* I search all over the forum but i didn't find payment link! If any admin read this please send me the link. I will pay for your help
RKreport[1]
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Scan -- Date : 08/28/2012 21:19:19
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys --> CANNOT FIX
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys --> CANNOT FIX
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys --> CANNOT FIX
[Faked.Drv][FILE] fltmgr.sys : C:\WINDOWS\system32\drivers\fltmgr.sys --> CANNOT FIX
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys --> CANNOT FIX
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys --> CANNOT FIX
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys --> CANNOT FIX
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys --> CANNOT FIX
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys --> CANNOT FIX
[Faked.Drv][FILE] w200bus.sys : C:\WINDOWS\system32\drivers\w200bus.sys --> CANNOT FIX
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 axandra.com
127.0.0.1 www.axandra.com
127.0.0.1 keywordindex.com
127.0.0.1 www.keywordindex.com
127.0.0.1 www.ibusinesspromoter.com
127.0.0.1 ibusinesspromoter.com
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HDT722516DLA380 +++++
--- User ---
[MBR] 0f92897fe7c38efb29c1d45122891fc4
[BSP] dba266b48ebbf4f4394ee039f2f3972b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 116094 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RKreport[2]
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Remove -- Date : 08/28/2012 21:19:56
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
[Faked.Drv][FILE] ati1rvxx.sys : C:\WINDOWS\system32\drivers\ati1rvxx.sys --> CANNOT FIX
[Faked.Drv][FILE] ati2mtaa.sys : C:\WINDOWS\system32\drivers\ati2mtaa.sys --> CANNOT FIX
[Faked.Drv][FILE] atinxsxx.sys : C:\WINDOWS\system32\drivers\atinxsxx.sys --> CANNOT FIX
[Faked.Drv][FILE] cdfs.sys : C:\WINDOWS\system32\drivers\cdfs.sys --> CANNOT FIX
[Faked.Drv][FILE] cdrom.sys : C:\WINDOWS\system32\drivers\cdrom.sys --> CANNOT FIX
[Faked.Drv][FILE] fltmgr.sys : C:\WINDOWS\system32\drivers\fltmgr.sys --> CANNOT FIX
[Faked.Drv][FILE] mf.sys : C:\WINDOWS\system32\drivers\mf.sys --> CANNOT FIX
[Faked.Drv][FILE] mrxsmb.sys : C:\WINDOWS\system32\drivers\mrxsmb.sys --> CANNOT FIX
[Faked.Drv][FILE] mtlstrm.sys : C:\WINDOWS\system32\drivers\mtlstrm.sys --> CANNOT FIX
[Faked.Drv][FILE] nic1394.sys : C:\WINDOWS\system32\drivers\nic1394.sys --> CANNOT FIX
[Faked.Drv][FILE] nwlnknb.sys : C:\WINDOWS\system32\drivers\nwlnknb.sys --> CANNOT FIX
[Faked.Drv][FILE] rdpdr.sys : C:\WINDOWS\system32\drivers\rdpdr.sys --> CANNOT FIX
[Faked.Drv][FILE] serial.sys : C:\WINDOWS\system32\drivers\serial.sys --> CANNOT FIX
[Faked.Drv][FILE] slnt7554.sys : C:\WINDOWS\system32\drivers\slnt7554.sys --> CANNOT FIX
[Faked.Drv][FILE] w200bus.sys : C:\WINDOWS\system32\drivers\w200bus.sys --> CANNOT FIX
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 axandra.com
127.0.0.1 www.axandra.com
127.0.0.1 keywordindex.com
127.0.0.1 www.keywordindex.com
127.0.0.1 www.ibusinesspromoter.com
127.0.0.1 ibusinesspromoter.com
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
74.125.93.191 imnuke.net
74.125.93.191 www.imnuke.net
74.125.93.191 senuke.biz
74.125.93.191 www.senuke.biz
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: HDT722516DLA380 +++++
--- User ---
[MBR] 0f92897fe7c38efb29c1d45122891fc4
[BSP] dba266b48ebbf4f4394ee039f2f3972b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40962 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83891430 | Size: 116094 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RKreport[3]
RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : User [Admin rights]
Mode : Shortcuts HJfix -- Date : 08/28/2012 21:21:47
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 7 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 13 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 55 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 380 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[F:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[G:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\CdRom1 -- 0x5 --> Skipped
[I:] \Device\IsoCdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
OLT
OTL logfile created on: 8/28/2012 9:24:50 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.88% Memory free
3.85 Gb Paging File | 3.55 Gb Available in Paging File | 92.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 20.91 Gb Free Space | 52.27% Space Free | Partition Type: NTFS
Drive D: | 63.99 Gb Total Space | 10.11 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 2.52 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
Drive F: | 38.13 Gb Total Space | 2.30 Gb Free Space | 6.03% Space Free | Partition Type: NTFS
Computer Name: DOOM3CXD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/28 14:20:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/22 16:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/12/02 17:01:46 | 003,284,992 | ---- | M] (SoftPerfect) -- C:\Program Files\NetWorx\networx.exe
PRC - [2011/08/12 05:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/07 18:26:09 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
MOD - [2011/09/17 12:18:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll
MOD - [2005/02/16 00:44:24 | 000,412,672 | ---- | M] () -- C:\Program Files\WinUHA\shellwinuha.dll
========== Services (SafeList) ==========
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/20 01:11:48 | 000,529,232 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/22 16:14:16 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/08 10:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/12 05:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Unavailable | Unknown] -- Device\HarddiskVolume1\Program Files\RingCube\MojoPac\Program Files\RingThree\bin\pvm.sys -- (pvm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/24 15:28:36 | 000,340,624 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos)
DRV - [2012/04/11 17:03:33 | 000,154,464 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt)
DRV - [2012/03/22 16:14:14 | 000,134,416 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012/03/01 16:30:37 | 000,130,664 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\setupinformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\bdselfpr.sys -- (bdselfpr)
DRV - [2011/07/22 22:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 03:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 05:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/05/24 17:10:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2007/06/22 18:14:40 | 004,432,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/03/12 14:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [2006/11/07 14:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006/11/07 14:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt)
DRV - [2006/11/07 14:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006/11/07 14:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006/11/07 14:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus)
DRV - [2004/08/04 04:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsea...q={searchterms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\prxtbBS_P.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspo...q={searchTerms}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsea...q={searchterms}
IE - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Fastest"
FF - prefs.js..browser.search.defaulturl: "http://fastestwebsea...={searchTerms}"
FF - prefs.js..browser.search.order.1: "http://fastestwebsea...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Fastest"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://fastestwebsea....com/search?q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 16:51:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012/04/20 21:10:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/08/26 23:45:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions
[2012/07/26 20:37:24 | 000,000,000 | ---D | M] (Lightshot (screenshot tool)) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\{394DCBA4-1F92-4f8e-8EC9-8D2CB90CB69B}
[2012/04/20 22:14:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/08/13 13:10:38 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\extensions\[email protected]
[2012/05/09 11:48:42 | 000,002,095 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\google.xml
[2012/06/18 22:46:07 | 000,001,344 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\madura.xml
[2012/05/24 23:00:34 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\nfbnftqa.default\searchplugins\torrentz.xml
[2012/04/20 21:10:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 22:43:39 | 000,089,442 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.XPI
[2012/04/25 04:45:37 | 000,010,606 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\{E8F509F0-B677-11DE-8A39-0800200C9A66}.XPI
[2012/05/09 11:47:27 | 000,025,781 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 11:50:49 | 000,617,362 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/08/13 12:07:26 | 000,032,816 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/04/21 11:50:49 | 000,021,356 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NFBNFTQA.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 16:51:08 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/21 07:32:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/25 17:09:20 | 000,005,859 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fastestwebsearch.xml
[2012/06/21 07:32:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/26 06:48:23 | 000,005,142 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wchoppers.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\npBFHUpdater.dll
CHR - plugin: EA Battlefield Heroes Updater (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.137.0_0\BFHUpdater.exe
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Rollercoaster Creator = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckhihkbbcgehhpibkdcanlmkhhokabde\1.5_0\
CHR - Extension: Webpage Screenshot = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\
CHR - Extension: Monster Dash = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.1.288_0\
CHR - Extension: Build a Robot = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkifjkfdmacgkhldodeohbhcknoijpeo\1.1_0\
CHR - Extension: Penguin Combat = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehoglceicemjdngkmfgpdamgglhediod\2.0.0_0\
CHR - Extension: Master Blaster = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\glijjfcpolilajfhpfjgohbbogficana\4.0.0_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: Gun Blood = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifphbghhodpimajnjejgjlfcjmnnkhci\4.0.0_0\
CHR - Extension: Virtual Keyboard = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.1.288_0\
CHR - Extension: Isoball = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kejjemnehdnkjkjnjbiilhlpnbliolhf\2.0.0_0\
CHR - Extension: Cargo Bridge: Xmas level pack = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncdcclndkdgngndhjfccoabooegcgamk\1.0.1_0\
CHR - Extension: Jailbreak Rush = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncfiimlbhgllinjmkfjpikokpedpdbae\4.0.0_0\
CHR - Extension: Running = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pibmbphgclmikgclcjlfnlepeofhcffm\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.1.288_0\
O1 HOSTS File: ([2012/08/19 22:32:29 | 000,001,262 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 axandra.com
O1 - Hosts: 127.0.0.1 www.axandra.com
O1 - Hosts: 127.0.0.1 keywordindex.com
O1 - Hosts: 127.0.0.1 www.keywordindex.com
O1 - Hosts: 127.0.0.1 www.ibusinesspromoter.com
O1 - Hosts: 127.0.0.1 ibusinesspromoter.com
O1 - Hosts: 74.125.93.191 imnuke.net
O1 - Hosts: 74.125.93.191 www.imnuke.net
O1 - Hosts: 74.125.93.191 senuke.biz
O1 - Hosts: 74.125.93.191 www.senuke.biz
O1 - Hosts: 74.125.93.191 imnuke.net
O1 - Hosts: 74.125.93.191 www.imnuke.net
O1 - Hosts: 74.125.93.191 senuke.biz
O1 - Hosts: 74.125.93.191 www.senuke.biz
O1 - Hosts: 74.125.93.191 imnuke.net
O1 - Hosts: 74.125.93.191 www.imnuke.net
O1 - Hosts: 74.125.93.191 senuke.biz
O1 - Hosts: 74.125.93.191 www.senuke.biz
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\Toolbar\ShellBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\prxtbBS_P.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\prxtbBS_P.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect)
O4 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003..\Run: [BitTorrent] F:\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/11/03 12:09:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\.\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
System Restore Service not available.
========== Files/Folders - Created Within 30 Days ==========
[2012/08/28 20:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\RK_Quarantine
[2012/08/28 20:25:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\User\Recent
[2012/08/28 18:13:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2012/08/28 18:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\SUPERAntiSpyware
[2012/08/28 18:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/08/28 18:12:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/28 17:59:15 | 000,000,000 | --SD | C] -- D:\My Documents\Passwords Database
[2012/08/28 17:24:44 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/28 17:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2012/08/28 17:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/28 17:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/28 17:23:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/28 17:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/28 17:19:08 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/28 17:18:42 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2012/08/28 17:13:50 | 017,246,464 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/08/28 14:24:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\User\Desktop\Crokiroz
[2012/08/28 14:20:11 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/28 13:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/08/28 13:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/28 13:38:11 | 003,927,560 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup322.exe
[2012/08/27 12:23:18 | 000,000,000 | R--D | C] -- C:\Backup
[2012/08/27 12:21:27 | 000,039,352 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2012/08/27 12:21:26 | 000,088,632 | ---- | C] (Infowatch) -- C:\WINDOWS\System32\drivers\CSCrySec.sys
[2012/08/27 10:30:04 | 000,339,320 | ---- | C] (Hide My IP) -- C:\WINDOWS\System32\HMIPCore.dll
[2012/08/25 01:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\WinRAR
[2012/08/25 01:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/08/22 20:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\Skillbrains
[2012/08/22 20:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Start Menu\Programs\LightShot
[2012/08/22 20:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\Skillbrains
[2012/08/22 09:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\RankBuilderNEO
[2012/08/21 19:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\SN
[2012/08/14 19:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\bizarre creations
[2012/08/12 22:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\THQ
[2012/08/12 15:37:08 | 000,000,000 | ---D | C] -- D:\My Documents\Ubisoft
[2012/08/12 15:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Babel Rising
[2012/08/10 22:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012/08/10 22:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
[2012/08/08 21:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\LOVE
[2012/08/04 05:02:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\AVG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/28 21:03:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 20:07:28 | 001,182,305 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Virus change my Paypal , Ebay and Email passwords [$30 to any one - Geeks to Go Forums.mht
[2012/08/28 20:05:24 | 001,320,960 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2012/08/28 18:19:25 | 004,138,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/28 18:12:52 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/28 18:10:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\photostageShakeIcon.job
[2012/08/28 17:23:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 17:22:32 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/28 17:18:00 | 017,246,464 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2012/08/28 17:13:33 | 002,193,345 | ---- | M] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2012/08/28 14:20:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2012/08/28 14:10:50 | 001,400,758 | ---- | M] () -- C:\Documents and Settings\User\Desktop\1.bmp
[2012/08/28 13:46:28 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/28 13:45:49 | 003,927,560 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup322.exe
[2012/08/28 12:18:11 | 000,364,386 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SLT Router Settings.bmp
[2012/08/28 04:21:46 | 000,611,350 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Reports.zip
[2012/08/28 03:47:56 | 000,002,026 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/08/28 01:39:26 | 000,239,167 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Support ticket.png
[2012/08/27 11:04:36 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\User\SecurityKISSTunnel.config
[2012/08/27 10:14:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/27 02:01:45 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/08/26 23:03:46 | 000,000,765 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Reports.lnk
[2012/08/26 21:22:08 | 000,006,083 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Screenshot_1.jpg
[2012/08/26 16:15:04 | 000,139,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/08/26 16:14:35 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2012/08/26 10:22:00 | 000,270,240 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2012/08/25 19:05:29 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2012/08/24 09:21:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/08/23 21:57:17 | 004,475,264 | ---- | M] () -- D:\My Documents\Logo Types.jpg
[2012/08/23 10:45:43 | 000,305,334 | ---- | M] () -- D:\My Documents\Redeem magic Point.bmp
[2012/08/23 01:42:48 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2012/08/22 20:26:34 | 000,000,844 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\UserProducts.xml
[2012/08/21 17:19:39 | 000,092,672 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/20 17:33:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\User\Desktop\TDSSKiller.exe
[2012/08/12 01:53:00 | 004,675,803 | ---- | M] () -- D:\My Documents\timeanalsex3GP_e0a0_w_2.3gp
[2012/08/10 17:19:23 | 000,678,956 | ---- | M] () -- D:\My Documents\Skyline Car.jpg
[2012/08/04 22:20:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/28 20:07:27 | 001,182,305 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Virus change my Paypal , Ebay and Email passwords [$30 to any one - Geeks to Go Forums.mht
[2012/08/28 20:05:18 | 001,320,960 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RogueKiller.exe
[2012/08/28 18:18:57 | 004,138,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/28 18:12:52 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/28 17:23:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/28 17:12:57 | 002,193,345 | ---- | C] () -- C:\Documents and Settings\User\Desktop\tdsskiller.zip
[2012/08/28 14:10:50 | 001,400,758 | ---- | C] () -- C:\Documents and Settings\User\Desktop\1.bmp
[2012/08/28 13:46:28 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/08/28 12:18:11 | 000,364,386 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SLT Router Settings.bmp
[2012/08/28 04:21:46 | 000,611,350 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Reports.zip
[2012/08/28 01:39:17 | 000,239,167 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Support ticket.png
[2012/08/26 21:22:08 | 000,006,083 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Screenshot_1.jpg
[2012/08/23 21:57:17 | 004,475,264 | ---- | C] () -- D:\My Documents\Logo Types.jpg
[2012/08/23 10:45:43 | 000,305,334 | ---- | C] () -- D:\My Documents\Redeem magic Point.bmp
[2012/08/23 01:25:02 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS5 Prefs
[2012/08/22 20:26:31 | 000,000,844 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\UserProducts.xml
[2012/08/12 01:50:13 | 004,675,803 | ---- | C] () -- D:\My Documents\timeanalsex3GP_e0a0_w_2.3gp
[2012/08/10 17:19:40 | 000,678,956 | ---- | C] () -- D:\My Documents\Skyline Car.jpg
[2012/07/24 18:43:37 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2012/07/24 18:43:31 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2012/07/24 18:41:50 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2012/07/15 16:34:25 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\BReWErS.dll
[2012/07/13 18:58:09 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2012/06/30 12:20:19 | 000,074,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341037210.bdinstall.bin
[2012/06/30 11:34:19 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.2952.bin
[2012/06/30 11:23:34 | 000,009,645 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.288.bin
[2012/06/30 11:23:34 | 000,008,478 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.708.bin
[2012/06/30 11:23:30 | 000,013,884 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.168.bin
[2012/06/30 11:23:30 | 000,007,400 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.352.bin
[2012/06/30 11:23:30 | 000,003,042 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.4084.bin
[2012/06/30 11:23:30 | 000,001,089 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.236.bin
[2012/06/30 11:23:30 | 000,001,089 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.212.bin
[2012/06/30 11:23:20 | 000,244,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.3272.bin
[2012/06/30 11:23:18 | 000,008,171 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.3900.bin
[2012/06/30 11:23:15 | 000,179,132 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1341033795.3812.bin
[2012/06/07 18:05:17 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2012/04/13 20:12:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\EQ3D.ini
[2012/04/09 15:22:44 | 002,577,776 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_heroes.exe
[2012/04/09 10:58:37 | 000,217,927 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333947356.bdinstall.bin
[2012/04/09 10:35:55 | 000,160,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333945908.bdinstall.bin
[2012/04/09 10:35:39 | 000,021,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333946134.bdinstall.bin
[2012/04/09 10:31:48 | 000,030,683 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333945907.bdinstall.bin
[2012/04/09 00:54:27 | 000,021,528 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911263.bdinstall.bin
[2012/04/09 00:53:41 | 000,021,361 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911217.bdinstall.bin
[2012/04/09 00:50:24 | 000,008,560 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.480.bin
[2012/04/09 00:50:24 | 000,005,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.1800.bin
[2012/04/09 00:50:24 | 000,001,462 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.3172.bin
[2012/04/09 00:50:23 | 000,037,327 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333911023.3376.bin
[2012/04/08 20:12:34 | 001,189,963 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333886719.bdinstall.bin
[2012/04/08 15:25:51 | 000,207,810 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1333876802.bdinstall.bin
[2012/04/07 14:35:08 | 000,002,026 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/04/07 09:37:14 | 000,135,240 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/29 21:00:26 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\User\Application Data\burnaware.ini
[2012/03/26 19:27:37 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\User\SecurityKISSTunnel.config
[2012/03/12 13:47:14 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2012/03/01 23:11:47 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\User\Application Data\PnkBstrK.sys
[2012/02/27 14:24:35 | 003,640,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-1343024091-725345543-1003-0.dat
[2012/02/20 04:49:23 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\Sx5363.ini
[2012/02/18 09:47:43 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\User\jagex_cl_runescape_LIVE.dat
[2012/02/18 09:47:43 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\User\random.dat
[2012/02/14 03:17:07 | 000,592,214 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/23 12:36:24 | 000,101,389 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327300490.bdinstall.bin
[2012/01/23 12:34:50 | 000,029,684 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327300489.bdinstall.bin
[2012/01/23 12:11:38 | 000,908,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1327295356.bdinstall.bin
[2012/01/10 09:30:05 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\WebpageIcons.db
[2011/12/08 12:21:25 | 002,307,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/08 01:50:34 | 000,092,672 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 01:05:35 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/12/02 09:33:52 | 000,000,252 | ---- | C] () -- C:\WINDOWS\comsoltof.dll
[2011/11/24 11:07:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2011/11/23 17:11:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011/11/20 19:07:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2011/11/20 19:07:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2011/11/20 19:07:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bsrlback.dll
[2011/11/20 19:07:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\bsreffs.dll
[2011/11/20 19:07:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\bsrgvas.dll
[2011/11/20 19:07:00 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool2.dat
[2011/11/20 19:06:43 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2011/11/20 19:06:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2011/11/13 16:03:30 | 000,134,120 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2011/11/08 20:05:16 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\winecf83_va.dll
[2011/11/04 10:49:51 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2011/11/03 17:54:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/11/03 14:34:33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/11/03 14:34:33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/11/03 14:34:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/11/03 14:34:20 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/11/03 14:29:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/11/03 14:26:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/03 12:11:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 12:05:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 04:56:50 | 000,024,244 | ---- | C] () -- C:\Documents and Settings\User\Application Data\fix.dat
========== LOP Check ==========
[2011/12/05 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AutoHideIP
[2011/12/15 11:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/08 19:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDLogging
[2012/02/25 18:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bimesoft
[2012/04/07 15:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DYA_JENITHPWDSSGROCHQ
[2012/04/23 17:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPS
[2012/04/07 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\framezoo.com
[2012/06/25 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/01/07 08:31:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\install_clap
[2012/05/09 20:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaskMyIP
[2012/07/02 11:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTA San Andreas All
[2012/01/07 17:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDVD
[2012/03/23 00:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlatinumHideIP
[2011/11/08 14:32:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/07/24 08:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com(2).adobe
[2012/03/12 13:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/20 11:53:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RELOADED
[2011/11/23 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G5
[2012/03/24 23:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sincell
[2011/12/31 09:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect
[2012/06/07 15:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Synetic
[2012/04/07 15:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/03/19 11:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{A8354D97-4791-4302-9B19-7A7686B5F231}
[2011/11/12 09:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Opera
[2012/01/23 12:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan
[2012/04/09 03:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\(null)
[2012/02/01 17:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\3DeadZed
[2011/12/19 00:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Affilorama
[2011/11/08 18:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Aleo Software
[2012/02/16 12:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Artisteer
[2011/12/05 19:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AutoHideIP
[2012/08/04 05:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVG
[2012/08/28 21:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2012/01/22 14:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer
[2011/11/03 22:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BSplayer Pro
[2011/11/29 17:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bullet Train
[2012/07/22 22:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/09 09:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/12/08 02:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DeepBurner
[2012/03/04 09:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2012/04/07 15:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DYA_JENITHPWDSSGROCHQ
[2012/08/01 11:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EurekaLog
[2011/11/22 11:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\EyesKeeper
[2012/03/21 21:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileZilla
[2012/04/07 14:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\framezoo.com
[2012/03/30 23:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2011/11/04 10:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2011/12/04 13:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HU2011
[2012/08/28 04:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IBP
[2012/03/30 16:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IFViewer
[2012/07/13 19:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IgniteSEO
[2012/02/26 11:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Immunet
[2011/12/07 18:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InfraRecorder
[2012/01/12 13:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IrfanView
[2012/04/08 12:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Jycyep
[2012/04/12 21:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Keyword Research Pro
[2012/08/08 21:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LOVE
[2011/11/20 19:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ManyCam
[2012/04/07 02:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/05/09 20:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MaskMyIP
[2012/03/18 10:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MAXON
[2012/02/01 22:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Molura
[2011/12/29 09:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Movie Cartoonizer Default Project
[2011/12/15 11:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ObviousIdea
[2011/11/03 13:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2012/07/11 13:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2012/07/12 08:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PaRaMeter
[2012/03/23 00:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PlatinumHideIP
[2012/01/23 11:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\QuickScan
[2011/11/23 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\River Past G5
[2012/03/05 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Rovio
[2012/03/18 01:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ScrapeBox Link Checker Free Edition
[2012/07/12 07:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SimpleSEO
[2012/03/24 23:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Sincell
[2012/06/16 20:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spiritsoft
[2012/01/20 00:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StarBurn
[2012/04/07 10:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\StealthKeywordDigger
[2012/08/10 22:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SystemRequirementsLab
[2012/03/29 22:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thinstall
[2012/07/14 13:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2012/06/15 10:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Titanium
[2012/01/09 04:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubot
[2012/02/27 11:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\UBot Studio
[2012/04/04 14:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile1138848
[2012/04/04 14:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile1192131
[2012/01/12 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile1821437
[2012/04/04 14:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile2434676
[2012/01/09 14:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ubotcompile9004520
[2012/03/21 17:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\wargaming.net
[2011/11/23 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Watermark Master
[2012/06/17 18:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WikiBomber
[2012/02/29 23:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WinHKI
[2012/02/01 22:32:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Application Data\wyUpdate AU
[2012/03/23 09:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ylnoj
[2012/08/28 18:10:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 04:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: QMGR.DLL >
[2004/08/04 04:56:46 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll
< MD5 for: SERVICES >
[2001/08/23 18:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services
< MD5 for: SERVICES.CFG >
[2011/09/05 23:04:56 | 000,584,808 | ---- | M] () MD5=B3B25937514C772FD2490108B91CE17F -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
< MD5 for: SERVICES.EXE >
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/14 05:42:36 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\system32\services.exe
[2004/08/04 04:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SERVICES.LNK >
[2011/12/07 18:17:01 | 000,001,602 | ---- | M] () MD5=CF3033AA7516223BEB0E9AE105C8CB06 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk
< MD5 for: SERVICES.MSC >
[2001/08/23 18:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc
< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 04:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: USERINIT.EXE >
[2004/08/04 04:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 04:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2008/04/14 05:42:06 | 000,399,360 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/14 05:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1
========== Alternate Data Streams ==========
@Alternate Data Stream - 971 bytes -> C:\Documents and Settings\All Users\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPWHLX2KJ0V9TPNT4RFBHCM6JWJFSPF7VB4VPJGF
@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E74A38A2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
< End of report >
Extras
OTL Extras logfile created on: 8/28/2012 9:24:50 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.88% Memory free
3.85 Gb Paging File | 3.55 Gb Available in Paging File | 92.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 20.91 Gb Free Space | 52.27% Space Free | Partition Type: NTFS
Drive D: | 63.99 Gb Total Space | 10.11 Gb Free Space | 15.80% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 2.52 Gb Free Space | 25.16% Space Free | Partition Type: NTFS
Drive F: | 38.13 Gb Total Space | 2.30 Gb Free Space | 6.03% Space Free | Partition Type: NTFS
Computer Name: DOOM3CXD | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- Reg Error: Key error. File not found
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.reg [@ = regfile] -- regedit.exe "%1"
[HKEY_USERS\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- Reg Error: Key error.
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"16880:UDP" = 16880:UDP:*:Enabled:UDP 16880
"19581:TCP" = 19581:TCP:*:Enabled:TCP 19581
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"F:\BitTorrent\BitTorrent.exe" = F:\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Disabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Documents and Settings\User\Application Data\Thinstall\Hotspot Shield 0.941\400000e900002i\Opera.exe" = C:\Documents and Settings\User\Application Data\Thinstall\Hotspot Shield 0.941\400000e900002i\Opera.exe:*:Enabled:Opera -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Disabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Jumpto\Chaos.exe" = C:\Program Files\Jumpto\Chaos.exe:*:Disabled:Chaos Runtime -- ()
"E:\Editer Pack\Audio\Converter\AudioConverter.exe" = E:\Editer Pack\Audio\Converter\AudioConverter.exe:*:Disabled:River Past Audio Converter Pro -- (River Past Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01A59055-E819-4881-9BF6-9AB13C05C44F}_is1" = Easy Auto Spinner version 1.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2367FAB6-055A-4923-835F-F57F7BBBA363}_is1" = Paint XP version 1.1
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1" = Rainbow Folders
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-2.6.5.55
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DD66600-791E-4A11-8E6C-2AB6AFB9C809}" = Tukanas Hits Generator
"{3F424493-B0F2-43A4-A892-DFA447B2A59D}" = STK02N 2.4.1
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{844D3882-9D82-4FCB-BED9-0862D05DAA6C}" = Comment Blaster
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare 1.5 Patch
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{910772F0-99D0-4476-B38F-95FC03B8A246}" = SEO Link Robot Pro 2.2.0.0
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62233FD-C1D9-4AA5-8E91-A1FB0376A1E0}" = Jumpto
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0000C3B-FD74-4E5F-B574-CA4AB150E86F}" = Angry Birds
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Babel Rising_is1" = Babel Rising
"BitTorrent" = BitTorrent
"BSPlayerf" = BS.Player FREE
"BSRScreenRecorder5" = BSR Screen Recorder 5
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ColorPic" = ColorPic
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crash Time 4 - The Syndicate_is1" = Crash Time 4 - The Syndicate
"Defraggler" = Defraggler
"eToro" = eToro
"FormatFactory" = FormatFactory 2.70
"Foxit PDF Editor" = Foxit PDF Editor
"FxEngine_Framework_is1" = FxEngine Framework 4.8
"Google Chrome" = Google Chrome
"IBP11_is1" = IBP 11.9.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch
"Jumpto" = Jumpto
"Magic Traffic Bot" = Magic Traffic Bot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"NetWorx_is1" = NetWorx 5.2.1
"No Hands SEO" = No Hands SEO
"OpenAL" = OpenAL
"Opera 11.64.1403" = Opera 11.64
"Opera 12.01.1532" = Opera 12.01
"PaRaMeter_is1" = PaRaMeter 1.3
"PhotoStage" = PhotoStage Slideshow Producer
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RankBuilderNEO_is1" = RankBuilderNEO
"Sandboxie" = Sandboxie 3.66 (32-bit)
"Super-AlexaBooster Full" = Super-AlexaBooster v1.10
"UltraISO_is1" = UltraISO Premium V9.52
"Universal Extractor_is1" = Universal Extractor 1.6.1
"VLC media player" = VLC media player 2.0.0
"WackGet" = WackGet (remove only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1202660629-1343024091-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"WatermarkMaster" = Watermark Master (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/8/2012 12:33:35 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 4/8/2012 2:13:36 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 4/8/2012 2:37:32 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 4/8/2012 8:04:50 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 4/8/2012 12:10:18 PM | Computer Name = NEW63 | Source = Application Error | ID = 1000
Description = Faulting application ir-idmaker.exe, version 3.2.0.59, faulting module
msvbvm60.dll, version 6.0.98.15, fault address 0x000d92fe.
Error - 4/8/2012 12:10:26 PM | Computer Name = NEW63 | Source = Application Error | ID = 1000
Description = Faulting application ir-idmaker.exe, version 3.2.0.59, faulting module
msvbvm60.dll, version 6.0.98.15, fault address 0x000e46c5.
Error - 4/8/2012 1:33:19 PM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 4/8/2012 1:48:24 PM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 4/8/2012 11:22:19 PM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
Error - 4/9/2012 12:28:39 AM | Computer Name = NEW63 | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.
[ System Events ]
Error - 8/28/2012 7:55:20 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).
Error - 8/28/2012 8:20:35 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/01/07 08:32:01] service failed to start due
to the following error: %%3
Error - 8/28/2012 8:20:35 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 8/28/2012 9:19:37 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/01/07 08:32:01] service failed to start due
to the following error: %%3
Error - 8/28/2012 9:19:37 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 8/28/2012 10:27:50 AM | Computer Name = DOOM3CXD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 8/28/2012 10:29:15 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7000
Description = The Power Control [2012/01/07 08:32:01] service failed to start due
to the following error: %%3
Error - 8/28/2012 10:29:15 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
Error - 8/28/2012 11:03:25 AM | Computer Name = DOOM3CXD | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 8/28/2012 11:04:50 AM | Computer Name = DOOM3CXD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
i8042prt
< End of report >
Sorry for 2 threads! Can access the last account
* I know where i infect, I can give it if you want that to help me
SUPERAntiSpyware Show 12 treats --> Removed --> Reboot --> Scan again --> same 12 virus back
Malwarebytes Show 9 treats --> Removed --> Reboot --> Scan again --> same 9 virus back
ks pure 2.0 Show 20 treats --> Removed --> Reboot --> Scan again --> same 20 virus back
TDSSKiller Show 3 treats --> Removed --> Reboot --> Scan again --> same 3 virus back
Edited by amicusthe, 28 August 2012 - 10:49 AM.