivateTunnel
  498. [2013/05/29 20:49:51 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\VCW - Katy by illuminati™
  499. [2013/05/29 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Lilly Pics
  500. [2013/05/29 14:06:00 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\plugins
  501. [2013/05/29 12:31:03 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Media
  502. [2013/05/29 12:17:57 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\Reincubate
  503. [2013/05/29 12:17:57 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reincubate
  504. [2013/05/28 22:16:24 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\YouTube_files
  505. [2013/05/28 19:41:56 | 000,000,000 | -HSD | C] -- C:\Users\ETHAN\AppData\Roaming\Acrobat
  506. [2013/05/28 19:41:54 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\dclogs
  507. [2013/05/27 19:12:42 | 000,673,792 | ---- | C] (Microsoft Corp.) -- C:\Users\ETHAN\Desktop\Stub2.exe
  508. [2013/05/26 14:57:22 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\INI
  509. [2013/05/25 20:40:58 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Notes
  510. [2013/05/25 05:33:11 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\FUD CRYPT
  511. [2013/05/25 04:28:31 | 000,000,000 | R--D | C] -- C:\Sandbox
  512. [2013/05/25 04:27:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
  513. [2013/05/25 04:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
  514. [2013/05/25 02:37:32 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Users
  515. [2013/05/25 00:20:28 | 000,673,792 | ---- | C] (Microsoft Corp.) -- C:\Users\ETHAN\Desktop\stub.exe
  516. [2013/05/25 00:02:05 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Dark Comet
  517. [2013/05/24 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Local\Vitalwerks
  518. [2013/05/24 23:59:56 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
  519. [2013/05/24 23:59:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
  520. [2013/05/24 23:57:11 | 011,824,128 | ---- | C] (Unremote.org) -- C:\Users\ETHAN\Desktop\DarkComet.exe
  521. [2013/05/24 23:57:11 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Icons
  522. [2013/05/24 23:57:11 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Goodies
  523. [2013/05/24 23:57:11 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Celesty Binder
  524. [2013/05/24 23:57:10 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Spoof extensions
  525. [2013/05/24 23:57:10 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\skins
  526. [2013/05/24 23:57:10 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Plugins SRC
  527. [2013/05/24 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
  528. [2013/05/24 12:42:35 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\.Creative-Scape.net
  529. [2013/05/23 23:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\FlyVPN
  530. [2013/05/23 23:00:57 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyVPN
  531. [2013/05/23 23:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlyVPN
  532. [2013/05/23 22:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
  533. [2013/05/23 22:57:34 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Local\ManyCam
  534. [2013/05/23 22:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ManyCam
  535. [2013/05/23 22:57:31 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\ManyCam
  536. [2013/05/23 18:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
  537. [2013/05/23 18:20:31 | 000,020,888 | ---- | C] (Comodo, Inc.) -- C:\Windows\SysNative\drivers\cmdatp.sys
  538. [2013/05/23 18:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
  539. [2013/05/23 18:20:00 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\COMODO
  540. [2013/05/23 18:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
  541. [2013/05/22 14:09:07 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\2
  542. [2013/05/21 23:11:31 | 000,043,008 | ---- | C] (imgur) -- C:\Users\ETHAN\Documents\99str99rngbank.exe
  543. [2013/05/21 22:40:05 | 000,043,008 | ---- | C] (imgur) -- C:\Users\ETHAN\Documents\statsbankquests.exe
  544. [2013/05/21 22:31:52 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Local\Neptune
  545. [2013/05/21 19:05:01 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Desktop\Ghost Eye
  546. [2013/05/20 19:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
  547. [2013/05/20 19:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
  548. [2013/05/20 19:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
  549. [2013/05/19 13:45:00 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\Documents\Dose Files
  550. [2013/05/19 13:44:55 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Roaming\IDoser
  551. [2013/05/17 18:03:16 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
  552. [2013/05/17 18:03:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
  553. [2013/05/17 18:03:13 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
  554. [2013/05/17 18:03:13 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
  555. [2013/05/17 17:36:42 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
  556. [2013/05/17 17:36:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
  557. [2013/05/17 17:07:11 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
  558. [2013/05/17 17:07:11 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
  559. [2013/05/17 17:07:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
  560. [2013/05/17 17:07:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
  561. [2013/05/17 17:07:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
  562. [2013/05/17 17:07:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
  563. [2013/05/17 17:07:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
  564. [2013/05/17 17:07:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
  565. [2013/05/17 17:07:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
  566. [2013/05/17 17:07:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
  567. [2013/05/17 17:07:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
  568. [2013/05/17 17:07:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
  569. [2013/05/17 17:07:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
  570. [2013/05/17 17:07:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
  571. [2013/05/17 17:07:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
  572. [2013/05/12 16:30:51 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Local\{DFD9D4C8-1F95-48FF-9C50-CBCC86F43EC6}
  573. [2013/05/12 16:30:51 | 000,000,000 | ---D | C] -- C:\Users\ETHAN\AppData\Local\{6A9893DD-89F1-4168-B6E1-5CC1B6855DC3}
  574. [2013/05/11 15:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
  575. [2010/11/20 22:24:28 | 000,089,088 | -HS- | C] (Ur)a&) -- C:\Users\ETHAN\dxxdeuuau.exe
  576. [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  577.  
  578. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  579.  
  580. [2013/06/02 04:09:05 | 001,138,688 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\bsx.exe
  581. [2013/06/02 04:06:35 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790399010-2219903431-2364950627-1000UA.job
  582. [2013/06/02 03:44:41 | 000,000,512 | ---- | M] () -- C:\Users\ETHAN\Documents\MBR.dat
  583. [2013/06/02 03:32:22 | 000,712,264 | ---- | M] () -- C:\Windows\is-JMB5D.exe
  584. [2013/06/02 03:32:22 | 000,011,277 | ---- | M] () -- C:\Windows\is-JMB5D.msg
  585. [2013/06/02 03:32:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
  586. [2013/06/02 03:32:22 | 000,000,374 | ---- | M] () -- C:\Windows\is-JMB5D.lst
  587. [2013/06/02 03:31:13 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790399010-2219903431-2364950627-1004UA.job
  588. [2013/06/02 03:15:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  589. [2013/06/02 03:11:50 | 000,567,296 | ---- | M] () -- C:\Users\ETHAN\Desktop\comet.db
  590. [2013/06/02 03:09:45 | 000,000,032 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\bs1
  591. [2013/06/02 03:04:22 | 000,805,888 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\a69.exe
  592. [2013/06/02 02:04:40 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  593. [2013/06/02 02:04:40 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  594. [2013/06/02 00:45:10 | 000,005,070 | ---- | M] () -- C:\Users\ETHAN\Desktop\Windows Loader.zip.torrent
  595. [2013/06/02 00:34:31 | 003,876,638 | ---- | M] () -- C:\Users\ETHAN\Desktop\Windows 7 Loader v2.0.6 Reloaded.zip
  596. [2013/06/01 23:54:41 | 000,005,615 | ---- | M] () -- C:\Users\ETHAN\Desktop\config.ini
  597. [2013/06/01 23:41:25 | 001,157,632 | -HS- | M] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Roaming\1815941063.8.exe
  598. [2013/06/01 23:28:58 | 001,393,664 | -HS- | M] (Microsoft Corporation) -- C:\Users\ETHAN\AppData\Roaming\240263253.2.exe
  599. [2013/06/01 22:45:53 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790399010-2219903431-2364950627-1004Core.job
  600. [2013/06/01 22:44:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  601. [2013/06/01 13:24:22 | 000,753,664 | -HS- | M] (Adobe Systems Incorporated) -- C:\Users\ETHAN\AppData\Roaming\xsekq.exe
  602. [2013/06/01 12:06:32 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-790399010-2219903431-2364950627-1000Core.job
  603. [2013/06/01 11:01:09 | 000,255,488 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\1417930712.JavaRuntimeBinaries.exe
  604. [2013/06/01 10:57:48 | 001,157,632 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\150966535.Bitcoin-Qt Client.exe
  605. [2013/06/01 00:44:56 | 000,255,488 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\1982907864.Java Runtime binaries.exe
  606. [2013/06/01 00:43:44 | 001,157,632 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\2052185015.Bitcoin-Qt Client.exe
  607. [2013/06/01 00:13:53 | 000,805,888 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\BTC-m.exe
  608. [2013/05/31 22:01:11 | 001,157,632 | -HS- | M] () -- C:\Users\ETHAN\AppData\Roaming\bitcoin.exe
  609. [2013/05/31 17:56:00 | 001,393,664 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\s39tn.exe
  610. [2013/05/31 04:17:15 | 000,001,082 | ---- | M] () -- C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
  611. [2013/05/30 22:30:45 | 000,043,008 | ---- | M] () -- C:\Users\ETHAN\Desktop\PN Keylog.exe
  612. [2013/05/30 16:39:52 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
  613. [2013/05/30 16:09:41 | 000,673,792 | ---- | M] (Microsoft Corp.) -- C:\Users\ETHAN\Desktop\DarkComet Stub.exe
  614. [2013/05/30 14:41:14 | 000,479,744 | -H-- | M] () -- C:\Users\ETHAN\AppData\Roaming\76gci.exe
  615. [2013/05/29 22:04:09 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
  616. [2013/05/29 22:04:09 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
  617. [2013/05/29 22:04:09 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
  618. [2013/05/29 21:58:32 | 000,001,744 | ---- | M] () -- C:\Windows\Sandboxie.ini
  619. [2013/05/29 21:57:46 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForETHAN.job
  620. [2013/05/29 21:57:36 | 004,891,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
  621. [2013/05/29 20:57:43 | 000,002,288 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk
  622. [2013/05/29 20:57:43 | 000,001,353 | ---- | M] () -- C:\Users\Public\Desktop\PrivateTunnel.lnk
  623. [2013/05/29 14:13:10 | 000,000,456 | ---- | M] () -- C:\Users\ETHAN\Desktop\settings.dat
  624. [2013/05/29 14:13:10 | 000,000,058 | ---- | M] () -- C:\Users\ETHAN\Desktop\stats.dat
  625. [2013/05/29 14:13:10 | 000,000,058 | ---- | M] () -- C:\Users\ETHAN\Desktop\sockets.dat
  626. [2013/05/29 14:13:10 | 000,000,058 | ---- | M] () -- C:\Users\ETHAN\Desktop\id.dat
  627. [2013/05/29 12:18:00 | 000,001,246 | ---- | M] () -- C:\Users\ETHAN\Desktop\iPhone Backup Extractor.lnk
  628. [2013/05/28 22:16:55 | 000,160,699 | ---- | M] () -- C:\Users\ETHAN\Desktop\YouTube.htm
  629. [2013/05/28 18:02:22 | 000,000,967 | ---- | M] () -- C:\Users\ETHAN\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
  630. [2013/05/28 18:02:22 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
  631. [2013/05/28 09:58:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
  632. [2013/05/28 09:58:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
  633. [2013/05/27 19:12:42 | 000,673,792 | ---- | M] (Microsoft Corp.) -- C:\Users\ETHAN\Desktop\Stub2.exe
  634. [2013/05/26 12:02:06 | 000,480,768 | ---- | M] () -- C:\Users\ETHAN\Desktop\wfr.exe
  635. [2013/05/25 21:32:46 | 000,000,024 | ---- | M] () -- C:\Users\ETHAN\random.dat
  636. [2013/05/25 21:28:32 | 000,000,044 | ---- | M] () -- C:\Users\ETHAN\jagex_cl_runescape_LIVE.dat
  637. [2013/05/25 04:27:23 | 000,000,896 | ---- | M] () -- C:\Users\ETHAN\Desktop\Sandboxed Web Browser.lnk
  638. [2013/05/25 04:27:23 | 000,000,896 | ---- | M] () -- C:\Users\ETHAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
  639. [2013/05/25 00:20:28 | 000,673,792 | ---- | M] (Microsoft Corp.) -- C:\Users\ETHAN\Desktop\stub.exe
  640. [2013/05/24 23:40:12 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
  641. [2013/05/23 22:58:33 | 000,001,101 | ---- | M] () -- C:\Users\ETHAN\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
  642. [2013/05/23 17:54:59 | 000,001,780 | ---- | M] () -- C:\Users\ETHAN\Desktop\PeerBlock.lnk
  643. [2013/05/22 16:47:24 | 000,007,804 | ---- | M] () -- C:\Users\ETHAN\Documents\1.jpg
  644. [2013/05/22 00:28:52 | 001,576,960 | ---- | M] () -- C:\Users\ETHAN\Documents\99strrangebank.Exe
  645. [2013/05/22 00:14:10 | 000,043,008 | ---- | M] (imgur) -- C:\Users\ETHAN\Documents\99str99rngbank.exe
  646. [2013/05/22 00:04:05 | 000,076,014 | ---- | M] () -- C:\Users\ETHAN\Documents\original_vista_icons_files_jpg_file.png
  647. [2013/05/21 23:09:04 | 000,307,517 | ---- | M] () -- C:\Users\ETHAN\Documents\99str99rng.exe
  648. [2013/05/21 23:08:36 | 000,244,477 | ---- | M] () -- C:\Users\ETHAN\Documents\zo582.png
  649. [2013/05/21 22:43:55 | 000,172,032 | ---- | M] () -- C:\Users\ETHAN\Documents\statsbankquests.png.exe
  650. [2013/05/21 22:40:16 | 000,043,008 | ---- | M] (imgur) -- C:\Users\ETHAN\Documents\statsbankquests.exe
  651. [2013/05/21 19:05:25 | 000,007,599 | ---- | M] () -- C:\Users\ETHAN\AppData\Local\Resmon.ResmonCfg
  652. [2013/05/20 19:14:08 | 000,001,555 | ---- | M] () -- C:\Users\ETHAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
  653. [2013/05/20 18:24:46 | 000,000,044 | ---- | M] () -- C:\Users\ETHAN\jagex_cl_oldschool_LIVE.dat
  654. [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  655.  
  656. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  657.  
  658. [2013/06/02 03:44:41 | 000,000,512 | ---- | C] () -- C:\Users\ETHAN\Documents\MBR.dat
  659. [2013/06/02 03:32:22 | 000,712,264 | ---- | C] () -- C:\Windows\is-JMB5D.exe
  660. [2013/06/02 03:32:22 | 000,011,277 | ---- | C] () -- C:\Windows\is-JMB5D.msg
  661. [2013/06/02 03:32:22 | 000,000,374 | ---- | C] () -- C:\Windows\is-JMB5D.lst
  662. [2013/06/02 02:57:55 | 000,805,888 | -HS- | C] () -- C:\Users\ETHAN\AppData\Roaming\a69.exe
  663. [2013/06/02 00:45:08 | 000,005,070 | ---- | C] () -- C:\Users\ETHAN\Desktop\Windows Loader.zip.torrent
  664. [2013/06/02 00:34:30 | 003,876,638 | ---- | C] () -- C:\Users\ETHAN\Desktop\Windows 7 Loader v2.0.6 Reloaded.zip
  665. [2013/06/01 11:01:09 | 000,255,488 | -HS- | C] () -- C:\Users\ETHAN\AppData\Roaming\1417930712.JavaRuntimeBinaries.exe
  666. [2013/06/01 10:57:48 | 001,157,632 | -HS- | C] () -- C:\Users\ETHAN\AppData\Roaming\150966535.Bitcoin-Qt Client.exe
  667. [2013/06/01 00:44:56 | 000,255,488 | -HS- | C] () -- C:\Users\ETHAN\AppData\Roaming\1982907864.Java Runtime binaries.exe
  668. [2013/06/01 00:43:44 | 001,157,632 | -HS- | C] () -- C:\Users\ETHAN\AppData\Roaming\2052185015.Bitcoin-Qt Client.exe
  669. [2013/06/01 00:03:18 | 000,805,888 | -HS- | C] () -- C:\Users\ETHAN\AppData\Roaming\BTC-m.exe
  670. [2013/05/31 22:02:03 | 000,000,032 | ---- | C] () -- C:\Users\ETHAN\AppData\Roaming\bs1
  671. [2013/05/31 21:40:13 | 001,157,632 | -HS- | C] () -- C:\Users\ETHAN\AppData\Roaming\bitcoin.exe
  672. [2013/05/31 17:55:53 | 001,393,664 | ---- | C] () -- C:\Users\ETHAN\AppData\Roaming\s39tn.exe
  673. [2013/05/31 04:17:14 | 000,001,082 | ---- | C] () -- C:\Users\ETHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
  674. [2013/05/30 22:30:40 | 000,043,008 | ---- | C] () -- C:\Users\ETHAN\Desktop\PN Keylog.exe
  675. [2013/05/30 14:41:09 | 000,479,744 | -H-- | C] () -- C:\Users\ETHAN\AppData\Roaming\76gci.exe
  676. [2013/05/29 20:57:43 | 000,001,365 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivateTunnel.lnk
  677. [2013/05/29 20:57:43 | 000,001,353 | ---- | C] () -- C:\Users\Public\Desktop\PrivateTunnel.lnk
  678. [2013/05/29 20:57:42 | 000,002,288 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk
  679. [2013/05/29 14:13:10 | 000,000,058 | ---- | C] () -- C:\Users\ETHAN\Desktop\stats.dat
  680. [2013/05/29 14:13:10 | 000,000,058 | ---- | C] () -- C:\Users\ETHAN\Desktop\sockets.dat
  681. [2013/05/29 14:13:10 | 000,000,058 | ---- | C] () -- C:\Users\ETHAN\Desktop\id.dat
  682. [2013/05/29 14:06:00 | 000,000,456 | ---- | C] () -- C:\Users\ETHAN\Desktop\settings.dat
  683. [2013/05/29 12:17:59 | 000,001,246 | ---- | C] () -- C:\Users\ETHAN\Desktop\iPhone Backup Extractor.lnk
  684. [2013/05/28 22:16:20 | 000,160,699 | ---- | C] () -- C:\Users\ETHAN\Desktop\YouTube.htm
  685. [2013/05/26 12:01:57 | 000,480,768 | ---- | C] () -- C:\Users\ETHAN\Desktop\wfr.exe
  686. [2013/05/25 04:27:51 | 000,000,896 | ---- | C] () -- C:\Users\ETHAN\Desktop\Sandboxed Web Browser.lnk
  687. [2013/05/25 04:27:51 | 000,000,896 | ---- | C] () -- C:\Users\ETHAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
  688. [2013/05/25 04:27:48 | 000,001,744 | ---- | C] () -- C:\Windows\Sandboxie.ini
  689. [2013/05/25 00:02:39 | 000,005,615 | ---- | C] () -- C:\Users\ETHAN\Desktop\config.ini
  690. [2013/05/25 00:02:26 | 000,567,296 | ---- | C] () -- C:\Users\ETHAN\Desktop\comet.db
  691. [2013/05/24 23:57:11 | 001,198,612 | ---- | C] () -- C:\Users\ETHAN\Desktop\GeoIP.dat
  692. [2013/05/24 23:57:11 | 000,522,752 | ---- | C] () -- C:\Users\ETHAN\Desktop\sqlite3.dll
  693. [2013/05/24 23:56:02 | 024,235,051 | ---- | C] () -- C:\Users\ETHAN\Desktop\VPNS.rar
  694. [2013/05/24 23:56:00 | 019,347,721 | ---- | C] () -- C:\Users\ETHAN\Desktop\File Crypters.rar
  695. [2013/05/24 23:55:54 | 043,682,170 | ---- | C] () -- C:\Users\ETHAN\Desktop\DDos Tools.rar
  696. [2013/05/24 23:55:54 | 000,907,739 | ---- | C] () -- C:\Users\ETHAN\Desktop\Spreaders.rar
  697. [2013/05/24 23:55:54 | 000,160,037 | ---- | C] () -- C:\Users\ETHAN\Desktop\SQLi Helper.rar
  698. [2013/05/24 23:55:49 | 061,356,259 | ---- | C] () -- C:\Users\ETHAN\Desktop\RATS.rar
  699. [2013/05/24 23:55:49 | 003,945,684 | ---- | C] () -- C:\Users\ETHAN\Desktop\Keyloggers.rar
  700. [2013/05/24 23:55:48 | 007,470,954 | ---- | C] () -- C:\Users\ETHAN\Desktop\eBook's.rar
  701. [2013/05/24 23:55:47 | 001,127,875 | ---- | C] () -- C:\Users\ETHAN\Desktop\Icon Changer.rar
  702. [2013/05/24 23:55:47 | 000,060,057 | ---- | C] () -- C:\Users\ETHAN\Desktop\File Plumper.rar
  703. [2013/05/24 23:55:46 | 006,115,047 | ---- | C] () -- C:\Users\ETHAN\Desktop\Youtube Stuff.rar
  704. [2013/05/24 23:55:46 | 002,165,387 | ---- | C] () -- C:\Users\ETHAN\Desktop\Cracking Tools.rar
  705. [2013/05/24 23:55:46 | 001,448,331 | ---- | C] () -- C:\Users\ETHAN\Desktop\Dox Programs.rar
  706. [2013/05/24 23:55:46 | 000,854,610 | ---- | C] () -- C:\Users\ETHAN\Desktop\Spammers.zip
  707. [2013/05/24 23:55:46 | 000,232,116 | ---- | C] () -- C:\Users\ETHAN\Desktop\File Binder.rar
  708. [2013/05/24 23:55:42 | 060,478,825 | ---- | C] () -- C:\Users\ETHAN\Desktop\Other.zip
  709. [2013/05/24 23:55:41 | 004,459,453 | ---- | C] () -- C:\Users\ETHAN\Desktop\Other Games.zip
  710. [2013/05/24 23:55:39 | 027,116,333 | ---- | C] () -- C:\Users\ETHAN\Desktop\Minecraft.rar
  711. [2013/05/24 23:55:35 | 035,548,392 | ---- | C] () -- C:\Users\ETHAN\Desktop\Booters.rar
  712. [2013/05/24 23:40:12 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
  713. [2013/05/24 23:40:11 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
  714. [2013/05/23 22:58:33 | 000,001,101 | ---- | C] () -- C:\Users\ETHAN\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
  715. [2013/05/22 16:47:23 | 000,007,804 | ---- | C] () -- C:\Users\ETHAN\Documents\1.jpg
  716. [2013/05/22 00:28:51 | 001,576,960 | ---- | C] () -- C:\Users\ETHAN\Documents\99strrangebank.Exe
  717. [2013/05/22 00:03:53 | 000,076,014 | ---- | C] () -- C:\Users\ETHAN\Documents\original_vista_icons_files_jpg_file.png
  718. [2013/05/21 23:09:04 | 000,307,517 | ---- | C] () -- C:\Users\ETHAN\Documents\99str99rng.exe
  719. [2013/05/21 23:08:35 | 000,244,477 | ---- | C] () -- C:\Users\ETHAN\Documents\zo582.png
  720. [2013/05/21 22:43:55 | 000,172,032 | ---- | C] () -- C:\Users\ETHAN\Documents\statsbankquests.png.exe
  721. [2013/05/21 19:05:25 | 000,007,599 | ---- | C] () -- C:\Users\ETHAN\AppData\Local\Resmon.ResmonCfg
  722. [2013/05/20 19:14:08 | 000,001,555 | ---- | C] () -- C:\Users\ETHAN\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
  723. [2013/05/20 19:14:08 | 000,001,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
  724. [2013/03/23 20:43:50 | 000,000,046 | ---- | C] () -- C:\Users\ETHAN\jagex_cl_loginapplet_LIVE.dat
  725. [2013/03/21 18:41:38 | 000,000,044 | ---- | C] () -- C:\Users\ETHAN\jagex_cl_oldschool_LIVE.dat
  726. [2013/03/21 18:41:38 | 000,000,024 | ---- | C] () -- C:\Users\ETHAN\random.dat
  727. [2013/03/10 14:08:56 | 000,000,023 | ---- | C] () -- C:\Users\ETHAN\jagexappletviewer.preferences
  728. [2013/03/03 15:45:05 | 000,000,044 | ---- | C] () -- C:\Users\ETHAN\jagex_cl_runescape_LIVE.dat
  729. [2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
  730. [2012/12/23 15:15:03 | 000,002,886 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
  731. [2012/09/28 10:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
  732. [2012/07/26 01:03:30 | 000,000,408 | ---- | C] () -- C:\Users\ETHAN\openvpn-connect.json
  733. [2012/05/24 15:58:36 | 000,205,751 | ---- | C] () -- C:\Users\ETHAN\AppData\Local\census.cache
  734. [2012/05/24 15:58:06 | 000,112,779 | ---- | C] () -- C:\Users\ETHAN\AppData\Local\ars.cache
  735. [2012/05/24 15:42:09 | 000,000,036 | ---- | C] () -- C:\Users\ETHAN\AppData\Local\housecall.guid.cache
  736. [2012/05/19 14:04:00 | 000,001,456 | ---- | C] () -- C:\Users\ETHAN\AppData\Local\Adobe Save for Web 13.0 Prefs
  737. [2012/05/19 11:05:58 | 000,000,847 | ---- | C] () -- C:\Users\ETHAN\.recently-used.xbel
  738. [2012/05/05 23:35:03 | 000,000,632 | RHS- | C] () -- C:\Users\ETHAN\ntuser.pol
  739. [2012/03/06 21:36:38 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
  740. [2011/12/29 11:24:38 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\amd422codec.dll
  741. [2011/10/07 05:48:52 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
  742. [2011/07/09 01:58:18 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\mshac-opd.dll
  743. [2011/06/09 21:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
  744.  
  745. [color=#E56717]========== ZeroAccess Check ==========[/color]
  746.  
  747. [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  748.  
  749. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  750.  
  751. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  752.  
  753. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  754.  
  755. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  756.  
  757. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  758. "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
  759. "ThreadingModel" = Apartment
  760.  
  761. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  762. "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
  763. "ThreadingModel" = Apartment
  764.  
  765. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  766. "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  767. "ThreadingModel" = Free
  768.  
  769. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  770. "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
  771. "ThreadingModel" = Free
  772.  
  773. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  774. "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  775. "ThreadingModel" = Both
  776.  
  777. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  778.  
  779. [color=#E56717]========== LOP Check ==========[/color]
  780.  
  781. [2013/05/12 01:01:43 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\.minecraft
  782. [2013/03/22 09:45:23 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\.tribot
  783. [2013/06/02 03:04:45 | 000,000,000 | -HSD | M] -- C:\Users\ETHAN\AppData\Roaming\Acrobat
  784. [2013/06/02 03:05:00 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\ajYsi
  785. [2012/05/20 15:30:46 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Babylon
  786. [2012/05/24 07:06:34 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\BabylonToolbar
  787. [2013/05/29 21:52:51 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\BitTorrent
  788. [2012/05/04 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Blio
  789. [2012/05/11 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
  790. [2013/06/02 00:00:00 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\dclogs
  791. [2012/12/26 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\DefaultTab
  792. [2012/10/20 11:48:56 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Dojotech Software
  793. [2012/04/02 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\DVDVideoSoft
  794. [2013/05/19 16:35:21 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\IDoser
  795. [2012/06/01 00:56:43 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Image-Line
  796. [2013/06/01 00:14:20 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\iXMgX
  797. [2012/05/24 07:06:33 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\LimeWire
  798. [2012/06/08 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\LolClient
  799. [2012/05/23 16:20:32 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\LolClient2
  800. [2013/05/23 22:58:58 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\ManyCam
  801. [2012/12/26 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Media Finder
  802. [2013/05/29 22:20:30 | 000,000,000 | -HSD | M] -- C:\Users\ETHAN\AppData\Roaming\msnmsg
  803. [2012/12/26 21:30:58 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\OneTab
  804. [2012/03/23 20:02:28 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Opera
  805. [2012/05/11 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\PDAppFlex
  806. [2013/05/30 12:14:06 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\PrivateTunnel
  807. [2012/10/20 12:04:18 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\redsn0w
  808. [2013/05/29 12:17:57 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Reincubate
  809. [2013/06/02 04:45:52 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Spotify
  810. [2011/12/18 22:20:47 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Synaptics
  811. [2012/06/16 23:33:04 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\TrueCrypt
  812. [2013/06/02 04:48:28 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\uTorrent
  813. [2012/10/20 15:16:59 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\Windows Live Writer
  814. [2013/05/31 04:17:07 | 000,000,000 | ---D | M] -- C:\Users\ETHAN\AppData\Roaming\WindowsFiles
  815.  
  816. [color=#E56717]========== Purity Check ==========[/color]
  817.  
  818.  
  819.  
  820. [color=#E56717]========== Alternate Data Streams ==========[/color]
  821.  
  822. @Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:8927A071
  823.  
  824. < End of report >
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top