Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unknown malware [Solved]

Started by diinovo , Jul 13 2012 09:01 AM

This topic is locked

#1
diinovo

Posted 13 July 2012 - 09:01 AM

Member

Member
28 posts

I have windows 7 installed , I had this problem on my computer for some time I could not fix I have ran many different anti-virus and malware program can’t find malware
Update from Microsoft Will not download it stays there waiting to download for days
Anti-virus program cannot Wright to registry, cannot update eventually get infected stop working
Every few days it bogged down and impossible to use will not open documents, internet, or program it stops working I have to restart, I have to uninstall and re-install software to make work
I have done repair install of windows, No different
I do not know what the problem is if you can help be much appreciated
Thanks for your help

OTL logfile created on: 7/13/2012 11:54:45 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 69.02% Memory free
7.00 Gb Paging File | 5.06 Gb Available in Paging File | 72.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 92.11 Gb Free Space | 54.83% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.78 Gb Free Space | 36.73% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 379.77 Gb Free Space | 40.77% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 229.90 Gb Free Space | 49.36% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 23:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/07/12 05:48:50 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/15 19:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/04/10 17:38:57 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2011/06/24 14:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/13 00:35:54 | 000,405,736 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2011/01/13 00:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/01/12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SSU.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/20 00:53:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/20 00:52:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/13 16:03:14 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/13 16:03:10 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/13 16:03:02 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2007/10/13 20:47:12 | 000,053,248 | ---- | M] () -- C:\Program Files\Classic Menu for Office\ArmAccess.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/12 05:48:50 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/20 12:58:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/01/13 00:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/01/12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011/01/12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 11:45:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/23 16:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/01/13 00:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/12/21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/12/21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/12/21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/12/21 13:47:38 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/12/21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PortTalk.sys -- (PortTalk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 91 09 90 5C B5 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {5E3DD9B7-5DB3-443C-AED9-98B91906A19C}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
IE - HKCU\..\SearchScopes\{5E3DD9B7-5DB3-443C-AED9-98B91906A19C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...&ver=4.0.0.1550
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.740
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/17 13:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 10:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:43:17 | 000,000,000 | ---D | M]

[2011/12/16 11:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/07/12 05:48:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions
[2012/07/12 05:48:43 | 000,000,000 | ---D | M] (Ask.com Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\[email protected]
[2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\askcom.xml
[2012/01/20 12:30:53 | 000,000,984 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\filestube.xml
[2012/06/18 17:31:01 | 000,008,397 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\pdf-ebook-searches.xml
[2012/06/22 10:33:10 | 000,002,349 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender-1.xml
[2012/06/20 22:52:17 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender.xml
[2012/06/18 17:31:05 | 000,011,187 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\timeanddatecom.xml
[2012/06/22 10:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/10 17:49:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/06/17 19:47:06 | 000,004,539 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNJVK5V2.DEFAULT\EXTENSIONS\[email protected]
[2012/06/15 08:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2012/01/20 11:34:12 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/15 08:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/12 05:53:33 | 000,442,125 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 23:51:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/13 11:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentPortable
[2012/07/12 22:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidBIT Downloader
[2012/07/12 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5AC709BE-44AC-4AA8-88E7-CCE137CBB5FD}
[2012/07/12 05:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2012/07/12 05:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/07/12 05:48:10 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Webroot
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/11 10:03:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\updfiles
[2012/07/11 10:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/07/11 10:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/07/11 10:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/11 02:42:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/07/11 01:13:02 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/10 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7EEE5FEB-DC92-4ABF-955A-443B142A3FD8}
[2012/07/10 01:31:16 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Desktop\[Originals]
[2012/07/09 10:46:50 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/09 10:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/01 12:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2012/07/01 12:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2012/07/01 12:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2012/07/01 12:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/07/01 09:25:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/06/30 17:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 16:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 16:18:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/30 15:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/06/30 11:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
[2012/06/30 11:28:01 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2012/06/30 00:03:05 | 004,124,324 | ---- | C] (PC Tools) -- C:\Users\Administrator\Desktop\avinstall.exe.6iwtvof.partial
[2012/06/28 14:44:39 | 009,876,312 | ---- | C] (PC Tools ) -- C:\Users\Administrator\Desktop\tfinstall.exe
[2012/06/28 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCID
[2012/06/28 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Threat Expert
[2012/06/27 18:14:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\uTorrent
[2012/06/27 08:10:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/06/26 19:18:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/06/26 17:47:53 | 000,000,000 | ---D | C] -- C:\backup
[2012/06/25 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2012/06/25 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/06/25 22:15:44 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixVundo.exe
[2012/06/25 15:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/25 13:25:59 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/06/25 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/06/21 23:47:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials_files
[2012/06/21 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\How do I remove Internet Explorer 8 from Windows as a troubleshooting step_files
[2012/06/20 17:48:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/20 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New folder
[2012/06/20 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\PC Tool History
[2012/06/19 10:22:05 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2012/06/18 02:43:03 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/06/17 23:01:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/17 23:00:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/17 22:51:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/06/17 22:43:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/17 22:43:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/17 22:43:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/17 22:40:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/17 21:44:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/17 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/06/17 19:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[103 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 23:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/13 22:58:42 | 035,598,943 | ---- | M] () -- C:\Windows\System32\em002_32.dat
[2012/07/13 22:58:42 | 002,783,632 | ---- | M] () -- C:\Windows\System32\em023_32.dat
[2012/07/13 21:45:38 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/13 20:58:48 | 000,003,931 | ---- | M] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/13 20:58:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/13 01:00:05 | 000,001,696 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_L29D8A8323B924340A1A5184CC2E359B6.job
[2012/07/12 14:22:02 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 14:22:02 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 14:15:06 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/12 14:14:38 | 2817,380,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 13:43:04 | 000,007,308 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/12 06:20:20 | 000,089,094 | ---- | M] () -- C:\Windows\System32\em006_32.dat
[2012/07/12 05:53:33 | 000,442,125 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2012/07/12 05:48:49 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2012/07/11 21:44:08 | 001,103,622 | ---- | M] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:08 | 000,492,053 | ---- | M] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:08 | 000,252,560 | ---- | M] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:08 | 000,046,729 | ---- | M] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:08 | 000,038,604 | ---- | M] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:08 | 000,004,342 | ---- | M] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 21:44:07 | 000,714,995 | ---- | M] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:43:57 | 000,521,149 | ---- | M] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:43:57 | 000,055,770 | ---- | M] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 12:57:56 | 000,001,732 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/07/11 07:44:48 | 000,000,000 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 02:08:53 | 012,320,768 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2012/07/11 01:57:33 | 001,346,640 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/11 01:13:02 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/11 01:11:44 | 000,050,206 | ---- | M] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/10 08:25:59 | 000,002,873 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 12.lnk
[2012/07/09 11:10:33 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/07/09 10:53:10 | 000,000,047 | RH-- | M] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/09 10:46:50 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 09:49:40 | 000,000,948 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/07/01 12:26:50 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/07/01 09:25:32 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/06/30 22:30:48 | 001,110,476 | ---- | M] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/06/30 00:23:35 | 004,124,324 | ---- | M] (PC Tools) -- C:\Users\Administrator\Desktop\avinstall.exe.6iwtvof.partial
[2012/06/28 15:00:51 | 009,876,312 | ---- | M] (PC Tools ) -- C:\Users\Administrator\Desktop\tfinstall.exe
[2012/06/28 14:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\Desktop\TEMSSetup-x32.exe.d8aeaub.partial
[2012/06/27 08:49:08 | 000,007,608 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/06/26 22:41:46 | 012,569,784 | ---- | M] () -- C:\Users\Administrator\Desktop\SysinternalsSuite.zip
[2012/06/25 22:15:45 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixVundo.exe
[2012/06/24 16:30:24 | 000,000,712 | ---- | M] () -- C:\Users\Administrator\Desktop\Temp Progrm - Shortcut.lnk
[2012/06/24 09:03:27 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/06/23 15:28:16 | 000,331,776 | ---- | M] () -- C:\Users\Administrator\Documents\Database1.accdb
[2012/06/22 17:39:34 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/22 14:37:26 | 000,043,008 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2012/06/21 23:48:23 | 000,638,489 | ---- | M] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 9.mht
[2012/06/21 23:47:42 | 000,052,266 | ---- | M] () -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials.htm
[2012/06/21 23:41:33 | 000,723,379 | ---- | M] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 8 from Windows 7.mht
[2012/06/21 23:40:17 | 000,138,219 | ---- | M] () -- C:\Users\Administrator\Desktop\How do I remove Internet Explorer 8 from Windows as a troubleshooting step.htm
[2012/06/21 17:43:09 | 000,584,650 | ---- | M] () -- C:\Users\Administrator\Desktop\How do I install or uninstall Internet Explorer 9.mht
[2012/06/21 17:29:01 | 001,232,438 | ---- | M] () -- C:\Users\Administrator\Desktop\Prerequisites for installing Internet Explorer 9.mht
[2012/06/20 17:23:47 | 000,940,100 | ---- | M] () -- C:\Users\Administrator\Desktop\How To Easily Repair Windows 7 Boot Problems Using Startup Repair.mht
[2012/06/20 00:50:10 | 000,431,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/19 23:37:11 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/19 23:37:11 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/19 23:36:14 | 000,961,020 | ---- | M] () -- C:\Users\Administrator\Documents\Scan 19-6.htm
[2012/06/19 13:14:03 | 000,000,008 | RHS- | M] () -- C:\ProgramData\8510DB6088.sys
[2012/06/19 12:17:31 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/06/19 12:17:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/06/17 22:57:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120621-154314.backup
[2012/06/17 21:43:57 | 331,086,892 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/16 17:45:51 | 000,014,848 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[103 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 05:53:29 | 000,001,696 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_L29D8A8323B924340A1A5184CC2E359B6.job
[2012/07/12 05:48:49 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus.lnk
[2012/07/11 21:44:09 | 035,598,943 | ---- | C] () -- C:\Windows\System32\em002_32.dat
[2012/07/11 21:44:09 | 002,783,632 | ---- | C] () -- C:\Windows\System32\em023_32.dat
[2012/07/11 21:44:09 | 001,103,622 | ---- | C] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:09 | 000,714,995 | ---- | C] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:44:09 | 000,521,149 | ---- | C] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:44:09 | 000,492,053 | ---- | C] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:09 | 000,252,560 | ---- | C] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:09 | 000,089,094 | ---- | C] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:09 | 000,055,770 | ---- | C] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 21:44:09 | 000,046,729 | ---- | C] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:09 | 000,038,604 | ---- | C] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:09 | 000,004,342 | ---- | C] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 10:02:28 | 000,003,931 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/11 10:02:27 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/11 02:47:41 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 01:11:44 | 000,050,206 | ---- | C] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/09 10:05:04 | 000,000,047 | RH-- | C] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/01 12:25:30 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/01 12:25:29 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/01 12:15:36 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/07/01 09:54:20 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/30 22:30:47 | 001,110,476 | ---- | C] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/06/30 15:23:35 | 000,001,732 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/06/28 14:47:06 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\Desktop\TEMSSetup-x32.exe.d8aeaub.partial
[2012/06/26 22:40:24 | 012,569,784 | ---- | C] () -- C:\Users\Administrator\Desktop\SysinternalsSuite.zip
[2012/06/24 16:30:24 | 000,000,712 | ---- | C] () -- C:\Users\Administrator\Desktop\Temp Progrm - Shortcut.lnk
[2012/06/22 17:39:34 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/22 10:57:47 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/21 23:48:21 | 000,638,489 | ---- | C] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 9.mht
[2012/06/21 23:47:38 | 000,052,266 | ---- | C] () -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials.htm
[2012/06/21 23:41:32 | 000,723,379 | ---- | C] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 8 from Windows 7.mht
[2012/06/21 23:40:16 | 000,138,219 | ---- | C] () -- C:\Users\Administrator\Desktop\How do I remove Internet Explorer 8 from Windows as a troubleshooting step.htm
[2012/06/21 17:43:07 | 000,584,650 | ---- | C] () -- C:\Users\Administrator\Desktop\How do I install or uninstall Internet Explorer 9.mht
[2012/06/21 17:28:58 | 001,232,438 | ---- | C] () -- C:\Users\Administrator\Desktop\Prerequisites for installing Internet Explorer 9.mht
[2012/06/20 17:23:47 | 000,940,100 | ---- | C] () -- C:\Users\Administrator\Desktop\How To Easily Repair Windows 7 Boot Problems Using Startup Repair.mht
[2012/06/20 11:47:12 | 000,512,992 | ---- | C] () -- C:\Users\Administrator\Desktop\sdsetup.exe
[2012/06/19 23:36:03 | 000,961,020 | ---- | C] () -- C:\Users\Administrator\Documents\Scan 19-6.htm
[2012/06/19 13:14:03 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys
[2012/06/19 12:17:23 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/06/19 12:17:23 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/06/17 22:43:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/17 22:43:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/17 22:43:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/17 22:43:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/17 22:43:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/17 21:43:57 | 331,086,892 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0611.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0559.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0536.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0520.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0512.old
[2012/04/17 22:48:02 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2012/04/10 17:53:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/04/01 23:45:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/03/19 13:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/02/02 14:32:01 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/01/30 23:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/24 21:53:30 | 000,000,564 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 15:48:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/20 15:47:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/17 10:50:09 | 000,000,948 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/01/17 10:50:09 | 000,000,154 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/01/17 10:49:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/01/17 10:49:34 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/17 10:48:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/01/17 10:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/12 08:13:33 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/06 18:40:15 | 000,014,848 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2012/01/02 22:44:39 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2011/12/21 21:03:43 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/12/16 11:00:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/11 11:39:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/11 11:37:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/12/10 20:34:27 | 000,007,308 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/10 20:27:15 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2011/12/08 04:22:23 | 012,320,768 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/11/22 03:55:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/28 03:00:11 | 000,001,194 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== LOP Check ==========

[2011/12/13 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/03/13 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AutoHideIP
[2012/01/30 23:11:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZip21F0_RealHideIP.exe
[2012/01/30 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZipF38_RealHideIP.exe
[2012/03/17 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip152_RealHideIP.exe
[2012/03/17 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip1C1F2_RealHideIP.exe
[2011/12/24 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip10113_PlatinumHideIP.exe
[2011/12/24 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip16361_PlatinumHideIP.exe
[2011/12/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip20166_PlatinumHideIP.exe
[2011/12/24 12:13:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip213D0_PlatinumHideIP.exe
[2011/12/24 12:17:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip2523B_PlatinumHideIP.exe
[2011/12/24 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip15199_PlatinumHideIP.exe
[2011/12/24 12:59:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip152D4_PlatinumHideIP.exe
[2011/12/24 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip1C3C4_PlatinumHideIP.exe
[2012/04/07 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1B394_jZip2F272_HideIPEasy.exe
[2012/03/13 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25279_jZipC396_RealHideIP.exe
[2012/04/03 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip1A21_HideIPEasy.exe
[2012/04/03 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip223C1_HideIPEasy.exe
[2012/04/03 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip3747_HideIPEasy.exe
[2011/12/24 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip151F0_PlatinumHideIP.exe
[2011/12/24 12:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip171D7_PlatinumHideIP.exe
[2011/12/24 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1826F_PlatinumHideIP.exe
[2011/12/24 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1BD8_PlatinumHideIP.exe
[2011/12/24 12:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip24320_PlatinumHideIP.exe
[2011/12/24 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip28B7_PlatinumHideIP.exe
[2011/12/24 12:50:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip2A2A0_PlatinumHideIP.exe
[2011/12/24 12:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip3A257_PlatinumHideIP.exe
[2012/04/03 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip141E1_PlatinumHideIP.exe
[2012/04/03 23:20:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip3217_PlatinumHideIP.exe
[2012/01/30 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip1E306_RealHideIP.exe
[2012/01/30 23:26:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip2F136_RealHideIP.exe
[2012/04/03 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3115C_jZip35E1_RealHideIP.exe
[2012/02/01 11:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip322E5_jZipD37F_RealHideIP.exe
[2012/03/13 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip11215_RealHideIP.exe
[2012/03/13 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip211AF_RealHideIP.exe
[2012/03/13 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip376C_jZip102E6_HideIPEasy.exe
[2012/03/13 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3B32E_jZip203C_RealHideIP.exe
[2012/04/03 23:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip142D0_PlatinumHideIP.exe
[2012/04/03 23:26:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip5131_PlatinumHideIP.exe
[2011/12/18 12:20:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZip2FB5_PlatinumHideIP.exe
[2011/12/18 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZipA91_PlatinumHideIP.exe
[2012/05/06 11:44:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/02/02 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012/07/11 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/04/03 23:55:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Hide IP Easy v5.1.3.8 + Crack (Srkfan-Invicta RG)_Crack_HideIPEasy.exe
[2012/01/30 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Platinum.Hide.IP.3.0.9.2_incl.Cracked.By.ScoRPioN2_CRACK_PlatinumHideIP.exe
[2012/04/01 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2012/04/06 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HideIPEasy
[2012/03/18 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2012/03/12 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2011/12/16 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/12/16 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012/03/26 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2011/12/18 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlatinumHideIP
[2012/03/12 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2012/01/21 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/12/21 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/12/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SurfAnonymousFree
[2012/06/17 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/03/14 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2012/04/03 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypeItReadIt
[2012/06/18 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/12/11 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
[2012/03/12 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2012/07/12 14:15:06 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2012/07/13 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/06/17 22:54:49 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/13 01:00:05 | 000,001,696 | ---- | M] () -- C:\Windows\Tasks\wrSpySweeper_L29D8A8323B924340A1A5184CC2E359B6.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 266 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:64FFFDC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

#2
CompCav

Posted 21 July 2012 - 08:33 AM

Member 5k

Expert
12,454 posts

Hi, diinovo! Posted Image

My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Since it has been several days since your logs were posted, we need fresh logs. Please delete your current copy of OTL and download a fresh one as directed in Step. 2.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.

Step 2.

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select Scan All Users
Select Lop Check and Purity Check
]*[Under Extra Registry select Use SafeList
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
CREATERESTOREPOINT
Click the [u]Run Scan[/u] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.

#3
diinovo

Posted 22 July 2012 - 01:21 AM

Member

Topic Starter
Member
28 posts

Update on issues

Dear Mr. CompCav Thanks for you help
No much change since last report, I have not done much on computer except some internet use, and some download problems.
When running the “aswMBR.exe” scan froze a few times (3/4)? and needed re-start, it also seemed to take long time, 15/ 20 ? minutes, only mention this for your info if it helps with problem if is not normal.
I hope it helps. Thank You Very Very much for you help, Awaiting for you reply

aswMBR.log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 15:53:18
-----------------------------
15:53:18.281 OS Version: Windows 6.1.7601 Service Pack 1
15:53:18.281 Number of processors: 2 586 0xF0B
15:53:18.281 ComputerName: KHAN UserName:
15:53:21.635 Initialize success
15:53:25.832 AVAST engine defs: 12072101
15:53:29.139 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:53:29.186 Disk 0 Vendor: ST3320613AS CC2J Size: 305245MB BusType: 11
15:53:29.217 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
15:53:29.217 Disk 1 Vendor: ST3500418AS CC35 Size: 476940MB BusType: 11
15:53:29.217 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T0L0-6
15:53:29.217 Disk 2 Vendor: WDC_WD10EARS-00MVWB0 51.0AB51 Size: 953869MB BusType: 11
15:53:29.357 Disk 0 MBR read successfully
15:53:29.373 Disk 0 MBR scan
15:53:29.420 Disk 0 Windows 7 default MBR code
15:53:29.466 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 133209 MB offset 2048
15:53:29.482 Disk 0 Partition - 00 0F Extended LBA 172031 MB offset 272815830
15:53:29.513 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 172031 MB offset 272815893
15:53:29.607 Disk 0 scanning sectors +625137345
15:53:30.293 Disk 0 scanning C:\Windows\system32\drivers
15:53:57.000 Service scanning
15:54:04.613 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
15:54:04.629 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
15:54:04.738 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
15:54:04.754 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
15:54:21.711 Modules scanning
15:54:34.472 Disk 0 trace - called modules:
15:54:34.519 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
15:54:34.519 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87982030]
15:54:34.534 3 CLASSPNP.SYS[847af59e] -> nt!IofCallDriver -> [0x8742b638]
15:54:34.534 5 ACPI.sys[846b63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8748f030]
15:54:38.996 AVAST engine scan C:\Windows
15:54:46.671 AVAST engine scan C:\Windows\system32
15:58:19.596 AVAST engine scan C:\Windows\system32\drivers
15:58:37.177 AVAST engine scan C:\Users\Administrator
16:05:34.859 AVAST engine scan C:\ProgramData
16:08:02.139 Scan finished successfully
16:09:41.495 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
16:09:41.511 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
----------------------------------------------------------------

OTL.txt

OTL logfile created on: 7/22/2012 4:02:53 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 59.86% Memory free
7.00 Gb Paging File | 5.60 Gb Available in Paging File | 80.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 89.53 Gb Free Space | 53.29% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.78 Gb Free Space | 36.73% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 379.39 Gb Free Space | 40.73% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 229.88 Gb Free Space | 49.36% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 14:03:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
PRC - [2012/07/13 23:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/20 12:58:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/01/13 00:35:52 | 000,069,864 | ---- | M] (SANDBOXIE L.T.D) [Auto | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/14 17:14:02 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 11:45:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/23 16:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2011/01/13 00:35:48 | 000,125,672 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PortTalk.sys -- (PortTalk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 91 09 90 5C B5 CC 01 [binary data]
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes,DefaultScope = {5E3DD9B7-5DB3-443C-AED9-98B91906A19C}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{5E3DD9B7-5DB3-443C-AED9-98B91906A19C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...&ver=4.0.0.1550
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.740
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/17 13:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 10:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:43:17 | 000,000,000 | ---D | M]

[2011/12/16 11:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/07/22 09:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions
[2012/07/22 09:29:35 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\askcom.xml
[2012/01/20 12:30:53 | 000,000,984 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\filestube.xml
[2012/07/22 08:50:40 | 000,008,397 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\pdf-ebook-searches.xml
[2012/06/22 10:33:10 | 000,002,349 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender-1.xml
[2012/06/20 22:52:17 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender.xml
[2012/07/22 08:50:44 | 000,011,187 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\timeanddatecom.xml
[2012/07/14 18:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/10 17:49:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/14 17:15:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/07/14 17:15:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/06/17 19:47:06 | 000,004,539 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNJVK5V2.DEFAULT\EXTENSIONS\[email protected]
[2012/06/15 08:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2012/01/20 11:34:12 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/15 08:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/12 05:53:33 | 000,442,125 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 13:58:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/07/22 09:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2012/07/22 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Conduit
[2012/07/22 09:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/07/22 09:23:23 | 000,895,376 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Administrator\Desktop\uTorrent.exe
[2012/07/21 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B42E99A-C774-4B30-A6A8-4E9B0068AA3F}
[2012/07/21 11:19:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87C36CEE-6B0B-4DA2-AC10-17F64D3E4884}
[2012/07/21 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{216668E3-9816-4658-9300-2D02617788E1}
[2012/07/21 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5106A4A-9C0E-4EAE-8B6C-6B2BC42944E5}
[2012/07/21 10:08:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5304FB6-D9CA-4DEF-BBC8-15965A4ECACD}
[2012/07/21 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{3B87E682-8AD7-419C-932C-E0B5AABA77FA}
[2012/07/21 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{40BB17BB-953F-40F7-B01A-79372BA6EAC5}
[2012/07/21 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5F9EC55-211B-4841-8B7F-C16A6217385D}
[2012/07/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{263F4AB0-90AC-4623-B2CB-C472E17990A0}
[2012/07/20 17:30:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C4FBF46A-1DE8-4EB8-B36C-832FCE8E7AC4}
[2012/07/16 11:55:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\CCWin
[2012/07/14 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/07/14 17:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/14 17:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/07/14 17:14:02 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/07/14 17:04:49 | 000,638,976 | ---- | C] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2012/07/13 23:51:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/13 11:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentPortable
[2012/07/12 22:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidBIT Downloader
[2012/07/12 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5AC709BE-44AC-4AA8-88E7-CCE137CBB5FD}
[2012/07/12 05:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/11 10:03:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\updfiles
[2012/07/11 02:42:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/07/11 01:13:02 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/10 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7EEE5FEB-DC92-4ABF-955A-443B142A3FD8}
[2012/07/10 01:31:16 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Desktop\[Originals]
[2012/07/09 10:46:50 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/09 10:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/07 23:00:02 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/01 12:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2012/07/01 12:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2012/07/01 12:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2012/07/01 12:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/06/30 17:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 16:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 16:18:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/30 15:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/06/30 11:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
[2012/06/30 11:28:01 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2012/06/30 00:03:05 | 004,124,324 | ---- | C] (PC Tools) -- C:\Users\Administrator\Desktop\avinstall.exe.6iwtvof.partial
[2012/06/28 14:44:39 | 009,876,312 | ---- | C] (PC Tools ) -- C:\Users\Administrator\Desktop\tfinstall.exe
[2012/06/28 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCID
[2012/06/28 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Threat Expert
[2012/06/27 18:14:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\uTorrent
[2012/06/27 08:10:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/06/26 19:18:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/06/26 17:47:53 | 000,000,000 | ---D | C] -- C:\backup
[2012/06/25 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2012/06/25 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/06/25 22:15:44 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixVundo.exe
[2012/06/25 15:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/25 13:25:59 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/06/25 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[102 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 15:14:36 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/07/22 14:59:33 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 14:59:33 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 14:52:12 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/22 14:51:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 14:51:53 | 2817,380,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 14:26:55 | 000,001,880 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/07/22 14:03:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/07/22 12:35:31 | 000,041,097 | ---- | M] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/22 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/22 09:27:42 | 000,000,965 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/22 09:23:29 | 000,895,376 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Administrator\Desktop\uTorrent.exe
[2012/07/20 20:52:45 | 000,018,706 | ---- | M] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | M] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/16 10:08:16 | 000,007,308 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/14 18:38:09 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/14 18:01:51 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012/07/14 18:01:51 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012/07/14 17:16:37 | 000,017,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:14:02 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/07/14 17:04:26 | 000,638,976 | ---- | M] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | M] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/14 09:23:05 | 002,784,732 | ---- | M] () -- C:\Windows\System32\em023_32.dat
[2012/07/14 09:23:04 | 035,604,120 | ---- | M] () -- C:\Windows\System32\em002_32.dat
[2012/07/13 23:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/12 06:20:20 | 000,089,094 | ---- | M] () -- C:\Windows\System32\em006_32.dat
[2012/07/12 05:53:33 | 000,442,125 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2012/07/11 21:44:08 | 001,103,622 | ---- | M] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:08 | 000,492,053 | ---- | M] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:08 | 000,252,560 | ---- | M] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:08 | 000,046,729 | ---- | M] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:08 | 000,038,604 | ---- | M] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:08 | 000,004,342 | ---- | M] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 21:44:07 | 000,714,995 | ---- | M] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:43:57 | 000,521,149 | ---- | M] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:43:57 | 000,055,770 | ---- | M] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 07:44:48 | 000,000,000 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 02:08:53 | 012,320,768 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2012/07/11 01:57:33 | 001,346,640 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/11 01:13:02 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/11 01:11:44 | 000,050,206 | ---- | M] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/10 08:25:59 | 000,002,873 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 12.lnk
[2012/07/09 10:53:10 | 000,000,047 | RH-- | M] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/09 10:46:50 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/07 23:00:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/07 23:00:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 09:49:40 | 000,000,948 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/07/01 12:26:50 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/06/30 22:30:48 | 001,110,476 | ---- | M] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/06/30 00:23:35 | 004,124,324 | ---- | M] (PC Tools) -- C:\Users\Administrator\Desktop\avinstall.exe.6iwtvof.partial
[2012/06/28 15:00:51 | 009,876,312 | ---- | M] (PC Tools ) -- C:\Users\Administrator\Desktop\tfinstall.exe
[2012/06/28 14:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\Desktop\TEMSSetup-x32.exe.d8aeaub.partial
[2012/06/27 08:49:08 | 000,007,608 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/06/26 22:41:46 | 012,569,784 | ---- | M] () -- C:\Users\Administrator\Desktop\SysinternalsSuite.zip
[2012/06/25 22:15:45 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixVundo.exe
[2012/06/24 16:30:24 | 000,000,712 | ---- | M] () -- C:\Users\Administrator\Desktop\Temp Progrm - Shortcut.lnk
[2012/06/24 09:03:27 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/06/23 15:28:16 | 000,331,776 | ---- | M] () -- C:\Users\Administrator\Documents\Database1.accdb
[2012/06/22 17:39:34 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[102 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 12:35:31 | 000,041,097 | ---- | C] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/22 09:27:42 | 000,000,965 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/20 20:52:45 | 000,018,706 | ---- | C] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | C] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 17:16:34 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:15:14 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/07/14 17:15:14 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | C] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/11 21:44:09 | 035,604,120 | ---- | C] () -- C:\Windows\System32\em002_32.dat
[2012/07/11 21:44:09 | 002,784,732 | ---- | C] () -- C:\Windows\System32\em023_32.dat
[2012/07/11 21:44:09 | 001,103,622 | ---- | C] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:09 | 000,714,995 | ---- | C] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:44:09 | 000,521,149 | ---- | C] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:44:09 | 000,492,053 | ---- | C] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:09 | 000,252,560 | ---- | C] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:09 | 000,089,094 | ---- | C] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:09 | 000,055,770 | ---- | C] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 21:44:09 | 000,046,729 | ---- | C] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:09 | 000,038,604 | ---- | C] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:09 | 000,004,342 | ---- | C] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 10:02:28 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/11 10:02:27 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/11 02:47:41 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 01:11:44 | 000,050,206 | ---- | C] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/09 10:05:04 | 000,000,047 | RH-- | C] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/01 12:25:30 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/01 12:25:29 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/01 12:15:36 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/07/01 09:54:20 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/30 22:30:47 | 001,110,476 | ---- | C] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/06/30 15:23:35 | 000,001,880 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/06/28 14:47:06 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\Desktop\TEMSSetup-x32.exe.d8aeaub.partial
[2012/06/26 22:40:24 | 012,569,784 | ---- | C] () -- C:\Users\Administrator\Desktop\SysinternalsSuite.zip
[2012/06/24 16:30:24 | 000,000,712 | ---- | C] () -- C:\Users\Administrator\Desktop\Temp Progrm - Shortcut.lnk
[2012/06/22 17:39:34 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/19 13:14:03 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0611.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0559.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0536.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0520.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0512.old
[2012/04/17 22:48:02 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2012/04/10 17:53:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/04/01 23:45:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/03/19 13:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/02/02 14:32:01 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/01/30 23:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/24 21:53:30 | 000,000,564 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 15:48:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/20 15:47:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/17 10:50:09 | 000,000,948 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/01/17 10:50:09 | 000,000,154 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/01/17 10:49:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/01/17 10:49:34 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/17 10:48:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/01/17 10:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/12 08:13:33 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/06 18:40:15 | 000,014,848 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2012/01/02 22:44:39 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2011/12/21 21:03:43 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/12/16 11:00:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/11 11:39:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/11 11:37:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/12/10 20:34:27 | 000,007,308 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/10 20:27:15 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2011/12/08 04:22:23 | 012,320,768 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/11/22 03:55:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/28 03:00:11 | 000,001,194 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

========== LOP Check ==========

[2011/12/13 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/03/13 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AutoHideIP
[2012/01/30 23:11:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZip21F0_RealHideIP.exe
[2012/01/30 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZipF38_RealHideIP.exe
[2012/03/17 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip152_RealHideIP.exe
[2012/03/17 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip1C1F2_RealHideIP.exe
[2011/12/24 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip10113_PlatinumHideIP.exe
[2011/12/24 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip16361_PlatinumHideIP.exe
[2011/12/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip20166_PlatinumHideIP.exe
[2011/12/24 12:13:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip213D0_PlatinumHideIP.exe
[2011/12/24 12:17:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip2523B_PlatinumHideIP.exe
[2011/12/24 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip15199_PlatinumHideIP.exe
[2011/12/24 12:59:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip152D4_PlatinumHideIP.exe
[2011/12/24 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip1C3C4_PlatinumHideIP.exe
[2012/04/07 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1B394_jZip2F272_HideIPEasy.exe
[2012/03/13 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25279_jZipC396_RealHideIP.exe
[2012/04/03 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip1A21_HideIPEasy.exe
[2012/04/03 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip223C1_HideIPEasy.exe
[2012/04/03 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip3747_HideIPEasy.exe
[2011/12/24 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip151F0_PlatinumHideIP.exe
[2011/12/24 12:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip171D7_PlatinumHideIP.exe
[2011/12/24 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1826F_PlatinumHideIP.exe
[2011/12/24 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1BD8_PlatinumHideIP.exe
[2011/12/24 12:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip24320_PlatinumHideIP.exe
[2011/12/24 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip28B7_PlatinumHideIP.exe
[2011/12/24 12:50:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip2A2A0_PlatinumHideIP.exe
[2011/12/24 12:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip3A257_PlatinumHideIP.exe
[2012/04/03 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip141E1_PlatinumHideIP.exe
[2012/04/03 23:20:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip3217_PlatinumHideIP.exe
[2012/01/30 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip1E306_RealHideIP.exe
[2012/01/30 23:26:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip2F136_RealHideIP.exe
[2012/04/03 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3115C_jZip35E1_RealHideIP.exe
[2012/02/01 11:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip322E5_jZipD37F_RealHideIP.exe
[2012/03/13 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip11215_RealHideIP.exe
[2012/03/13 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip211AF_RealHideIP.exe
[2012/03/13 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip376C_jZip102E6_HideIPEasy.exe
[2012/03/13 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3B32E_jZip203C_RealHideIP.exe
[2012/04/03 23:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip142D0_PlatinumHideIP.exe
[2012/04/03 23:26:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip5131_PlatinumHideIP.exe
[2011/12/18 12:20:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZip2FB5_PlatinumHideIP.exe
[2011/12/18 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZipA91_PlatinumHideIP.exe
[2012/05/06 11:44:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/02/02 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012/07/11 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/04/03 23:55:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Hide IP Easy v5.1.3.8 + Crack (Srkfan-Invicta RG)_Crack_HideIPEasy.exe
[2012/01/30 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Platinum.Hide.IP.3.0.9.2_incl.Cracked.By.ScoRPioN2_CRACK_PlatinumHideIP.exe
[2012/04/01 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2012/04/06 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HideIPEasy
[2012/03/18 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2012/03/12 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2011/12/16 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/12/16 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012/03/26 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2011/12/18 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlatinumHideIP
[2012/03/12 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2012/01/21 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/12/21 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/12/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SurfAnonymousFree
[2012/06/17 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/03/14 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2012/04/03 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypeItReadIt
[2012/07/22 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/12/11 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
[2012/03/12 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2012/07/22 14:52:12 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2012/07/22 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/06/17 22:54:49 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2000/12/13 09:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Files\C\Windows\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CSS >
[2007/07/18 19:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css
[2007/07/19 00:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Windows.old\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css

< MD5 for: SERVICES.DAT >
[2012/01/06 08:16:31 | 000,010,240 | ---- | M] () MD5=598DA820816EFCCC9D2D3115BC21F620 -- C:\Program Files\Acrobat X Pro\Acrobat X Pro\MODIFIED\@APPDATA@\Adobe\Acrobat\10.0\Security\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2012/06/21 23:42:29 | 000,005,384 | ---- | M] () MD5=A67A461DB0FAFC647B30D3F945420194 -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials_files\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBK >
[2012/07/22 14:44:59 | 000,001,334 | ---- | M] () MD5=533135AA7AE295BE7F28F7A5D98EBC7A -- C:\Program Files\Registry Mechanic\backup\Services.sbk

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 266 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:64FFFDC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

---------------------------------------------------------------------

Extras.Txt

OTL Extras logfile created on: 7/22/2012 4:02:53 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 59.86% Memory free
7.00 Gb Paging File | 5.60 Gb Available in Paging File | 80.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 89.53 Gb Free Space | 53.29% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.78 Gb Free Space | 36.73% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 379.39 Gb Free Space | 40.73% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 229.88 Gb Free Space | 49.36% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0986F084-2C46-4D25-9F14-237FF88EDAF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{35D49BBD-8C77-4D50-9DC4-9CF15CC938AE}" = lport=94 | protocol=6 | dir=out | app=c:\program files\nch software\vrs\vrs.exe |
"{4C72D63A-657D-4E98-A44C-6D73C45DAFD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DA9B0BA-3849-470A-BA46-FEAD3F7FA8A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E80A86F-4539-40B4-804F-9C26580A95E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6E733705-D08F-46B5-88E3-B15F36902865}" = rport=137 | protocol=17 | dir=out | app=system |
"{89B865DA-A2FC-4DA5-9826-65F025AF0C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8E8DA49-1870-40C6-A1AF-C5CDEB74E9F1}" = lport=94 | protocol=6 | dir=in | app=c:\program files\nch software\vrs\vrs.exe |
"{C6A44285-5A1E-48EB-8D96-CF82F381E1F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CEA4879D-58E1-4DFC-B8DA-7A27D95EE656}" = lport=445 | protocol=6 | dir=in | app=system |
"{D0A4DFAF-6D72-4D21-9B33-EA163EFBA73F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E7BA2383-F345-4D19-BFB2-37072EC4E043}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F320DD6C-D741-4D03-8F79-A7001FBF705C}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCA0159A-ED5E-40AC-9054-52A23E3B21AF}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B7A294-B9B6-4069-8FB9-88919F873945}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{17037A3C-430F-465A-8447-B1F3ADAA31C2}" = protocol=17 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{2CB24AB2-CE24-46A0-91CD-72A45A085BB3}" = protocol=6 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{3268C3F5-5DDF-4E11-8941-4B008935E627}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4B6686AF-1906-4DA6-8DCB-F73CC503CF65}" = protocol=58 | dir=out | [email protected],-28546 |
"{4CB308E4-407E-4AC5-AFCB-3CCFDAA6F567}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4E5106B1-7BF3-4837-A38C-C2F17F3D638B}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{55AA0DF5-624E-4462-A4E6-E2BD38760BD1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5A004625-2E48-4863-A9AA-62E61B655D74}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{634B2AFB-0335-4B0E-8C70-7ADF2ACC20B8}" = protocol=6 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{67FC93F2-22D2-4623-A657-B66E1E53CD02}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{6BD7C42A-487F-43DE-8D02-C57D549B0DBF}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{7FDA74E6-CFCB-4DCF-B716-DCF372470561}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{8346F2CF-4BD7-4EDE-B6E9-77C7F796B39F}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{87E73C11-4054-4756-A2E1-A91934ADCF56}" = protocol=17 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{881CA6C5-1E5E-4AB3-80C2-1B7AC9CB3430}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{89FB2D6B-8967-4275-9906-C0788C8CA1A7}" = protocol=17 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{98BAB0D0-1D7C-4A4E-966B-2FBF0E72B6BF}" = protocol=1 | dir=out | [email protected],-28544 |
"{9D27373E-F94D-4DD7-9251-04E158358BC3}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{AC373836-2F29-472A-A3C1-6D1C8CD55063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBA7277B-0797-4BBD-AC12-AF8E0144F412}" = protocol=58 | dir=in | [email protected],-28545 |
"{C5C67A5C-9D4A-42A2-B1C4-E9F55E9494A9}" = protocol=1 | dir=in | [email protected],-28543 |
"{D6FE546B-CEE6-4736-98AC-8EA432E51671}" = protocol=6 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{DC7BD124-950D-4803-AA57-DFD930BE72CE}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{E04A34DD-B60D-463E-BD1A-38CEB491D848}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"TCP Query User{383B557D-16FC-4C26-8D6F-D59324D04906}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |
"UDP Query User{5380B1D0-0B6E-4E0B-9F0E-F9937DB8E733}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu for Office 2007 v5.20
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-790CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"{B62C4524-41B5-4E65-952B-36AEC51E3F55}" = WordPerfect Office X5
"{C507B0CC-BA89-4479-B3CA-E553E5D19548}" = Microsoft Office Professional Edition 2003 Plus Languages (VMware ThinApp)
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DE1DDAC8-0451-4F16-B63D-B72FBCBC9BF6}" = Febooti fileTweak Hash and CRC
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{E6A4E6CD-B92C-4CFD-AEE9-97D361B4CE25}_is1" = TypeIt ReadIt 1.6
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.7.139
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn Disc Burning Software
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HashTab" = HashTab 4.0.0.2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PE Builder_is1" = PE Builder 3.1.10a
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Sandboxie" = Sandboxie 3.52
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Security Task Manager" = Security Task Manager 1.8d
"Soulseek2" = SoulSeek 157 NS 13e
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WebcamMax" = WebcamMax
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2012 4:04:10 AM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: avp.exe, version: 12.0.0.374, time stamp:
0x4db46f59 Faulting module name: avengine.dll.d56eee7be487d75c603c53e3da2c5fb5,
version: 1.2.3.5, time stamp: 0x4fb3b1e3 Exception code: 0xc0000005 Fault offset:
0x0000177e Faulting process id: 0xd34 Faulting application start time: 0x01cd619070bb6ae4
Faulting
application path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
Faulting
module path: C:\ProgramData\Kaspersky Lab\AVP12\Bases\Cache\avengine.dll.d56eee7be487d75c603c53e3da2c5fb5
Report
Id: 7d5c8b12-cd8a-11e1-a2ee-001a4d5634f4

Error - 7/14/2012 11:10:01 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/16/2012 11:17:25 AM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0002b759 Faulting
process id: 0x2714 Faulting application start time: 0x01cd63613e4cd4c4 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\ole32.dll
Report
Id: 58bd3c3e-cf59-11e1-a2ee-001a4d5634f4

Error - 7/16/2012 12:41:51 PM | Computer Name = Khan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: bb8 Start
Time: 01cd636e3612f260 Termination Time: 22417 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 7/17/2012 12:24:22 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/18/2012 12:21:07 AM | Computer Name = Khan | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/18 14:21:07.100]: [00016348]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 2

Error - 7/20/2012 1:04:42 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/21/2012 12:57:07 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/21/2012 9:14:11 PM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00055eab Faulting
process id: 0x1fa8 Faulting application start time: 0x01cd63ac2381792e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8b0764d1-d39a-11e1-a2ee-001a4d5634f4

Error - 7/22/2012 12:46:47 AM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {59e95488-1621-405e-a540-47d196248c2d}

[ OSession Events ]
Error - 2/1/2012 8:09:29 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 648
seconds with 300 seconds of active time. This session ended with a crash.

Error - 6/6/2012 8:13:04 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/14/2012 2:56:05 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69040
seconds with 3180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/22/2012 12:51:58 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The Remote Connections Service service failed to start due to the
following error: %%2

Error - 7/22/2012 12:52:28 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Webroot
Spy Sweeper Engine service to connect.

Error - 7/22/2012 12:52:28 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 7/22/2012 12:52:29 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/22/2012 12:54:30 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%2 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/22/2012 12:54:30 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 7/22/2012 1:05:36 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 7/22/2012 1:05:45 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The Sandboxie Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/22/2012 1:05:57 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/22/2012 2:01:28 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 2 time(s).

< End of report >

#4
CompCav

Posted 22 July 2012 - 02:43 AM

Member 5k

Expert
12,454 posts

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use. If you persist in their use you will no-longer receive help from this site in the future.

Go here to read Geekstogo Terms of Use and note in particular article 4 the items Illegal and Infringing of intellectual property rights (such as copyright and trademark rights).

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

The use of keygens means you have obtained your software illegally, and we will not help you. If you want help with installing any legal versions of software, we'd be happy to help you, but not with illegal copies. I will also warn you that the use of cracks/keygens is a very good way to infect your computer with malware, leading you to need our services in the malware forum.

Please remove all illegal software before we continue

Rerun Step 2. in my first post after the removal of all illegal software and post the logs, OTL.txt and Extras.txt before we continue.

#5
diinovo

Posted 23 July 2012 - 08:39 AM

Member

Topic Starter
Member
28 posts

Dear
Thank You for your reply, I have removed all cracks and keegens, I hope?
No excuse, BUT in the past three months that I have been infected I have used a lot of programs trying to clear the computer, I have/had a professional to fix my PC, but now I cannot afford it, most weeks we are left with less than $ 10.00 for the whole week, I could not afford to bay and tray 15/30 programs, I know I’m bad.
This is the first time ever “thank you” that I ask for free help, you understand why.
The antivirus that I am using I purchased it last week online and I am waiting to send me the key.
I do know that I have a lot of rubbish that I want to clean, I am afraid to do so because I am losing some data, very important data for me, if I clean it “thanks to you with you help” then I backup and do the cleaning.
I do hope that this cleaning help I do not wish to put you or anyone in a position that affects anyone.
Again thank you for your help, awaiting your replay

OTL logfile created on: 7/24/2012 12:05:25 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 65.22% Memory free
7.00 Gb Paging File | 5.01 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 92.92 Gb Free Space | 55.31% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.78 Gb Free Space | 36.73% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 379.37 Gb Free Space | 40.73% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 226.43 Gb Free Space | 48.62% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 23:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/06/17 17:51:58 | 000,466,704 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/05/15 19:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/04/24 23:12:42 | 000,131,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2010/07/29 18:19:04 | 000,234,496 | ---- | M] () -- C:\Program Files\Total Video Converter\TVCShellExt.dll
MOD - [2007/10/13 20:47:12 | 000,053,248 | ---- | M] () -- C:\Program Files\Classic Menu for Office\ArmAccess.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\RapidBIT\cisvc.exe -- (FlexService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/17 17:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/05/15 20:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/20 12:58:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Stopped] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/14 17:14:02 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/17 17:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/05/15 20:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 11:45:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/06/23 16:43:04 | 001,068,216 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011/05/18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/03/10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/20 22:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 20:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 19:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 19:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 19:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/07/14 10:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb) Brother MFC Serial Interface Driver(WDM)
DRV - [2009/07/14 09:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 08:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb) Brother MFC Serial USB Driver(WDM)
DRV - [2002/01/12 16:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PortTalk.sys -- (PortTalk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu....q={searchTerms}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.bing.com
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 91 09 90 5C B5 CC 01 [binary data]
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes,DefaultScope = {5E3DD9B7-5DB3-443C-AED9-98B91906A19C}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{5E3DD9B7-5DB3-443C-AED9-98B91906A19C}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...&ver=4.0.0.1550
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.740
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/17 13:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/07/14 18:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/22 10:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:43:17 | 000,000,000 | ---D | M]

[2011/12/16 11:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/07/22 09:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions
[2012/07/22 09:29:35 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\askcom.xml
[2012/01/20 12:30:53 | 000,000,984 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\filestube.xml
[2012/07/22 08:50:40 | 000,008,397 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\pdf-ebook-searches.xml
[2012/06/22 10:33:10 | 000,002,349 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender-1.xml
[2012/06/20 22:52:17 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\search-defender.xml
[2012/07/22 08:50:44 | 000,011,187 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\timeanddatecom.xml
[2012/07/14 18:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/10 17:49:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/14 17:15:12 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/07/14 17:15:07 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak2
[2012/06/17 19:47:06 | 000,004,539 | ---- | M] () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNJVK5V2.DEFAULT\EXTENSIONS\[email protected]
[2012/06/15 08:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2012/01/20 11:34:12 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/15 08:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/12 05:53:33 | 000,442,125 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15216 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-2411852452-117403543-12125213-500..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-2411852452-117403543-12125213-500..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2411852452-117403543-12125213-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Copy to &Lightning Note - c:\Program Files\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA463021-803B-4E77-A471-1A2BA3172F5D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/01/12 12:04:17 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 60 Days ==========

[2012/07/23 21:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/07/23 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{103930BC-8084-4116-9DFC-C008E7A1F0D4}
[2012/07/23 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1FB64A9D-F42A-46CF-BB07-2BD0FB23A7BF}
[2012/07/23 14:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{4673D3DE-077F-4EBB-8878-199176EE69AD}
[2012/07/23 14:41:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{94DDC534-0E4B-481C-9A4C-74825828C85C}
[2012/07/23 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E1B8CFB8-B8D6-4FF3-8EBE-261755D8AA1B}
[2012/07/23 14:34:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{234AD5FF-50CB-43BF-A946-2F78860EC068}
[2012/07/23 14:29:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5C99CB4-A73F-4416-8E87-1B88A686AEC8}
[2012/07/23 09:53:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{B86E0C31-A459-4E85-AEC8-976186035082}
[2012/07/23 09:49:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{16B5B940-ED9B-4281-A0B2-F18F1FF08D73}
[2012/07/22 13:58:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/07/22 09:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/07/22 09:29:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2012/07/22 09:28:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Conduit
[2012/07/22 09:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/07/22 09:23:23 | 000,895,376 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Administrator\Desktop\uTorrent.exe
[2012/07/21 11:19:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{1B42E99A-C774-4B30-A6A8-4E9B0068AA3F}
[2012/07/21 11:19:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{87C36CEE-6B0B-4DA2-AC10-17F64D3E4884}
[2012/07/21 11:14:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{216668E3-9816-4658-9300-2D02617788E1}
[2012/07/21 11:13:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5106A4A-9C0E-4EAE-8B6C-6B2BC42944E5}
[2012/07/21 10:08:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C5304FB6-D9CA-4DEF-BBC8-15965A4ECACD}
[2012/07/21 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{3B87E682-8AD7-419C-932C-E0B5AABA77FA}
[2012/07/21 10:06:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{40BB17BB-953F-40F7-B01A-79372BA6EAC5}
[2012/07/21 10:06:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E5F9EC55-211B-4841-8B7F-C16A6217385D}
[2012/07/20 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{263F4AB0-90AC-4623-B2CB-C472E17990A0}
[2012/07/20 17:30:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{C4FBF46A-1DE8-4EB8-B36C-832FCE8E7AC4}
[2012/07/16 11:55:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\CCWin
[2012/07/14 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012/07/14 17:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/14 17:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/07/14 17:14:02 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/07/14 17:04:49 | 000,638,976 | ---- | C] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 16:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2012/07/13 23:51:28 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/13 11:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentPortable
[2012/07/12 22:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidBIT Downloader
[2012/07/12 13:31:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{5AC709BE-44AC-4AA8-88E7-CCE137CBB5FD}
[2012/07/12 05:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2012/07/12 05:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/07/12 05:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/11 10:03:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\updfiles
[2012/07/11 02:42:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/07/11 01:13:02 | 001,805,736 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/10 08:19:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{7EEE5FEB-DC92-4ABF-955A-443B142A3FD8}
[2012/07/10 01:31:16 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Desktop\[Originals]
[2012/07/09 10:46:50 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/09 10:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/07/07 23:00:02 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/01 12:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2012/07/01 12:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
[2012/07/01 12:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\7-zip
[2012/07/01 12:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2012/06/30 17:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/30 16:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/30 16:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/30 16:18:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/30 16:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/30 11:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Builder
[2012/06/30 11:28:01 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2012/06/30 00:03:05 | 004,124,324 | ---- | C] (PC Tools) -- C:\Users\Administrator\Desktop\avinstall.exe.6iwtvof.partial
[2012/06/28 14:44:39 | 009,876,312 | ---- | C] (PC Tools ) -- C:\Users\Administrator\Desktop\tfinstall.exe
[2012/06/28 00:51:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WCID
[2012/06/28 00:20:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Threat Expert
[2012/06/27 18:14:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\uTorrent
[2012/06/27 08:10:43 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012/06/26 19:18:11 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/06/26 17:47:53 | 000,000,000 | ---D | C] -- C:\backup
[2012/06/25 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2012/06/25 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/06/25 22:15:44 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixVundo.exe
[2012/06/25 15:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/25 13:25:59 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/06/25 13:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/06/21 23:47:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials_files
[2012/06/21 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\How do I remove Internet Explorer 8 from Windows as a troubleshooting step_files
[2012/06/20 17:48:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/20 17:35:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New folder
[2012/06/20 15:38:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\PC Tool History
[2012/06/19 22:31:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/19 22:31:20 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/19 22:31:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/19 22:31:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/19 22:31:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/19 22:31:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/19 22:31:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/19 22:25:56 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/19 22:25:46 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/19 22:25:45 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/19 22:25:45 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/19 22:25:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/19 10:22:05 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2012/06/18 02:43:03 | 000,203,088 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/06/17 23:01:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/17 23:00:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/17 22:51:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/06/17 21:44:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/17 20:37:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/06/17 19:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/09 09:22:47 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/09 09:22:47 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/09 09:22:35 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/09 09:22:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/09 09:22:35 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/09 09:22:23 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/09 09:22:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/03 11:27:40 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/06/03 11:27:40 | 011,354,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/06/03 11:27:40 | 000,883,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/06/03 11:27:39 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/06/03 11:27:39 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/06/03 11:27:39 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/06/03 11:27:39 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/06/03 11:27:39 | 001,000,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/06/03 11:05:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/03 11:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/03 11:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/03 11:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/03 11:04:02 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/03 11:04:02 | 000,687,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/03 11:04:02 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/03 11:03:55 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/03 11:03:55 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/03 11:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/03 09:37:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{E2B32B90-E0E0-41A5-80E3-9413C0F874E3}
[2012/06/02 17:52:41 | 003,306,678 | ---- | C] (Bart Lagerweij ) -- C:\Users\Administrator\Desktop\BART pebuilder3110a.exe
[102 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/07/23 22:29:54 | 000,002,266 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/07/23 19:51:55 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 19:51:55 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/23 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/23 09:35:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 23:29:55 | 000,007,308 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012/07/22 16:09:41 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/07/22 14:52:12 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/22 14:51:53 | 2817,380,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 14:03:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/07/22 12:35:31 | 000,041,097 | ---- | M] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/22 09:27:42 | 000,000,965 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/22 09:23:29 | 000,895,376 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Administrator\Desktop\uTorrent.exe
[2012/07/20 20:52:45 | 000,018,706 | ---- | M] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | M] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 18:38:09 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/07/14 18:01:51 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012/07/14 18:01:51 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012/07/14 17:16:37 | 000,017,408 | ---- | M] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:14:02 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012/07/14 17:04:26 | 000,638,976 | ---- | M] (ESET) -- C:\Windows\ESETUninstaller.exe
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/14 15:44:20 | 000,004,021 | ---- | M] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | M] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/14 09:23:05 | 002,784,732 | ---- | M] () -- C:\Windows\System32\em023_32.dat
[2012/07/14 09:23:04 | 035,604,120 | ---- | M] () -- C:\Windows\System32\em002_32.dat
[2012/07/13 23:52:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/07/12 06:20:20 | 000,089,094 | ---- | M] () -- C:\Windows\System32\em006_32.dat
[2012/07/12 05:53:33 | 000,442,125 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2012/07/11 21:44:08 | 001,103,622 | ---- | M] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:08 | 000,492,053 | ---- | M] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:08 | 000,252,560 | ---- | M] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:08 | 000,046,729 | ---- | M] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:08 | 000,038,604 | ---- | M] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:08 | 000,004,342 | ---- | M] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 21:44:07 | 000,714,995 | ---- | M] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:43:57 | 000,521,149 | ---- | M] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:43:57 | 000,055,770 | ---- | M] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 07:44:48 | 000,000,000 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 02:08:53 | 012,320,768 | ---- | M] () -- C:\Users\Administrator\ntuser.bak
[2012/07/11 01:57:33 | 001,346,640 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/11 01:13:02 | 001,805,736 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\SymantecFixZeroAccess.exe
[2012/07/11 01:11:44 | 000,050,206 | ---- | M] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/10 08:25:59 | 000,002,873 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 12.lnk
[2012/07/09 10:53:10 | 000,000,047 | RH-- | M] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/09 10:46:50 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/07/07 23:00:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/07 23:00:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 09:49:40 | 000,000,948 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/07/01 12:26:50 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/06/30 22:30:48 | 001,110,476 | ---- | M] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:21 | 000,001,045 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/06/30 00:23:35 | 004,124,324 | ---- | M] (PC Tools) -- C:\Users\Administrator\Desktop\avinstall.exe.6iwtvof.partial
[2012/06/28 15:00:51 | 009,876,312 | ---- | M] (PC Tools ) -- C:\Users\Administrator\Desktop\tfinstall.exe
[2012/06/28 14:47:06 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\Desktop\TEMSSetup-x32.exe.d8aeaub.partial
[2012/06/27 08:49:08 | 000,007,608 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/06/26 22:41:46 | 012,569,784 | ---- | M] () -- C:\Users\Administrator\Desktop\SysinternalsSuite.zip
[2012/06/25 22:15:45 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixVundo.exe
[2012/06/24 16:30:24 | 000,000,712 | ---- | M] () -- C:\Users\Administrator\Desktop\Temp Progrm - Shortcut.lnk
[2012/06/24 09:03:27 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/06/23 15:28:16 | 000,331,776 | ---- | M] () -- C:\Users\Administrator\Documents\Database1.accdb
[2012/06/22 17:39:34 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/22 14:37:26 | 000,043,008 | ---- | M] () -- C:\Windows\System32\umstartup000.etl
[2012/06/21 23:48:23 | 000,638,489 | ---- | M] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 9.mht
[2012/06/21 23:47:42 | 000,052,266 | ---- | M] () -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials.htm
[2012/06/21 23:41:33 | 000,723,379 | ---- | M] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 8 from Windows 7.mht
[2012/06/21 23:40:17 | 000,138,219 | ---- | M] () -- C:\Users\Administrator\Desktop\How do I remove Internet Explorer 8 from Windows as a troubleshooting step.htm
[2012/06/21 17:43:09 | 000,584,650 | ---- | M] () -- C:\Users\Administrator\Desktop\How do I install or uninstall Internet Explorer 9.mht
[2012/06/21 17:29:01 | 001,232,438 | ---- | M] () -- C:\Users\Administrator\Desktop\Prerequisites for installing Internet Explorer 9.mht
[2012/06/20 17:23:47 | 000,940,100 | ---- | M] () -- C:\Users\Administrator\Desktop\How To Easily Repair Windows 7 Boot Problems Using Startup Repair.mht
[2012/06/20 00:50:10 | 000,431,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/19 23:37:11 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/19 23:37:11 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/19 23:36:14 | 000,961,020 | ---- | M] () -- C:\Users\Administrator\Documents\Scan 19-6.htm
[2012/06/19 13:14:03 | 000,000,008 | RHS- | M] () -- C:\ProgramData\8510DB6088.sys
[2012/06/19 12:17:31 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/06/19 12:17:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/06/17 22:57:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120621-154314.backup
[2012/06/17 21:43:57 | 331,086,892 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/16 17:45:51 | 000,014,848 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/03 16:21:03 | 003,386,435 | ---- | M] () -- C:\Users\Administrator\Desktop\BART Zip pebuilder3110a.zip
[2012/06/03 11:03:30 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/03 11:03:30 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/03 08:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/03 08:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/03 08:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/03 08:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/03 08:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/03 01:23:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/02 17:52:41 | 003,306,678 | ---- | M] (Bart Lagerweij ) -- C:\Users\Administrator\Desktop\BART pebuilder3110a.exe
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/05/31 12:25:14 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/05/25 00:26:03 | 000,000,100 | ---- | M] () -- C:\Users\Administrator\Desktop\Contatta la Rai.URL
[102 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Administrator\Desktop\*.tmp files -> C:\Users\Administrator\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 12:35:31 | 000,041,097 | ---- | C] () -- C:\Users\Administrator\Desktop\Extend ja-f-27b.pdf
[2012/07/22 09:27:42 | 000,000,965 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/20 20:52:45 | 000,018,706 | ---- | C] () -- C:\Users\Administrator\Desktop\Pay Slip.zip
[2012/07/19 17:39:24 | 000,000,353 | ---- | C] () -- C:\Users\Administrator\Desktop\164 A-C compressor rebuild needed - Alfa Romeo Bulletin Board & Forums.url
[2012/07/14 17:16:34 | 000,017,408 | ---- | C] () -- C:\Users\Administrator\AppData\Local\WebpageIcons.db
[2012/07/14 17:15:14 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012/07/14 17:15:14 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012/07/14 14:38:51 | 000,001,441 | ---- | C] () -- C:\Users\Administrator\Desktop\Internet Explorer.lnk
[2012/07/11 21:44:09 | 035,604,120 | ---- | C] () -- C:\Windows\System32\em002_32.dat
[2012/07/11 21:44:09 | 002,784,732 | ---- | C] () -- C:\Windows\System32\em023_32.dat
[2012/07/11 21:44:09 | 001,103,622 | ---- | C] () -- C:\Windows\System32\em009_32.dat
[2012/07/11 21:44:09 | 000,714,995 | ---- | C] () -- C:\Windows\System32\em003_32.dat
[2012/07/11 21:44:09 | 000,521,149 | ---- | C] () -- C:\Windows\System32\em001_32.dat
[2012/07/11 21:44:09 | 000,492,053 | ---- | C] () -- C:\Windows\System32\em004_32.dat
[2012/07/11 21:44:09 | 000,252,560 | ---- | C] () -- C:\Windows\System32\em008_32.dat
[2012/07/11 21:44:09 | 000,089,094 | ---- | C] () -- C:\Windows\System32\em006_32.dat
[2012/07/11 21:44:09 | 000,055,770 | ---- | C] () -- C:\Windows\System32\em000_32.dat
[2012/07/11 21:44:09 | 000,046,729 | ---- | C] () -- C:\Windows\System32\em005_32.dat
[2012/07/11 21:44:09 | 000,038,604 | ---- | C] () -- C:\Windows\System32\em013_32.dat
[2012/07/11 21:44:09 | 000,004,342 | ---- | C] () -- C:\Windows\System32\em015_32.dat
[2012/07/11 10:02:28 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwTemp.dat
[2012/07/11 10:02:27 | 000,004,021 | ---- | C] () -- C:\Windows\System32\EpfwUser.dat
[2012/07/11 02:47:41 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\Symantec Shared.fix
[2012/07/11 01:11:44 | 000,050,206 | ---- | C] () -- C:\Users\Administrator\Desktop\Symantec fixkriz.exe
[2012/07/09 10:05:04 | 000,000,047 | RH-- | C] () -- C:\Users\Administrator\Desktop\stinger 2.opt
[2012/07/01 12:25:30 | 000,000,454 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2012/07/01 12:25:29 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2012/07/01 12:15:36 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/07/01 09:54:20 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/06/30 22:30:47 | 001,110,476 | ---- | C] () -- C:\Users\Administrator\Desktop\7z920.exe
[2012/06/30 17:51:41 | 000,001,119 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/06/30 15:23:38 | 000,001,045 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/06/30 15:23:35 | 000,002,266 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/06/28 14:47:06 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\Desktop\TEMSSetup-x32.exe.d8aeaub.partial
[2012/06/26 22:40:24 | 012,569,784 | ---- | C] () -- C:\Users\Administrator\Desktop\SysinternalsSuite.zip
[2012/06/24 16:30:24 | 000,000,712 | ---- | C] () -- C:\Users\Administrator\Desktop\Temp Progrm - Shortcut.lnk
[2012/06/22 17:39:34 | 000,000,256 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/22 10:57:47 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/21 23:48:21 | 000,638,489 | ---- | C] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 9.mht
[2012/06/21 23:47:38 | 000,052,266 | ---- | C] () -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials.htm
[2012/06/21 23:41:32 | 000,723,379 | ---- | C] () -- C:\Users\Administrator\Desktop\How to uninstall Internet Explorer 8 from Windows 7.mht
[2012/06/21 23:40:16 | 000,138,219 | ---- | C] () -- C:\Users\Administrator\Desktop\How do I remove Internet Explorer 8 from Windows as a troubleshooting step.htm
[2012/06/21 17:43:07 | 000,584,650 | ---- | C] () -- C:\Users\Administrator\Desktop\How do I install or uninstall Internet Explorer 9.mht
[2012/06/21 17:28:58 | 001,232,438 | ---- | C] () -- C:\Users\Administrator\Desktop\Prerequisites for installing Internet Explorer 9.mht
[2012/06/20 17:23:47 | 000,940,100 | ---- | C] () -- C:\Users\Administrator\Desktop\How To Easily Repair Windows 7 Boot Problems Using Startup Repair.mht
[2012/06/20 11:47:12 | 000,512,992 | ---- | C] () -- C:\Users\Administrator\Desktop\sdsetup.exe
[2012/06/19 23:36:03 | 000,961,020 | ---- | C] () -- C:\Users\Administrator\Documents\Scan 19-6.htm
[2012/06/19 13:14:03 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys
[2012/06/19 12:17:23 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012/06/19 12:17:23 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012/06/17 21:43:57 | 331,086,892 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/02 17:55:36 | 003,386,435 | ---- | C] () -- C:\Users\Administrator\Desktop\BART Zip pebuilder3110a.zip
[2012/05/25 00:26:03 | 000,000,100 | ---- | C] () -- C:\Users\Administrator\Desktop\Contatta la Rai.URL
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0611.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0559.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0536.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0520.old
[2012/05/19 15:54:59 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0512.old
[2012/04/17 22:48:02 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2012/04/10 17:53:58 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/04/01 23:45:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/03/19 13:58:18 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2012/02/09 14:20:38 | 004,794,880 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/02/02 14:32:01 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012/01/30 23:42:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/24 21:53:30 | 000,000,564 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 15:48:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/20 15:47:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/17 10:50:09 | 000,000,948 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/01/17 10:50:09 | 000,000,154 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/01/17 10:49:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012/01/17 10:49:34 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/17 10:48:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/01/17 10:48:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/12 08:13:33 | 000,007,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/01/06 18:40:15 | 000,014,848 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/06 01:53:12 | 145,727,915 | ---- | C] () -- C:\Users\Administrator\Sky Angel Vol.72 Internal Cum Shot - AYA-02.mp4
[2012/01/02 22:44:39 | 000,004,096 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\keyfile3.drm
[2011/12/21 21:03:43 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/12/16 11:00:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/12/11 11:39:30 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/11 11:37:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/12/10 20:34:27 | 000,007,308 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/12/10 20:27:15 | 000,000,258 | ---- | C] () -- C:\Windows\System32\BDEMERGE.INI
[2011/12/08 04:22:23 | 012,320,768 | ---- | C] () -- C:\Users\Administrator\ntuser.bak
[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/11/22 03:55:12 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/10/28 03:00:11 | 000,001,194 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat

========== LOP Check ==========

[2011/12/13 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ACD Systems
[2012/03/13 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AutoHideIP
[2012/01/30 23:11:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZip21F0_RealHideIP.exe
[2012/01/30 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZipF38_RealHideIP.exe
[2012/03/17 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip152_RealHideIP.exe
[2012/03/17 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip1C1F2_RealHideIP.exe
[2011/12/24 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip10113_PlatinumHideIP.exe
[2011/12/24 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip16361_PlatinumHideIP.exe
[2011/12/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip20166_PlatinumHideIP.exe
[2011/12/24 12:13:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip213D0_PlatinumHideIP.exe
[2011/12/24 12:17:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip2523B_PlatinumHideIP.exe
[2011/12/24 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip15199_PlatinumHideIP.exe
[2011/12/24 12:59:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip152D4_PlatinumHideIP.exe
[2011/12/24 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip1C3C4_PlatinumHideIP.exe
[2012/04/07 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1B394_jZip2F272_HideIPEasy.exe
[2012/03/13 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25279_jZipC396_RealHideIP.exe
[2012/04/03 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip1A21_HideIPEasy.exe
[2012/04/03 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip223C1_HideIPEasy.exe
[2012/04/03 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip3747_HideIPEasy.exe
[2011/12/24 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip151F0_PlatinumHideIP.exe
[2011/12/24 12:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip171D7_PlatinumHideIP.exe
[2011/12/24 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1826F_PlatinumHideIP.exe
[2011/12/24 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1BD8_PlatinumHideIP.exe
[2011/12/24 12:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip24320_PlatinumHideIP.exe
[2011/12/24 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip28B7_PlatinumHideIP.exe
[2011/12/24 12:50:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip2A2A0_PlatinumHideIP.exe
[2011/12/24 12:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip3A257_PlatinumHideIP.exe
[2012/04/03 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip141E1_PlatinumHideIP.exe
[2012/04/03 23:20:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip3217_PlatinumHideIP.exe
[2012/01/30 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip1E306_RealHideIP.exe
[2012/01/30 23:26:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip2F136_RealHideIP.exe
[2012/04/03 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3115C_jZip35E1_RealHideIP.exe
[2012/02/01 11:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip322E5_jZipD37F_RealHideIP.exe
[2012/03/13 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip11215_RealHideIP.exe
[2012/03/13 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip211AF_RealHideIP.exe
[2012/03/13 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip376C_jZip102E6_HideIPEasy.exe
[2012/03/13 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3B32E_jZip203C_RealHideIP.exe
[2012/04/03 23:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip142D0_PlatinumHideIP.exe
[2012/04/03 23:26:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip5131_PlatinumHideIP.exe
[2011/12/18 12:20:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZip2FB5_PlatinumHideIP.exe
[2011/12/18 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZipA91_PlatinumHideIP.exe
[2012/05/06 11:44:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/02/02 16:23:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012/07/11 02:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FixZeroAccess
[2012/04/03 23:55:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Hide IP Easy v5.1.3.8 + Crack (Srkfan-Invicta RG)_Crack_HideIPEasy.exe
[2012/01/30 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Platinum.Hide.IP.3.0.9.2_incl.Cracked.By.ScoRPioN2_CRACK_PlatinumHideIP.exe
[2012/04/01 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Garmin
[2012/04/06 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HideIPEasy
[2012/03/18 08:51:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InterVideo
[2012/03/12 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\NCH Swift Sound
[2011/12/16 18:34:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia
[2011/12/16 17:45:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite
[2012/03/26 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC-FAX TX
[2011/12/18 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlatinumHideIP
[2012/03/12 12:47:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Regensoft
[2012/01/21 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Registry Mechanic
[2011/12/21 21:05:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScanSoft
[2012/06/25 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/12/24 12:22:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SurfAnonymousFree
[2012/06/17 20:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TestApp
[2012/03/14 12:22:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2012/04/03 13:18:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TypeItReadIt
[2012/07/22 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/12/11 17:18:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WebcamMax
[2012/03/12 12:57:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Win7codecs
[2012/07/22 14:52:12 | 000,000,426 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2012/07/23 12:15:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro Updates.job
[2012/06/17 22:54:49 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2000/12/13 09:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Files\C\Windows\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 07:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CSS >
[2007/07/18 19:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css
[2007/07/19 00:10:46 | 000,001,111 | R--- | M] () MD5=AC91C948DBB2BBE9B6A1EF98F1214CEC -- C:\Windows.old\Program Files\Common Files\Corel\Online Services\1.0\Languages\EN\Content\services.css

< MD5 for: SERVICES.DAT >
[2012/01/06 08:16:31 | 000,010,240 | ---- | M] () MD5=598DA820816EFCCC9D2D3115BC21F620 -- C:\Program Files\Acrobat X Pro\Acrobat X Pro\MODIFIED\@APPDATA@\Adobe\Acrobat\10.0\Security\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 12:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Application Data\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 14:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Windows.old\Users\All Users\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 07:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 12:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 07:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2012/06/21 23:42:29 | 000,005,384 | ---- | M] () MD5=A67A461DB0FAFC647B30D3F945420194 -- C:\Users\Administrator\Desktop\How to Remove Internet Explorer 9 7 Tutorials_files\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 06:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBK >
[2012/07/22 14:44:59 | 000,001,334 | ---- | M] () MD5=533135AA7AE295BE7F28F7A5D98EBC7A -- C:\Program Files\Registry Mechanic\backup\Services.sbk

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 266 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:64FFFDC8
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

OTL Extras

OTL Extras logfile created on: 7/24/2012 12:05:25 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 65.22% Memory free
7.00 Gb Paging File | 5.01 Gb Available in Paging File | 71.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 168.00 Gb Total Space | 92.92 Gb Free Space | 55.31% Space Free | Partition Type: NTFS
Drive D: | 130.09 Gb Total Space | 47.78 Gb Free Space | 36.73% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 379.37 Gb Free Space | 40.73% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 226.43 Gb Free Space | 48.62% Space Free | Partition Type: NTFS

Computer Name: KHAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0986F084-2C46-4D25-9F14-237FF88EDAF4}" = rport=139 | protocol=6 | dir=out | app=system |
"{35D49BBD-8C77-4D50-9DC4-9CF15CC938AE}" = lport=94 | protocol=6 | dir=out | app=c:\program files\nch software\vrs\vrs.exe |
"{4C72D63A-657D-4E98-A44C-6D73C45DAFD3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DA9B0BA-3849-470A-BA46-FEAD3F7FA8A3}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E80A86F-4539-40B4-804F-9C26580A95E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6E733705-D08F-46B5-88E3-B15F36902865}" = rport=137 | protocol=17 | dir=out | app=system |
"{89B865DA-A2FC-4DA5-9826-65F025AF0C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8E8DA49-1870-40C6-A1AF-C5CDEB74E9F1}" = lport=94 | protocol=6 | dir=in | app=c:\program files\nch software\vrs\vrs.exe |
"{C6A44285-5A1E-48EB-8D96-CF82F381E1F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CEA4879D-58E1-4DFC-B8DA-7A27D95EE656}" = lport=445 | protocol=6 | dir=in | app=system |
"{D0A4DFAF-6D72-4D21-9B33-EA163EFBA73F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E7BA2383-F345-4D19-BFB2-37072EC4E043}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F320DD6C-D741-4D03-8F79-A7001FBF705C}" = rport=445 | protocol=6 | dir=out | app=system |
"{FCA0159A-ED5E-40AC-9054-52A23E3B21AF}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B7A294-B9B6-4069-8FB9-88919F873945}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{17037A3C-430F-465A-8447-B1F3ADAA31C2}" = protocol=17 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{2CB24AB2-CE24-46A0-91CD-72A45A085BB3}" = protocol=6 | dir=in | app=c:\program files\satsuki decoder pack\mpc\mplayerc.exe |
"{3268C3F5-5DDF-4E11-8941-4B008935E627}" = protocol=6 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4B6686AF-1906-4DA6-8DCB-F73CC503CF65}" = protocol=58 | dir=out | [email protected],-28546 |
"{4CB308E4-407E-4AC5-AFCB-3CCFDAA6F567}" = protocol=17 | dir=in | app=c:\program files\nokia\nokia pc suite 7\pcsuite.exe |
"{4E5106B1-7BF3-4837-A38C-C2F17F3D638B}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{55AA0DF5-624E-4462-A4E6-E2BD38760BD1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5A004625-2E48-4863-A9AA-62E61B655D74}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{634B2AFB-0335-4B0E-8C70-7ADF2ACC20B8}" = protocol=6 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{67FC93F2-22D2-4623-A657-B66E1E53CD02}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\sysrescue.exe |
"{6BD7C42A-487F-43DE-8D02-C57D549B0DBF}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{7FDA74E6-CFCB-4DCF-B716-DCF372470561}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{8346F2CF-4BD7-4EDE-B6E9-77C7F796B39F}" = protocol=17 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"{87E73C11-4054-4756-A2E1-A91934ADCF56}" = protocol=17 | dir=in | app=c:\program files\webroot\webrootsecurity\spysweeperui.exe |
"{881CA6C5-1E5E-4AB3-80C2-1B7AC9CB3430}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{89FB2D6B-8967-4275-9906-C0788C8CA1A7}" = protocol=17 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{98BAB0D0-1D7C-4A4E-966B-2FBF0E72B6BF}" = protocol=1 | dir=out | [email protected],-28544 |
"{9D27373E-F94D-4DD7-9251-04E158358BC3}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{AC373836-2F29-472A-A3C1-6D1C8CD55063}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBA7277B-0797-4BBD-AC12-AF8E0144F412}" = protocol=58 | dir=in | [email protected],-28545 |
"{C5C67A5C-9D4A-42A2-B1C4-E9F55E9494A9}" = protocol=1 | dir=in | [email protected],-28543 |
"{D6FE546B-CEE6-4736-98AC-8EA432E51671}" = protocol=6 | dir=in | app=c:\program files\utorrentportable\utorrentportable.exe |
"{DC7BD124-950D-4803-AA57-DFD930BE72CE}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{E04A34DD-B60D-463E-BD1A-38CEB491D848}" = protocol=6 | dir=in | app=c:\program files\eset\eset smart security\egui.exe |
"TCP Query User{383B557D-16FC-4C26-8D6F-D59324D04906}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |
"UDP Query User{5380B1D0-0B6E-4E0B-9F0E-F9937DB8E733}C:\program files\utorrentportable\app\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrentportable\app\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"_{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{13EBF9E8-82FF-47D0-A324-534B79EF7F71}" = WordPerfect Office X5 - WT
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{17C5A285-F7B6-492B-8F3B-343D02B84D75}" = WordPerfect Office X5 - Common
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19B4CD07-1919-4002-B28F-A5D2027026E0}" = WordPerfect Office X5 - IPM
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{1F0D7D15-8A36-4AE4-8573-70BEA7DF379D}" = WordPerfect Office X5 - Migration Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378BAC91-3AE8-45F0-90E4-4F81E3EAEBC5}" = WordPerfect Office X5 - PR
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu for Office 2007 v5.20
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-790CW
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64459BD5-3AE8-4689-B7B0-D57B667D8399}" = WordPerfect Office X5 - PerfectExperts EN
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67ED9603-CB76-4338-B7B0-690FE144C4DA}" = WordPerfect Lightning
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C13C708-FF28-4991-84E6-5526A0EE677B}" = WordPerfect Office X5 - Oxford
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E4B1E42-A831-44B4-A705-D006F68560EC}" = WordPerfect Office X5 - Graphics
"{71D2F8EE-9D45-4D95-A6F6-F6433C2B94B5}" = WordPerfect Office X5 - System EN
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A6FD1334-FD75-4951-935D-08F8C7E4C6B0}" = WordPerfect Office X5 - Sharepoint
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B568643E-076D-48A2-B5C3-7F0144D668D8}" = Paradox
"{B62C4524-41B5-4E65-952B-36AEC51E3F55}" = WordPerfect Office X5
"{C507B0CC-BA89-4479-B3CA-E553E5D19548}" = Microsoft Office Professional Edition 2003 Plus Languages (VMware ThinApp)
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CD5C6C29-E6CB-4DF3-B45F-A04087B1C294}" = WordPerfect Office X5 - Templates
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D4167D08-0F61-4F44-BC3F-26B4960745C4}" = WordPerfect Office X5 - Skins
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7643510-C1AE-44AD-B0F9-0665C4D73BFD}" = WordPerfect Office X5 - LegalTools
"{DAEDCD3D-B981-4F10-B17B-764753EDAF9F}" = WordPerfect Office X5 - QP
"{DE1DDAC8-0451-4F16-B63D-B72FBCBC9BF6}" = Febooti fileTweak Hash and CRC
"{DE6DE4A1-0343-4DBE-9DC2-E667AA03F579}" = WordPerfect Office X5 - Setup Files
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E539B721-4458-4EFC-8BD0-04D4842051AE}" = Wordperfect Office X5 - EN
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E67732DE-3387-4F1E-BDDA-2D0C08BC025B}" = WordPerfect Office X5 - Filters
"{E6A4E6CD-B92C-4CFD-AEE9-97D361B4CE25}_is1" = TypeIt ReadIt 1.6
"{EC61C6D9-159B-4B14-AAF3-AF33FCFA50DD}" = WordPerfect Office X5 - WP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"7-zip" = 7-zip v9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.0.7.139
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn Disc Burning Software
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"HashTab" = HashTab 4.0.0.2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PE Builder_is1" = PE Builder 3.1.10a
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Sandboxie" = Sandboxie 3.72 (32-bit)
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"Security Task Manager" = Security Task Manager 1.8d
"Soulseek2" = SoulSeek 157 NS 13e
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"WavePad" = WavePad Sound Editor
"WebcamMax" = WebcamMax
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/17/2012 12:24:22 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/18/2012 12:21:07 AM | Computer Name = Khan | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/18 14:21:07.100]: [00016348]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 2

Error - 7/20/2012 1:04:42 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/21/2012 12:57:07 PM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/21/2012 9:14:11 PM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00055eab Faulting
process id: 0x1fa8 Faulting application start time: 0x01cd63ac2381792e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8b0764d1-d39a-11e1-a2ee-001a4d5634f4

Error - 7/22/2012 12:46:47 AM | Computer Name = Khan | Source = VSS | ID = 8194
Description = Volume Shadow Copy Service error: Unexpected error querying for the
IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often
caused by incorrect security settings in either the writer or requestor process.

Operation:

Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}

Writer Name: System Writer Writer Instance ID: {59e95488-1621-405e-a540-47d196248c2d}

Error - 7/22/2012 11:06:53 AM | Computer Name = Khan | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Nokia\Nokia
PC Suite 7\TIS_Windows7PIM.dll". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/23/2012 1:07:00 AM | Computer Name = Khan | Source = Application Error | ID = 1000
Description = Faulting application name: WLXPhotoGallery.exe, version: 15.4.3538.513,
time stamp: 0x4dcdb214 Faulting module name: FFDshow.ax, version: 1.1.4332.0, time
stamp: 0x4f428bc0 Exception code: 0xc0000005 Fault offset: 0x00141258 Faulting process
id: 0x17b0 Faulting application start time: 0x01cd688ddd975b3f Faulting application
path: C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe Faulting module
path: C:\Program Files\Win7codecs\filters\FFDshow.ax Report Id: 3b548b68-d484-11e1-9c2c-001a4d5634f4

Error - 7/23/2012 1:10:17 AM | Computer Name = Khan | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/23 15:10:17.439]: [00002984]: CUsbScnDev: DeviceIoControl()
failed. ErrorCode = 2

Error - 7/23/2012 1:24:33 AM | Computer Name = Khan | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f10 Start
Time: 01cd68900815ca4a Termination Time: 31 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

[ OSession Events ]
Error - 2/1/2012 8:09:29 PM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 648
seconds with 300 seconds of active time. This session ended with a crash.

Error - 6/6/2012 8:13:04 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/14/2012 2:56:05 AM | Computer Name = Khan | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 69040
seconds with 3180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/22/2012 12:52:28 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Webroot
Spy Sweeper Engine service to connect.

Error - 7/22/2012 12:52:28 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 7/22/2012 12:52:29 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASKUTIL

Error - 7/22/2012 12:54:30 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%2 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 7/22/2012 12:54:30 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 7/22/2012 1:05:36 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 7/22/2012 1:05:45 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The Sandboxie Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/22/2012 1:05:57 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/22/2012 2:01:28 AM | Computer Name = Khan | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 2 time(s).

Error - 7/22/2012 3:48:17 PM | Computer Name = Khan | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
power transition. Please check for updated firmware for your system.

< End of report >

#6
CompCav

Posted 23 July 2012 - 10:25 AM

Member 5k

Expert
12,454 posts

The antivirus that I am using I purchased it last week online and I am waiting to send me the key.

There are free products that we recommend and in our experience are comparable to the paid products.

So if you need a free one please let me know and we will change it out for a free one.

There is a program group, RealHideIP, AutoHideIP, PlatinumHideIP, etc., that is acting very badly and I recommend you remove it before we continue.

Once you remove it please let me know so we can continue with your cleaning.

Regards,

CompCav

#7
diinovo

Posted 23 July 2012 - 09:55 PM

Member

Topic Starter
Member
28 posts

Dear CompCav

C:\ Program data
HideIPEasy
I have deleted this, only Icon in folder.

There is none of the programs that you mention in control panel Programs and Features, nor in c:\ program file, nor in start: All Programs, I do recall deleting them some time ago.

Now this is what I have found in C:\ProgramData.
What can I delete from this folder?
Thank You

As for antivirus, I paid with credit card, I do not know if I can cancel it, I will check and report to you.

??? Sorry if I am not smart but I cannot copy the folder C:\ programData, I am sending it as email to you if you do not receive Please let me know

#8
CompCav

Posted 23 July 2012 - 10:17 PM

Member 5k

Expert
12,454 posts

I do not need the file. :thumbsup:

As for antivirus, I paid with credit card, I do not know if I can cancel it, I will check and report to you.

We can do this anytime just let me know. We will continue with the paid one for now it is a good product.

Step 1.

Please uninstall uTorrent it is a highway for malware.

Step 2.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....ale.underscore}
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
[2012/07/22 09:29:35 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\askcom.xml
[2012/01/20 12:30:53 | 000,000,984 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\filestube.xml
[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2012/01/20 11:34:12 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
[2012/07/22 09:23:23 | 000,895,376 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Administrator\Desktop\uTorrent.exe
[2012/06/19 13:14:03 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys
[2012/03/13 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AutoHideIP
[2012/01/30 23:11:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZip21F0_RealHideIP.exe
[2012/01/30 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZipF38_RealHideIP.exe
[2012/03/17 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip152_RealHideIP.exe
[2012/03/17 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip1C1F2_RealHideIP.exe
[2011/12/24 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip10113_PlatinumHideIP.exe
[2011/12/24 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip16361_PlatinumHideIP.exe
[2011/12/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip20166_PlatinumHideIP.exe
[2011/12/24 12:13:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip213D0_PlatinumHideIP.exe
[2011/12/24 12:17:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip2523B_PlatinumHideIP.exe
[2011/12/24 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip15199_PlatinumHideIP.exe
[2011/12/24 12:59:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip152D4_PlatinumHideIP.exe
[2011/12/24 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip1C3C4_PlatinumHideIP.exe
[2012/04/07 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1B394_jZip2F272_HideIPEasy.exe
[2012/03/13 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25279_jZipC396_RealHideIP.exe
[2012/04/03 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip1A21_HideIPEasy.exe
[2012/04/03 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip223C1_HideIPEasy.exe
[2012/04/03 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip3747_HideIPEasy.exe
[2011/12/24 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip151F0_PlatinumHideIP.exe
[2011/12/24 12:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip171D7_PlatinumHideIP.exe
[2011/12/24 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1826F_PlatinumHideIP.exe
[2011/12/24 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1BD8_PlatinumHideIP.exe
[2011/12/24 12:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip24320_PlatinumHideIP.exe
[2011/12/24 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip28B7_PlatinumHideIP.exe
[2011/12/24 12:50:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip2A2A0_PlatinumHideIP.exe
[2011/12/24 12:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip3A257_PlatinumHideIP.exe
[2012/04/03 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip141E1_PlatinumHideIP.exe
[2012/04/03 23:20:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip3217_PlatinumHideIP.exe
[2012/01/30 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip1E306_RealHideIP.exe
[2012/01/30 23:26:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip2F136_RealHideIP.exe
[2012/04/03 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3115C_jZip35E1_RealHideIP.exe
[2012/02/01 11:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip322E5_jZipD37F_RealHideIP.exe
[2012/03/13 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip11215_RealHideIP.exe
[2012/03/13 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip211AF_RealHideIP.exe
[2012/03/13 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip376C_jZip102E6_HideIPEasy.exe
[2012/03/13 11:05:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3B32E_jZip203C_RealHideIP.exe
[2012/04/03 23:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip142D0_PlatinumHideIP.exe
[2012/04/03 23:26:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip5131_PlatinumHideIP.exe
[2011/12/18 12:20:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZip2FB5_PlatinumHideIP.exe
[2011/12/18 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZipA91_PlatinumHideIP.exe
[2012/05/06 11:44:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/04/03 23:55:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Hide IP Easy v5.1.3.8 + Crack (Srkfan-Invicta RG)_Crack_HideIPEasy.exe
[2012/01/30 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Platinum.Hide.IP.3.0.9.2_incl.Cracked.By.ScoRPioN2_CRACK_PlatinumHideIP.exe
[2011/12/18 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlatinumHideIP
[2012/07/22 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2000/12/13 09:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE


:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 3.

Download the adwCleaner

Run the Tool
Windows Vista and Windows 7 users:
Right click in the adwCleaner.exe and select the option
Select the Delete button.
When the scan completes, it will open a notepad windows.
Please, copy the content of this file in your next reply.

Step 4.

Please post:

OTL fix
AdwCleaner log

What are the current remaining issues with your computer?

#9
admin

Posted 25 July 2012 - 11:51 PM

Founder Geek

Community Leader
24,639 posts

Seems OP is having some issues. Via email:

Dear CompCav
I had some problem on your last post
This post is just to make shore you received my last post after the scan
Thank You

#10
CompCav

Posted 26 July 2012 - 05:16 AM

Member 5k

Expert
12,454 posts

@admin,

I sent them a PM that I did not receive an email.

Thanks,

CompCav

#11
diinovo

Posted 26 July 2012 - 07:59 PM

Member

Topic Starter
Member
28 posts

I couldn’t see where to post this on the page, this is why I decided to send like this I just couldn’t find it

The reason for the file I send to You was to show you all the entry of PlatinumHideIP.exe and RealHideIP.exe, in the
folder: C:\ProgramData, and I am wondering if I can delete all of them?

Malwarebytes is installed but not running

Ran OTL scan, a Box popup Saied:
Cannot create file: C:\Windows\System32\Drivers\etc\Host.

OTL bottom of screen Saied:
Resetting Host File do Not interrupt..
It stopped working the desktop screen went Blue color, I waited 20 minutes then I closed OTL and restarted the
computer, on restart the report came up, ""this is notepad scan 1""

On boot up OTL had untallied from the computer, I downloaded OTL and run scan again, this time took 2-3 seconds
and asked to restart, on restart notepad report is Scan 2

""this is notepad scan 1""

Files\Folders moved on Reboot...
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253 scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253 scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253 scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector\searchProtectorSettingsDialog not found!
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al\searchProtector not found!
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb\al not found!
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content\tb not found!
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253\content not found!
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome\CT3072253 not found!
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome not found!
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} not found!
[2012/07/12 05:53:33 | 000,442,125 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=891A0FE8CBDC28453C7C01CAA07AA465

Registry entries deleted on Reboot...
--------------------------------------------------------------------------------------------------------------------------------------

This is Scan 2

All processes killed
Error: Unable to interpret <:OTLIE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://www.searchqu....{searchTerms}IE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value foundIE - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://supertoolbar....e.underscore}FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)[2012/07/22 09:29:35 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}[2011/02/01 19:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Administrator\AppDa> in the current context!
Error: Unable to interpret <ta\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\askcom.xml[2012/01/20 12:30:53 | 000,000,984 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\filestube.xml[2009/02/09 15:05:22 | 000,002,236 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml[2012/01/20 11:34:12 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xmlO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)O3 - HKU\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.O3 - HK> in the current context!
Error: Unable to interpret <U\S-1-5-21-2411852452-117403543-12125213-500\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.[2012/07/22 09:23:23 | 000,895,376 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Administrator\Desktop\uTorrent.exe[2012/06/19 13:14:03 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8510DB6088.sys[2012/03/13 11:11:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AutoHideIP[2012/01/30 23:11:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZip21F0_RealHideIP.exe[2012/01/30 23:10:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZipF38_RealHideIP.exe[2012/03/17 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip152_RealHideIP.exe[2012/03/17 13:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_A> in the current context!
Error: Unable to interpret <DMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip1C1F2_RealHideIP.exe[2011/12/24 12:11:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip10113_PlatinumHideIP.exe[2011/12/24 12:15:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip16361_PlatinumHideIP.exe[2011/12/24 12:18:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip20166_PlatinumHideIP.exe[2011/12/24 12:13:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip213D0_PlatinumHideIP.exe[2011/12/24 12:17:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip2523B_PlatinumHideIP.exe[2011/12/24 13:00:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Loc> in the current context!
Error: Unable to interpret <al_Temp_jZip_jZip1A44_jZip15199_PlatinumHideIP.exe[2011/12/24 12:59:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip152D4_PlatinumHideIP.exe[2011/12/24 12:58:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip1C3C4_PlatinumHideIP.exe[2012/04/07 14:29:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1B394_jZip2F272_HideIPEasy.exe[2012/03/13 10:56:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25279_jZipC396_RealHideIP.exe[2012/04/03 23:49:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip1A21_HideIPEasy.exe[2012/04/03 23:47:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip22> in the current context!
Error: Unable to interpret <3C1_HideIPEasy.exe[2012/04/03 23:47:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip3747_HideIPEasy.exe[2011/12/24 12:48:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip151F0_PlatinumHideIP.exe[2011/12/24 12:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip171D7_PlatinumHideIP.exe[2011/12/24 12:46:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1826F_PlatinumHideIP.exe[2011/12/24 12:47:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1BD8_PlatinumHideIP.exe[2011/12/24 12:44:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip24320_PlatinumHideIP.ex> in the current context!
Error: Unable to interpret <e[2011/12/24 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip28B7_PlatinumHideIP.exe[2011/12/24 12:50:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip2A2A0_PlatinumHideIP.exe[2011/12/24 12:42:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip3A257_PlatinumHideIP.exe[2012/04/03 23:14:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip141E1_PlatinumHideIP.exe[2012/04/03 23:20:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip3217_PlatinumHideIP.exe[2012/01/30 23:26:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip1E306_RealHideIP.exe[2012/01/30 23:> in the current context!
Error: Unable to interpret <26:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip2F136_RealHideIP.exe[2012/04/03 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3115C_jZip35E1_RealHideIP.exe[2012/02/01 11:14:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip322E5_jZipD37F_RealHideIP.exe[2012/03/13 12:16:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip11215_RealHideIP.exe[2012/03/13 12:15:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip211AF_RealHideIP.exe[2012/03/13 11:01:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip376C_jZip102E6_HideIPEasy.exe[2012/03/13 11:05:32 | 000,000,000 | ---D | M] -- C:> in the current context!
Error: Unable to interpret <\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3B32E_jZip203C_RealHideIP.exe[2012/04/03 23:25:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip142D0_PlatinumHideIP.exe[2012/04/03 23:26:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip5131_PlatinumHideIP.exe[2011/12/18 12:20:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZip2FB5_PlatinumHideIP.exe[2011/12/18 12:20:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZipA91_PlatinumHideIP.exe[2012/05/06 11:44:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite[2012/04/03 23:55:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Hide IP Easy v5.1.3.8 + Cra> in the current context!
Error: Unable to interpret <ck (Srkfan-Invicta RG)_Crack_HideIPEasy.exe[2012/01/30 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Platinum.Hide.IP.3.0.9.2_incl.Cracked.By.ScoRPioN2_CRACK_PlatinumHideIP.exe[2011/12/18 12:21:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PlatinumHideIP[2012/07/22 14:06:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent[2000/12/13 09:28:42 | 000,030,068 | ---- | M] () -- C:\FIXKRIZ.EXE> in the current context!
Error: Unable to interpret <:filesipconfig /flushdns /c:reg:Commands[purity][resethosts][emptytemp][createrestorepoint> in the current context!

OTL by OldTimer - Version 3.2.54.1 log created on 07242012_154047

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
---------------------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v1.703 - Logfile created 07/24/2012 at 15:48:12
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Administrator - KHAN
# Running from : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\searchquband
Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\prefs.js

Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("CT3072253.autoDisableScopes", 0);

*************************

AdwCleaner[S1].txt - [2376 octets] - [24/07/2012 15:48:12]

########## EOF - C:\AdwCleaner[S1].txt - [2504 octets] ##########
------------------------------------------------------------------------------------------------------------------------------------------

Additional Note

When I try to open a picture it takes very long time to open also some other files,
it seems it cannot find it, also when I tray to open a file the desktop Icon flash
and disappear for a second and reappear again, just like when you install new
Programs, I do not know why it does that.

my internet frizzes at times, last night after surfing the net a bit I closed
internet and re-opened again, the page would not connect to Google, it is my
Search page, after 3-4 go, I had to open a link from my favorites, it also freezes
occasionally frequent, the pages remain stack on screen when you close, at
times it dregs on screen living the screen covered
it may be nothing but I tell you just in case it dose

#12
CompCav

Posted 26 July 2012 - 08:07 PM

Member 5k

Expert
12,454 posts

The reason for the file I send to You was to show you all the entry of PlatinumHideIP.exe and RealHideIP.exe, in the
folder: C:\ProgramData, and I am wondering if I can delete all of them?

That is what the fix was supposed to do. Howevever you did not copy all of the contents of the box correctly and the fix did not work. Please download the attached file, Fix.txt and save it to your desktop.

fix.txt 9.71KB 104 downloads
Now re open OTL.
Click Run Fix.
A dialogue box will open find the file fix.txt that is in the box, click on it, and then click open.
Click Fix again and let it run then post the log it produces.

#13
diinovo

Posted 26 July 2012 - 10:07 PM

Member

Topic Starter
Member
28 posts

I ran scan
it stopped working desktop icon disappeared and with a blue screen
a box popped up saying:
Cannot create file
C:\windows\system32\drivers\etc\Host

In the OTL Custom Scan/fixes:
the following message:
[resetHosts]
[emptytemp]

I restarted computer

I ran scan second time same result.
There is no report
Thank You

#14
CompCav

Posted 26 July 2012 - 10:17 PM

Member 5k

Expert
12,454 posts

OK I have removed the reset hosts from the fix.

fix.txt 9.69KB 121 downloads
Please download this one fix.txt and run it. using the instructions above.

#15
diinovo

Posted 26 July 2012 - 11:11 PM

Member

Topic Starter
Member
28 posts

Dear CompCav
Sorry for the delay I had to be away from the PC
Here is the result of the scan, no problems, the scan completed successful
Thank You

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry value HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
Registry key HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: avg@toolbar:9.0.0.22 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1\ not found.
File C:\Windows\system32\npDeployJava1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1\ not found.
File C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll not found.
Folder C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\askcom.xml not found.
File C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\knjvk5v2.default\searchplugins\filestube.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\askcom.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
File C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll not found.
Registry value HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-2411852452-117403543-12125213-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Users\Administrator\Desktop\uTorrent.exe not found.
File C:\ProgramData\8510DB6088.sys not found.
Folder C:\Users\Administrator\AppData\Roaming\AutoHideIP\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZip21F0_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip133C9_jZipF38_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip152_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip14144_jZip1C1F2_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip10113_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip16361_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip20166_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip213D0_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip192F_jZip2523B_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip15199_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip152D4_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1A44_jZip1C3C4_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip1B394_jZip2F272_HideIPEasy.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25279_jZipC396_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip1A21_HideIPEasy.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip223C1_HideIPEasy.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip25B4_jZip3747_HideIPEasy.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip151F0_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip171D7_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1826F_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip1BD8_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip24320_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip28B7_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip2A2A0_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2814D_jZip3A257_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip141E1_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2C118_jZip3217_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip1E306_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip2D140_jZip2F136_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3115C_jZip35E1_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip322E5_jZipD37F_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip11215_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip342F9_jZip211AF_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip376C_jZip102E6_HideIPEasy.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip3B32E_jZip203C_RealHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip142D0_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZip7333_jZip5131_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZip2FB5_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\C__Users_ADMINI~1_AppData_Local_Temp_jZip_jZipAD7_jZipA91_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite\ not found.
Folder C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Hide IP Easy v5.1.3.8 + Crack (Srkfan-Invicta RG)_Crack_HideIPEasy.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\F__NEW PROGRAMS_Hide IP_Platinum.Hide.IP.3.0.9.2_incl.Cracked.By.ScoRPioN2_CRACK_PlatinumHideIP.exe\ not found.
Folder C:\Users\Administrator\AppData\Roaming\PlatinumHideIP\ not found.
Folder C:\Users\Administrator\AppData\Roaming\uTorrent\ not found.
File C:\FIXKRIZ.EXE not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 338931463 bytes
->Temporary Internet Files folder emptied: 602589397 bytes
->Java cache emptied: 552652 bytes
->FireFox cache emptied: 72057333 bytes
->Flash cache emptied: 25556 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99226057 bytes
RecycleBin emptied: 7770044173 bytes

Total Files Cleaned = 8,472.00 mb

OTL by OldTimer - Version 3.2.54.1 log created on 07272012_145720

Files\Folders moved on Reboot...
File\Folder C:\Users\Administrator\AppData\Local\Temp\~DF05E07D37586D5F32.TMP not found!
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5D758D75-B501-4416-96D0-49BC1AB6714A}.tmp moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1G9I7VC\md[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1G9I7VC\open[1].bmp moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\clk[5].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\clk[6].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[1] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[2] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[6] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[7] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[8] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\clk[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\clk[2].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\st[3] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\st[4] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PQP5LLA\st[5] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PQP5LLA\st[6] moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H0R65CS\clk[3].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H0R65CS\fastbutton[2].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H0R65CS\fc[6].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Administrator\AppData\Local\Temp\~DF05E07D37586D5F32.TMP not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5D758D75-B501-4416-96D0-49BC1AB6714A}.tmp not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1G9I7VC\md[1].htm not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X1G9I7VC\open[1].bmp not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\clk[5].htm not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\clk[6].htm not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[1] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[2] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[6] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[7] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMA61DHG\st[8] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\clk[1].htm not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\clk[2].htm not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\st[3] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT1FPCOY\st[4] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PQP5LLA\st[5] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6PQP5LLA\st[6] not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H0R65CS\clk[3].htm not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H0R65CS\fastbutton[2].htm not found!
File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H0R65CS\fc[6].htm not found!

Registry entries deleted on Reboot...