Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Searchnu and ILivid stuck on my computer [Solved]


  • This topic is locked This topic is locked

#1
Rsharp27

Rsharp27

    New Member

  • Member
  • Pip
  • 4 posts
Hi this is my first time here so I'm not sure what to do with this topic. But I am dealing with the ilivid virus and it's offspring Searchnu. Every once in a while while using Firefox I get "ilivid redirection" and my page disappears or a new tab opens up. When I go to my home page to search I get searchnu. Help?
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what I can do

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Rsharp27

Rsharp27

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The extras file didn't show up. I'm not seeing the searchnu redirect page anymore and at moment. But the ilivid I'm not sure if it's fully gone yet.
---------
OTL logfile created on: 10/18/2012 1:42:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ruth\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.98 Mb Total Physical Memory | 113.75 Mb Available Physical Memory | 14.83% Memory free
1.19 Gb Paging File | 0.61 Gb Available in Paging File | 51.43% Paging File free
Paging file location(s): c:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 4.34 Gb Free Space | 11.35% Space Free | Partition Type: NTFS
Drive E: | 329.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MCQW01 | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/18 11:28:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\My Documents\Downloads\OTL.exe
PRC - [2012/10/18 10:08:40 | 000,495,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.139.1.0.exe
PRC - [2012/10/11 22:25:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/13 15:57:25 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/12 17:25:22 | 000,280,088 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/01/31 07:44:05 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MpSigStub.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/03 10:48:46 | 000,307,200 | ---- | M] (ta2027) -- C:\Program Files\Styler\Styler.exe
PRC - [2003/11/20 09:39:56 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/13 11:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/06/11 01:52:26 | 000,122,880 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe
PRC - [2003/06/11 01:52:24 | 000,380,928 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/11 22:25:32 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2005/05/01 12:10:10 | 000,159,744 | ---- | M] () -- C:\Program Files\Styler\UNRAR\unrar.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2012/10/11 22:25:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 12:45:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/13 15:57:25 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\el90xbc5.sys -- (EL90XBC)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/10/16 17:53:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/06/11 01:52:26 | 000,098,815 | ---- | M] (Visual Networks) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\ipvnmon.sys -- (IPVNMon)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/?il...&fr=ydwnld-home
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\SearchScopes\{DCA37496-8C80-4011-9FFF-C1CF7C3A0D34}: "URL" = http://blekko.com/ws...archTerms}&r=31
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\SearchScopes\{E7C37A7C-7F78-47A4-BC64-A4B54BEF46F7}: "URL" = http://www.google.co...ie7&rlz=1I7RNWM
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Ruth\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/11 22:25:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/11 22:23:58 | 000,000,000 | ---D | M]

[2012/10/17 18:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Extensions
[2012/10/17 19:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions
[2012/10/02 19:44:34 | 000,000,000 | ---D | M] ("Installation Assistant") -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions\[email protected]
[2012/10/02 19:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions\[email protected]\chrome\content\extensionCode
[2012/10/02 19:44:57 | 000,001,435 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\searchplugins\spamfreesearch.xml
[2012/10/17 18:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/11 22:25:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 22:25:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Ruth\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - Extension: Angry Birds Seasons = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adkdbmomhdhkgdocinjlnacgjnmgdbpj\1.1_0\
CHR - Extension: Radio = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh\1.0.56_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Sonic The Hedgehog = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bokhealhhobgpgmjopedbdbbakccnhal\5_0\
CHR - Extension: Angry Mario = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgohifopghcaieahkfehbaoikkpeeple\1_0\
CHR - Extension: Super Fighter = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckddkdhnadfgggkmjpeinjfobojmdodh\13.2644.6550_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Super Brawl 2 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dceiafckbfiajjdehembflgmlidighgc\1.0.0_0\
CHR - Extension: Angry Birds Heikki = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dgdfbadfflkanjeofdhgmckbgjgjppmd\1.0_0\
CHR - Extension: Gravity Guy-HD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egkkgmpjnjodbfpnbaahikapdgglgjnk\2.0_0\
CHR - Extension: Street Fighter II Champion Edition hd = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elflghklacdjhijbkeffogmminghedfm\1.1_0\
CHR - Extension: Teenage Mutant Turtles Throw Back HD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkamdocbcdkojpdmbniabibgnkheeii\1.0_0\
CHR - Extension: Classic Sonic = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfllkgcnnlcinhifiohemigcmbckpcmf\1.1_0\
CHR - Extension: Cut the Rope = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: Agent P Angry Strikes = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifhkendccnnjbmckaaopnmfppgnabjnn\1.9.0.0_0\
CHR - Extension: Color Piano! = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh\0.3.8.4_0\
CHR - Extension: An Awesome Book! = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcafjdhiidcpdgpdbpnllmpheogojkfl\1.11112_0\
CHR - Extension: Skyrama = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.2_0\
CHR - Extension: Bad Piggies HD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jofngecinijbnnjkkckhlfaefapndmml\4_0\
CHR - Extension: Green Farm = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbgdenhobifcbckaiohandoodkepleif\2.1.7.8_0\
CHR - Extension: Break The Wall = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn\1.5_0\
CHR - Extension: Rango: The WORLD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ladlgddeghalkmimaamlhbfaglfcdiep\1.0_0\
CHR - Extension: Farm Fever = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ligeklacpdlffmbjnpndfjijcfhgjkge\0.0.3_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Arman = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lonfhhmopiahngenbajjafhmhlfmhhhj\1_0\
CHR - Extension: Anime Chaos War 2012 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbcpocfppnnjgnlmkhfnibkfdokdgaip\1.8.0.0_0\
CHR - Extension: Installation Assistant = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.12_0\crossrider
CHR - Extension: Installation Assistant = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.12_0\
CHR - Extension: Need for Speed World = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: Kung Fu Panda 2 Rumble Fight 3D = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nanmgeiemmfbkiampniinahifoffpcli\1.5_0\
CHR - Extension: One Piece Ultimate Fight. = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocgfpniopiiejdnoebmhljniadkmmncj\1.0_0\
CHR - Extension: AVG Rewards = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij\1.3.7_0\
CHR - Extension: Mini Ninjas = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi\1.0.0.15_0\
CHR - Extension: Perfect Fighter = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omjeoakngigkhomkcekfbgokcjgcpmjn\1.0_0\
CHR - Extension: Running = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pibmbphgclmikgclcjlfnlepeofhcffm\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Wolf Toss = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjlncddmdljpioccbmempchonhlifakc\1.1.2.6_0\

O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Installation Assistant) - {11111111-1111-1111-1111-110111691112} - C:\Program Files\Installation Assistant\Installation Assistant.dll (Installation Assistant)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\.DEFAULT..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007..\Run: [Yahoo! Pager] 1 File not found
O4 - Startup: C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Ruth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\Ruth\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopIniCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O15 - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/...pandaonline.cab (Reg Error: Key error.)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/...pcaploader1.cab (PopCapLoaderCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.13.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB369EC9-B5E7-4EEB-B513-3EE42057AD83}: DhcpNameServer = 206.13.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB369EC9-B5E7-4EEB-B513-3EE42057AD83}: NameServer = 4.2.2.2,4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 21:28:07 | 000,079,585 | R--- | M] () - E:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2010/03/31 01:09:20 | 001,504,768 | R--- | M] (Linasoft) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/11/21 21:28:07 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 13:42:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2012/10/18 13:20:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ruth\Recent
[2012/10/17 19:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/10/17 19:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/10/17 19:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/10/17 19:16:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/10/17 19:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/10/16 11:58:33 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/10/16 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/16 11:22:22 | 011,088,872 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ruth\My Documents\mseinstall.exe
[2012/10/16 11:20:53 | 095,436,288 | ---- | C] (COMODO) -- C:\Documents and Settings\Ruth\My Documents\cav_installer_3264_29
[2012/10/16 11:19:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/16 11:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Malwarebytes
[2012/10/16 11:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/16 11:02:21 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\My Documents\mbam-setup-1.65.0.1400.exe
[2012/10/16 01:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Doctor Web
[2012/10/16 01:18:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/10/16 01:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\DoctorWeb
[2012/10/15 21:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\Buildcity
[2012/10/15 21:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Buildcity
[2012/10/15 12:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/11 22:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Warsow 1.0
[2012/10/11 22:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\splitscreen
[2012/10/11 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/11 17:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/10/11 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/11 17:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\AVG Rewards for Chrome
[2012/10/11 17:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Rewards
[2012/10/10 16:29:17 | 000,000,000 | ---D | C] -- C:\Treasuregame
[2012/10/10 15:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\RGamez
[2012/10/09 12:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\GameMaker-Studio 1.1
[2012/10/09 01:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\GameMaker 8.1
[2012/10/09 01:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2012/10/09 01:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2012/10/09 01:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2012/10/09 00:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\stuffing
[2012/10/08 13:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/10/08 13:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\Dropbox
[2012/10/08 13:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Dropbox
[2012/10/08 01:38:34 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mp4sds32.ax
[2012/10/08 01:37:05 | 000,274,432 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2012/10/08 01:37:05 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2012/10/08 01:37:05 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2012/10/08 01:37:05 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2012/10/08 01:37:05 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2012/10/08 01:37:05 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2012/10/08 01:37:05 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2012/10/08 01:37:05 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2012/10/08 01:37:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2012/10/08 01:37:04 | 000,720,896 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2012/10/08 01:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012/10/07 10:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\AppData
[2012/10/07 10:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\PackageAware
[2012/10/07 10:36:09 | 005,792,560 | ---- | C] (Bandoo Media, Inc ) -- C:\Documents and Settings\Ruth\My Documents\SavevidSetupV2.exe
[2012/10/07 01:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\My Documents\MAGIX downloads
[2012/10/07 01:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\My Documents\MAGIX
[2012/10/07 01:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\MAGIX
[2012/10/07 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2012/10/05 13:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\spiral
[2012/10/05 13:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Unity
[2012/10/02 19:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Optimizer Pro
[2012/10/02 19:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro
[2012/10/02 19:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012/10/02 19:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\Installation Assistant
[2012/10/02 19:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Installation Assistant
[2012/09/26 10:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\.mono
[2012/09/26 10:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\.mono
[2012/09/26 10:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\The Pok__mon Company International
[2012/09/26 10:54:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012/09/26 10:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\Pokémon Trading Card Game Online
[2012/09/12 12:45:02 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\sndvol32.exe
[2012/08/24 18:31:27 | 001,384,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvbvm60.dll
[2012/08/24 18:31:27 | 001,021,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\tv_enua.exe
[2012/08/24 18:31:27 | 000,955,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\spchcpl.exe
[2012/08/24 18:31:27 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OLEAUT32.DLL
[2012/08/24 18:31:27 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SETUP1.EXE
[2012/08/24 18:31:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VTEXT.DLL
[2012/08/24 18:31:27 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OLEPRO32.DLL
[2012/08/24 18:31:27 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ASYCFILT.DLL
[2012/08/24 18:31:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VB6STKIT.DLL
[2012/08/24 18:31:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ST6UNST.EXE
[2012/08/24 18:31:27 | 000,061,440 | ---- | C] (Slackker) -- C:\Program Files\Talking Math Tutor.exe
[2012/08/24 18:31:27 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\COMCAT.DLL
[2012/08/24 18:31:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\STDOLE2.TLB
[2006/07/04 19:06:11 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Ruth\Desktop\*.tmp files -> C:\Documents and Settings\Ruth\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Ruth\My Documents\*.tmp files -> C:\Documents and Settings\Ruth\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/18 13:41:57 | 000,003,139 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\logo.png.pagespeed.ce.653VSnI6xL.png
[2012/10/18 13:40:28 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/18 13:35:03 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/10/18 13:30:35 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/10/18 13:30:26 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
[2012/10/18 13:30:17 | 000,002,243 | ---- | M] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Styler.lnk
[2012/10/18 13:30:13 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/18 13:30:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/10/18 13:24:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/18 13:11:39 | 000,106,167 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0543_zps16710a73.jpg
[2012/10/18 13:11:15 | 000,096,739 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0546_zpsa1449c6b.jpg
[2012/10/18 13:11:14 | 000,096,739 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Digimon.jpg
[2012/10/18 13:01:13 | 001,296,921 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\powerrangerssamuraivisitthehospital_zps68f2530b.png
[2012/10/18 12:11:48 | 000,043,267 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach3.jpg
[2012/10/18 12:07:43 | 000,039,259 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach2.jpg
[2012/10/18 12:03:22 | 000,050,420 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach1.jpg
[2012/10/18 11:58:29 | 000,034,007 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach.jpg
[2012/10/18 11:28:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2012/10/18 10:44:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/10/18 10:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/10/17 20:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/10/17 19:52:28 | 000,006,096 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/10/17 19:52:04 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/10/17 19:52:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/10/17 19:45:17 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/17 19:36:07 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/10/17 19:06:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/17 18:38:20 | 000,003,217 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\Ilvidvirus removal.rtf
[2012/10/17 18:09:20 | 000,391,571 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-17_18-09-17.png
[2012/10/17 14:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/10/17 00:59:18 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Buildcity.exe.lnk
[2012/10/16 17:53:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/16 16:25:08 | 000,003,925 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Crystal Story Adventure Games Play Free Games Online at Armor Games.url
[2012/10/16 16:15:10 | 000,003,236 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Swordless Ninja Action Games Play Free Games Online at Armor Games.url
[2012/10/16 11:47:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/16 11:22:22 | 011,088,872 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ruth\My Documents\mseinstall.exe
[2012/10/16 11:21:54 | 095,436,288 | ---- | M] (COMODO) -- C:\Documents and Settings\Ruth\My Documents\cav_installer_3264_29
[2012/10/16 11:02:21 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\My Documents\mbam-setup-1.65.0.1400.exe
[2012/10/16 01:29:42 | 100,486,488 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\g86ltpi1.exe
[2012/10/15 12:45:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/10/11 19:35:18 | 000,031,769 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\reggiein2012.jpg
[2012/10/11 19:27:35 | 000,014,532 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\reggieIn2008.JPG
[2012/10/11 19:27:24 | 000,014,532 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\469_37727968674_9591_n.jpg
[2012/10/11 17:34:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/10 13:55:01 | 000,403,194 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-10_13-55-00.png
[2012/10/09 19:47:52 | 000,034,678 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\536257_10151092665542285_711693006_n.jpg
[2012/10/09 18:29:50 | 000,102,758 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\399611_749633651021_943763493_n.jpg
[2012/10/09 12:57:51 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Copyright, Page 2 LegalZoom.url
[2012/10/09 12:51:59 | 000,456,948 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/10/09 12:51:59 | 000,075,638 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/10/09 12:45:40 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 12:45:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/09 01:24:20 | 000,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2012/10/09 01:24:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2012/10/09 01:24:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2012/10/08 13:33:21 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/07 16:24:38 | 000,002,128 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\jih.rtf
[2012/10/07 11:31:05 | 001,485,772 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.avi
[2012/10/07 10:36:25 | 005,792,560 | ---- | M] (Bandoo Media, Inc ) -- C:\Documents and Settings\Ruth\My Documents\SavevidSetupV2.exe
[2012/10/06 00:23:24 | 003,824,475 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.mp4
[2012/10/05 22:07:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/10/05 14:20:42 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Spiral Knights.lnk
[2012/10/05 01:23:12 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/26 10:54:44 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Pokémon Trading Card Game Online.lnk
[2012/09/19 21:41:38 | 000,219,482 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Angel-s-Wings-angels-20015876-360-240.gif
[2012/09/19 21:37:33 | 000,068,435 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\austinignite
[2012/09/19 20:56:30 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Electric-guitar-music-7294367-1024-768.jpg.lnk
[2012/09/19 20:56:13 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Austin Ignight Program use this.pub
[2012/09/19 20:55:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\QTW.INI
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Ruth\Desktop\*.tmp files -> C:\Documents and Settings\Ruth\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Ruth\My Documents\*.tmp files -> C:\Documents and Settings\Ruth\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/18 13:41:51 | 000,003,139 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\logo.png.pagespeed.ce.653VSnI6xL.png
[2012/10/18 13:11:35 | 000,106,167 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0543_zps16710a73.jpg
[2012/10/18 13:11:05 | 000,096,739 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Digimon.jpg
[2012/10/18 13:10:55 | 000,096,739 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0546_zpsa1449c6b.jpg
[2012/10/18 13:00:59 | 001,296,921 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\powerrangerssamuraivisitthehospital_zps68f2530b.png
[2012/10/18 12:11:42 | 000,043,267 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach3.jpg
[2012/10/18 12:07:26 | 000,039,259 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach2.jpg
[2012/10/18 12:03:19 | 000,050,420 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach1.jpg
[2012/10/18 11:57:57 | 000,034,007 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach.jpg
[2012/10/17 19:36:07 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/10/17 19:35:57 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/17 19:35:57 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/10/17 19:35:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/10/17 19:18:19 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/10/17 18:38:19 | 000,003,217 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\Ilvidvirus removal.rtf
[2012/10/17 18:09:19 | 000,391,571 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-17_18-09-17.png
[2012/10/17 00:59:17 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Buildcity.exe.lnk
[2012/10/16 16:25:06 | 000,003,925 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Crystal Story Adventure Games Play Free Games Online at Armor Games.url
[2012/10/16 16:15:09 | 000,003,236 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Swordless Ninja Action Games Play Free Games Online at Armor Games.url
[2012/10/16 11:58:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/16 11:47:14 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/16 11:22:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/10/16 01:29:38 | 100,486,488 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\g86ltpi1.exe
[2012/10/16 01:20:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/11 19:35:11 | 000,031,769 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\reggiein2012.jpg
[2012/10/11 19:27:35 | 000,014,532 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\reggieIn2008.JPG
[2012/10/11 19:16:59 | 000,014,532 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\469_37727968674_9591_n.jpg
[2012/10/11 17:34:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/10 13:55:01 | 000,403,194 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-10_13-55-00.png
[2012/10/09 19:47:45 | 000,034,678 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\536257_10151092665542285_711693006_n.jpg
[2012/10/09 18:29:44 | 000,102,758 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\399611_749633651021_943763493_n.jpg
[2012/10/09 12:57:51 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Copyright, Page 2 LegalZoom.url
[2012/10/09 01:24:08 | 000,002,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2012/10/09 01:24:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2012/10/09 01:24:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2012/10/08 13:11:16 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/07 16:24:38 | 000,002,128 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\jih.rtf
[2012/10/07 11:32:22 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/07 11:32:16 | 001,485,772 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.avi
[2012/10/06 00:28:12 | 003,824,475 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.mp4
[2012/10/05 14:20:42 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Spiral Knights.lnk
[2012/10/05 14:20:41 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Spiral Knights.lnk
[2012/10/05 13:31:33 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/10/05 02:59:55 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Internet Explorer.lnk
[2012/09/26 10:54:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Pokémon Trading Card Game Online.lnk
[2012/09/19 21:41:34 | 000,219,482 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Angel-s-Wings-angels-20015876-360-240.gif
[2012/09/19 21:37:33 | 000,068,435 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\austinignite
[2012/09/19 20:56:30 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Electric-guitar-music-7294367-1024-768.jpg.lnk
[2012/09/19 20:56:13 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Austin Ignight Program use this.pub
[2012/09/12 12:45:02 | 000,188,029 | ---- | C] () -- C:\Program Files\preview.png
[2012/09/12 10:43:12 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/08/24 14:39:11 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\WebCamLib.dll
[2012/08/21 17:55:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/05/08 18:18:01 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2004/12/04 13:19:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\fusioncache.dat
[2003/11/29 08:55:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\PFP110JPR.{PB
[2003/11/29 08:55:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\PFP110JCM.{PB

========== ZeroAccess Check ==========

[2003/11/20 09:30:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\qmgr.dll -- (BITS)
SRV - [2008/04/13 19:11:50 | 000,077,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dhcpcsvc.dll -- (Dhcp)
SRV - [2008/04/13 19:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\eapsvc.dll -- (EapHost)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 19:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\netman.dll -- (Netman)
SRV - [2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\services.exe -- (PlugPlay)
SRV - [2008/04/13 19:12:36 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wscsvc.dll -- (wscsvc)
SRV - [2008/04/13 19:12:07 | 000,096,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srvsvc.dll -- (lanmanserver)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\SYSTEM32\termsrv.dll -- (TermService)
SRV - [2008/04/13 19:12:05 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\WBEM\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wzcsvc.dll -- (WZCSVC)
SRV - [2008/04/13 19:12:09 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2003/05/14 14:05:48 | 000,591,592 | ---- | M] () -- C:\Vitalize 3 Setup.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/04 00:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\explorer.exe

< MD5 for: SERVICES >
[2002/08/29 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\I386\SERVICES
[2002/08/29 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\SYSTEM32\DRIVERS\ETC\SERVICES

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SYSTEM32\DLLCACHE\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SYSTEM32\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2004/08/04 00:56:56 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\services.exe
[2002/08/29 06:00:00 | 000,101,376 | ---- | M] (Microsoft Corporation) MD5=E3DF4A0252D287C44606EE55355E1623 -- C:\I386\SERVICES.EXE

< MD5 for: SERVICES.LNK >
[2012/10/17 19:40:40 | 000,001,602 | ---- | M] () MD5=248D337D2BA709ED9E1C5567FAB3349F -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/15 11:49:18 | 000,000,369 | ---- | M] () MD5=A02376ADEC097D1097DDF8EC79396BCE -- C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\36SNUJ9L\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MSC >
[2002/08/29 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\I386\SERVICES.MSC
[2001/08/23 07:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\SYSTEM32\services.msc

< MD5 for: SERVICES.RDB >
[2010/02/02 00:16:32 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2010/02/02 00:11:04 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2002/08/29 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004/08/04 00:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe
[2002/08/29 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\SoftwareDistribution\Download\9ded4ee34a35fced0033d3e152a36e0e\winlogon.exe
[2002/08/29 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2002/08/29 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\I386\WINSOCK.DLL
[2001/08/23 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\SYSTEM32\DLLCACHE\winsock.dll
[2001/08/23 07:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\SYSTEM32\winsock.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6390D9FB
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F098C56D
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF4BA1F5
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8F2B426
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86FA1A34
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C4BD503
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB0BFA84
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0BB7B35
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23C6969A
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10861A5E
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D0186E
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2686CD
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C065E0D
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4DCBA8B
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8961A52
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:258F3E77
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91B3E405
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C79FB81
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:053FEC11
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B1A93C
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5814AB4F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EA0D54
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0F20CD
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:766442E5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2753F1AE
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1792752F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D93F5F7
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71236697
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067DB605
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A953997
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60516BC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45292A84
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07FFC655
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7290F122
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B337D07E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D02044C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E22BBE8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D24FC46
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F154AF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEF96BC8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9710577
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370EF5E8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BCAA2E9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED66F190
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB6E0B6B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3327BC4F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD93CF96
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3C56885
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD83DC4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A360D1FA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EC66C03
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B7B11
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C1D9362
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCF42AF8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22786385
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B8F7F6
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6F784D3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A4217C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F54261D3
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9124CA95
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD46F6
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8DACDD8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:192F4D18
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8104EE7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get the rest now, once done could you let me know of any outstanding problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2405}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-2667477959-1565821640-2314611055-1007\..\SearchScopes\{DCA37496-8C80-4011-9FFF-C1CF7C3A0D34}: "URL" = http://blekko.com/ws...archTerms}&r=31
[2012/10/02 19:44:34 | 000,000,000 | ---D | M] ("Installation Assistant") -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions\[email protected]
O2 - BHO: (Installation Assistant) - {11111111-1111-1111-1111-110111691112} - C:\Program Files\Installation Assistant\Installation Assistant.dll (Installation Assistant)
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-9EB4-FE6FA694B13E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Styler.lnk = C:\Documents and Settings\Ruth\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2012/10/07 10:36:09 | 005,792,560 | ---- | C] (Bandoo Media, Inc ) -- C:\Documents and Settings\Ruth\My Documents\SavevidSetupV2.exe
[2012/10/02 19:44:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\Installation Assistant
[2012/10/02 19:44:31 | 000,000,000 | ---D | C] -- C:\Program Files\Installation Assistant
[2012/10/16 01:29:42 | 100,486,488 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\g86ltpi1.exe



:Files
C:\WINDOWS\tasks\At*.job

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Rsharp27

Rsharp27

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
This is what it gave me OTL logfile created on: 10/18/2012 3:57:37 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ruth\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.98 Mb Total Physical Memory | 316.14 Mb Available Physical Memory | 41.22% Memory free
1.19 Gb Paging File | 0.83 Gb Available in Paging File | 69.62% Paging File free
Paging file location(s): c:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 4.38 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
Drive E: | 329.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MCQW01 | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/18 11:28:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\My Documents\Downloads\OTL.exe
PRC - [2012/10/11 22:25:42 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/13 15:57:25 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/11/20 09:39:56 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/08/13 11:27:40 | 000,028,672 | ---- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2003/06/11 01:52:26 | 000,122,880 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe
PRC - [2003/06/11 01:52:24 | 000,380,928 | ---- | M] (Visual Networks) -- C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/11 22:25:32 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 10:24:44 | 009,814,968 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_11_4_402_287.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2012/10/11 22:25:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 12:45:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/13 15:57:25 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\el90xbc5.sys -- (EL90XBC)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/10/16 17:53:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/06/11 01:52:26 | 000,098,815 | ---- | M] (Visual Networks) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\ipvnmon.sys -- (IPVNMon)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/?il...&fr=ydwnld-home
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E7C37A7C-7F78-47A4-BC64-A4B54BEF46F7}: "URL" = http://www.google.co...ie7&rlz=1I7RNWM
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Ruth\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/11 22:25:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/11 22:23:58 | 000,000,000 | ---D | M]

[2012/10/17 18:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Extensions
[2012/10/17 19:53:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions
[2012/10/02 19:44:57 | 000,001,435 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\searchplugins\spamfreesearch.xml
[2012/10/17 18:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/11 22:25:42 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 22:25:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Ruth\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - Extension: Angry Birds Seasons = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adkdbmomhdhkgdocinjlnacgjnmgdbpj\1.1_0\
CHR - Extension: Radio = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh\1.0.56_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Sonic The Hedgehog = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bokhealhhobgpgmjopedbdbbakccnhal\5_0\
CHR - Extension: Angry Mario = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgohifopghcaieahkfehbaoikkpeeple\1_0\
CHR - Extension: Super Fighter = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ckddkdhnadfgggkmjpeinjfobojmdodh\13.2644.6550_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Super Brawl 2 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dceiafckbfiajjdehembflgmlidighgc\1.0.0_0\
CHR - Extension: Angry Birds Heikki = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dgdfbadfflkanjeofdhgmckbgjgjppmd\1.0_0\
CHR - Extension: Gravity Guy-HD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\egkkgmpjnjodbfpnbaahikapdgglgjnk\2.0_0\
CHR - Extension: Street Fighter II Champion Edition hd = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elflghklacdjhijbkeffogmminghedfm\1.1_0\
CHR - Extension: Teenage Mutant Turtles Throw Back HD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkamdocbcdkojpdmbniabibgnkheeii\1.0_0\
CHR - Extension: Classic Sonic = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gfllkgcnnlcinhifiohemigcmbckpcmf\1.1_0\
CHR - Extension: Cut the Rope = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\14_0\
CHR - Extension: Agent P Angry Strikes = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ifhkendccnnjbmckaaopnmfppgnabjnn\1.9.0.0_0\
CHR - Extension: Color Piano! = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh\0.3.8.4_0\
CHR - Extension: An Awesome Book! = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcafjdhiidcpdgpdbpnllmpheogojkfl\1.11112_0\
CHR - Extension: Skyrama = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.2_0\
CHR - Extension: Bad Piggies HD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jofngecinijbnnjkkckhlfaefapndmml\4_0\
CHR - Extension: Green Farm = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbgdenhobifcbckaiohandoodkepleif\2.1.7.8_0\
CHR - Extension: Break The Wall = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\klhfgnobmdkblmbdahcnpajbjnfmknpn\1.5_0\
CHR - Extension: Rango: The WORLD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ladlgddeghalkmimaamlhbfaglfcdiep\1.0_0\
CHR - Extension: Farm Fever = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ligeklacpdlffmbjnpndfjijcfhgjkge\0.0.3_0\
CHR - Extension: The Fancy Pants Adventure: World 2 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loamdenijebhollnjgehcfbnpeelfhlk\14_0\
CHR - Extension: Arman = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lonfhhmopiahngenbajjafhmhlfmhhhj\1_0\
CHR - Extension: Anime Chaos War 2012 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mbcpocfppnnjgnlmkhfnibkfdokdgaip\1.8.0.0_0\
CHR - Extension: Installation Assistant = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.12_0\crossrider
CHR - Extension: Installation Assistant = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mmddbcpechilpapallpbdpcekmgibofi\1.20.12_0\
CHR - Extension: Need for Speed World = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: Kung Fu Panda 2 Rumble Fight 3D = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nanmgeiemmfbkiampniinahifoffpcli\1.5_0\
CHR - Extension: One Piece Ultimate Fight. = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocgfpniopiiejdnoebmhljniadkmmncj\1.0_0\
CHR - Extension: AVG Rewards = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij\1.3.7_0\
CHR - Extension: Mini Ninjas = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi\1.0.0.15_0\
CHR - Extension: Perfect Fighter = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\omjeoakngigkhomkcekfbgokcjgcpmjn\1.0_0\
CHR - Extension: Running = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pibmbphgclmikgclcjlfnlepeofhcffm\1.5_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Wolf Toss = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjlncddmdljpioccbmempchonhlifakc\1.1.2.6_0\

O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [IPInSightLAN 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe (Visual Networks)
O4 - HKLM..\Run: [IPInSightMonitor 01] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe (Visual Networks)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKCU..\Run: [Yahoo! Pager] 1 File not found
O4 - Startup: C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Ruth\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopIniCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/...pandaonline.cab (Reg Error: Key error.)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/...pcaploader1.cab (PopCapLoaderCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.13.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB369EC9-B5E7-4EEB-B513-3EE42057AD83}: DhcpNameServer = 206.13.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB369EC9-B5E7-4EEB-B513-3EE42057AD83}: NameServer = 4.2.2.2,4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/21 21:28:07 | 000,079,585 | R--- | M] () - E:\autorun.apm -- [ CDFS ]
O32 - AutoRun File - [2010/03/31 01:09:20 | 001,504,768 | R--- | M] (Linasoft) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/11/21 21:28:07 | 000,000,049 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{9734db9e-eb0e-11e1-8f83-000cf1745dc0}\Shell - "" = AutoRun
O33 - MountPoints2\{9734db9e-eb0e-11e1-8f83-000cf1745dc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9734db9e-eb0e-11e1-8f83-000cf1745dc0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/18 15:47:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/18 14:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\join.me
[2012/10/18 13:42:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2012/10/18 13:20:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ruth\Recent
[2012/10/17 19:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/10/17 19:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/10/17 19:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/10/17 19:16:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/10/17 19:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/10/16 11:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/16 11:20:53 | 095,436,288 | ---- | C] (COMODO) -- C:\Documents and Settings\Ruth\My Documents\cav_installer_3264_29
[2012/10/16 11:19:27 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/16 11:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Malwarebytes
[2012/10/16 11:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/10/16 11:02:21 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\My Documents\mbam-setup-1.65.0.1400.exe
[2012/10/16 01:30:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Doctor Web
[2012/10/16 01:18:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/10/16 01:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\DoctorWeb
[2012/10/15 21:49:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\Buildcity
[2012/10/15 21:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Buildcity
[2012/10/15 12:45:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/10/11 22:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Warsow 1.0
[2012/10/11 22:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\splitscreen
[2012/10/11 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/11 17:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/10/11 17:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/11 17:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\AVG Rewards for Chrome
[2012/10/11 17:33:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Rewards
[2012/10/10 16:29:17 | 000,000,000 | ---D | C] -- C:\Treasuregame
[2012/10/10 15:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\RGamez
[2012/10/09 12:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\GameMaker-Studio 1.1
[2012/10/09 01:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\GameMaker 8.1
[2012/10/09 01:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Softwrap
[2012/10/09 01:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Fonts
[2012/10/09 01:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Config
[2012/10/09 00:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\stuffing
[2012/10/08 13:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/10/08 13:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\Dropbox
[2012/10/08 13:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Dropbox
[2012/10/08 01:37:05 | 000,274,432 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2012/10/08 01:37:05 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2012/10/08 01:37:05 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2012/10/08 01:37:05 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2012/10/08 01:37:05 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2012/10/08 01:37:05 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2012/10/08 01:37:05 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2012/10/08 01:37:05 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2012/10/08 01:37:04 | 000,720,896 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2012/10/08 01:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012/10/07 10:39:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\AppData
[2012/10/07 10:36:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\PackageAware
[2012/10/07 01:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\My Documents\MAGIX downloads
[2012/10/07 01:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\My Documents\MAGIX
[2012/10/07 01:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\MAGIX
[2012/10/07 01:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2012/10/05 13:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\spiral
[2012/10/05 13:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Unity
[2012/10/02 19:54:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\Optimizer Pro
[2012/10/02 19:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro
[2012/10/02 19:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2012/09/26 10:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\.mono
[2012/09/26 10:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Application Data\.mono
[2012/09/26 10:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Local Settings\Application Data\The Pok__mon Company International
[2012/09/26 10:54:53 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2012/09/26 10:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Start Menu\Programs\Pokémon Trading Card Game Online
[2012/09/12 12:45:02 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\sndvol32.exe
[2012/08/24 18:31:27 | 001,384,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvbvm60.dll
[2012/08/24 18:31:27 | 001,021,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\tv_enua.exe
[2012/08/24 18:31:27 | 000,955,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\spchcpl.exe
[2012/08/24 18:31:27 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OLEAUT32.DLL
[2012/08/24 18:31:27 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SETUP1.EXE
[2012/08/24 18:31:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VTEXT.DLL
[2012/08/24 18:31:27 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OLEPRO32.DLL
[2012/08/24 18:31:27 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ASYCFILT.DLL
[2012/08/24 18:31:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VB6STKIT.DLL
[2012/08/24 18:31:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ST6UNST.EXE
[2012/08/24 18:31:27 | 000,061,440 | ---- | C] (Slackker) -- C:\Program Files\Talking Math Tutor.exe
[2012/08/24 18:31:27 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\COMCAT.DLL
[2012/08/24 18:31:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\STDOLE2.TLB
[2006/07/04 19:06:11 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\Ruth\Desktop\*.tmp files -> C:\Documents and Settings\Ruth\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Ruth\My Documents\*.tmp files -> C:\Documents and Settings\Ruth\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/18 16:06:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 16:06:46 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/18 16:03:23 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/18 15:56:40 | 000,009,468 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\ebunite.png.pagespeed.ce.bB44hX6InE.png
[2012/10/18 15:53:30 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/10/18 15:53:25 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
[2012/10/18 15:53:14 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/18 15:53:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/10/18 15:35:16 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/10/18 15:24:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/18 14:58:13 | 000,002,500 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\unnamed.jpg
[2012/10/18 14:21:22 | 000,001,096 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\join.me.lnk
[2012/10/18 14:12:07 | 000,099,373 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\essexboy.gif.pagespeed.ce.A9hTtrCYtl.gif
[2012/10/18 14:00:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/10/18 13:41:57 | 000,003,139 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\logo.png.pagespeed.ce.653VSnI6xL.png
[2012/10/18 13:11:39 | 000,106,167 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0543_zps16710a73.jpg
[2012/10/18 13:11:15 | 000,096,739 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0546_zpsa1449c6b.jpg
[2012/10/18 13:11:14 | 000,096,739 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Digimon.jpg
[2012/10/18 13:01:13 | 001,296,921 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\powerrangerssamuraivisitthehospital_zps68f2530b.png
[2012/10/18 12:11:48 | 000,043,267 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach3.jpg
[2012/10/18 12:07:43 | 000,039,259 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach2.jpg
[2012/10/18 12:03:22 | 000,050,420 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach1.jpg
[2012/10/18 11:58:29 | 000,034,007 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\regbeach.jpg
[2012/10/18 11:28:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2012/10/18 10:44:12 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/10/18 10:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/10/17 20:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/10/17 19:52:28 | 000,006,096 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/10/17 19:52:04 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/10/17 19:52:04 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/10/17 19:45:17 | 000,001,005 | ---- | M] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/17 19:36:07 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/10/17 19:06:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/17 18:38:20 | 000,003,217 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\Ilvidvirus removal.rtf
[2012/10/17 18:09:20 | 000,391,571 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-17_18-09-17.png
[2012/10/17 00:59:18 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Buildcity.exe.lnk
[2012/10/16 17:53:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/10/16 16:25:08 | 000,003,925 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Crystal Story Adventure Games Play Free Games Online at Armor Games.url
[2012/10/16 16:15:10 | 000,003,236 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Swordless Ninja Action Games Play Free Games Online at Armor Games.url
[2012/10/16 11:47:30 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/10/16 11:21:54 | 095,436,288 | ---- | M] (COMODO) -- C:\Documents and Settings\Ruth\My Documents\cav_installer_3264_29
[2012/10/16 11:02:21 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ruth\My Documents\mbam-setup-1.65.0.1400.exe
[2012/10/15 12:45:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/10/11 19:35:18 | 000,031,769 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\reggiein2012.jpg
[2012/10/11 19:27:35 | 000,014,532 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\reggieIn2008.JPG
[2012/10/11 19:27:24 | 000,014,532 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\469_37727968674_9591_n.jpg
[2012/10/11 17:34:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/10 13:55:01 | 000,403,194 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-10_13-55-00.png
[2012/10/09 19:47:52 | 000,034,678 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\536257_10151092665542285_711693006_n.jpg
[2012/10/09 18:29:50 | 000,102,758 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\399611_749633651021_943763493_n.jpg
[2012/10/09 12:57:51 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Copyright, Page 2 LegalZoom.url
[2012/10/09 12:51:59 | 000,456,948 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/10/09 12:51:59 | 000,075,638 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/10/09 01:24:20 | 000,002,645 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2012/10/09 01:24:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys2.bmp
[2012/10/09 01:24:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SwSys1.bmp
[2012/10/08 13:33:21 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/07 16:24:38 | 000,002,128 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\jih.rtf
[2012/10/07 11:31:05 | 001,485,772 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.avi
[2012/10/06 00:23:24 | 003,824,475 | ---- | M] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.mp4
[2012/10/05 22:07:01 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/10/05 14:20:42 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Spiral Knights.lnk
[2012/10/05 01:23:12 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/26 10:54:44 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Pokémon Trading Card Game Online.lnk
[2012/09/19 21:41:38 | 000,219,482 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Angel-s-Wings-angels-20015876-360-240.gif
[2012/09/19 21:37:33 | 000,068,435 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\austinignite
[2012/09/19 20:56:30 | 000,000,584 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Electric-guitar-music-7294367-1024-768.jpg.lnk
[2012/09/19 20:56:13 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Austin Ignight Program use this.pub
[2012/09/19 20:55:19 | 000,000,352 | ---- | M] () -- C:\WINDOWS\QTW.INI
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[2 C:\Documents and Settings\Ruth\Desktop\*.tmp files -> C:\Documents and Settings\Ruth\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Ruth\My Documents\*.tmp files -> C:\Documents and Settings\Ruth\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/18 15:56:33 | 000,009,468 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\ebunite.png.pagespeed.ce.bB44hX6InE.png
[2012/10/18 14:58:01 | 000,002,500 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\unnamed.jpg
[2012/10/18 14:21:23 | 000,001,096 | ---- | C] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\join.me.lnk
[2012/10/18 14:21:18 | 000,001,096 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\join.me.lnk
[2012/10/18 14:11:48 | 000,099,373 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\essexboy.gif.pagespeed.ce.A9hTtrCYtl.gif
[2012/10/18 13:41:51 | 000,003,139 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\logo.png.pagespeed.ce.653VSnI6xL.png
[2012/10/18 13:11:35 | 000,106,167 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0543_zps16710a73.jpg
[2012/10/18 13:11:05 | 000,096,739 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Digimon.jpg
[2012/10/18 13:10:55 | 000,096,739 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\IMAG0546_zpsa1449c6b.jpg
[2012/10/18 13:00:59 | 001,296,921 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\powerrangerssamuraivisitthehospital_zps68f2530b.png
[2012/10/18 12:11:42 | 000,043,267 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach3.jpg
[2012/10/18 12:07:26 | 000,039,259 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach2.jpg
[2012/10/18 12:03:19 | 000,050,420 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach1.jpg
[2012/10/18 11:57:57 | 000,034,007 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\regbeach.jpg
[2012/10/17 19:36:07 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/10/17 19:35:57 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/10/17 19:35:57 | 000,000,456 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/10/17 19:35:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/10/17 19:18:19 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/10/17 18:38:19 | 000,003,217 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\Ilvidvirus removal.rtf
[2012/10/17 18:09:19 | 000,391,571 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-17_18-09-17.png
[2012/10/17 00:59:17 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Buildcity.exe.lnk
[2012/10/16 16:25:06 | 000,003,925 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Crystal Story Adventure Games Play Free Games Online at Armor Games.url
[2012/10/16 16:15:09 | 000,003,236 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Swordless Ninja Action Games Play Free Games Online at Armor Games.url
[2012/10/16 11:58:13 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/16 11:47:14 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/16 11:22:57 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/10/16 01:20:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/11 19:35:11 | 000,031,769 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\reggiein2012.jpg
[2012/10/11 19:27:35 | 000,014,532 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\reggieIn2008.JPG
[2012/10/11 19:16:59 | 000,014,532 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\469_37727968674_9591_n.jpg
[2012/10/11 17:34:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/10/10 13:55:01 | 000,403,194 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\spiral_2012-10-10_13-55-00.png
[2012/10/09 19:47:45 | 000,034,678 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\536257_10151092665542285_711693006_n.jpg
[2012/10/09 18:29:44 | 000,102,758 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\399611_749633651021_943763493_n.jpg
[2012/10/09 12:57:51 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Copyright, Page 2 LegalZoom.url
[2012/10/09 01:24:08 | 000,002,645 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Global.sw2
[2012/10/09 01:24:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys2.bmp
[2012/10/09 01:24:08 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SwSys1.bmp
[2012/10/08 13:11:16 | 000,001,005 | ---- | C] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Startup\Dropbox.lnk
[2012/10/07 16:24:38 | 000,002,128 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\jih.rtf
[2012/10/07 11:32:22 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/07 11:32:16 | 001,485,772 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.avi
[2012/10/06 00:28:12 | 003,824,475 | ---- | C] () -- C:\Documents and Settings\Ruth\My Documents\VID_20121005_170649.mp4
[2012/10/05 14:20:42 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\Ruth\Start Menu\Programs\Spiral Knights.lnk
[2012/10/05 14:20:41 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Spiral Knights.lnk
[2012/10/05 13:31:33 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/10/05 02:59:55 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Internet Explorer.lnk
[2012/09/26 10:54:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Pokémon Trading Card Game Online.lnk
[2012/09/19 21:41:34 | 000,219,482 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Angel-s-Wings-angels-20015876-360-240.gif
[2012/09/19 21:37:33 | 000,068,435 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\austinignite
[2012/09/19 20:56:30 | 000,000,584 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Shortcut to Electric-guitar-music-7294367-1024-768.jpg.lnk
[2012/09/19 20:56:13 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Austin Ignight Program use this.pub
[2012/09/12 12:45:02 | 000,188,029 | ---- | C] () -- C:\Program Files\preview.png
[2012/09/12 10:43:12 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/08/24 14:39:11 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\WebCamLib.dll
[2012/08/21 17:55:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/05/08 18:18:01 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2004/12/04 13:19:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\fusioncache.dat
[2003/11/29 08:55:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\PFP110JPR.{PB
[2003/11/29 08:55:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\PFP110JCM.{PB

========== ZeroAccess Check ==========

[2003/11/20 09:30:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/26 10:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\.mono
[2008/10/11 17:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2008/10/18 17:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2004/08/27 13:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BF8051E7-626F-4a11-AF7A-625A7B555862
[2006/11/11 19:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2007/08/31 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2008/09/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2008/10/24 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/10/03 18:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/08/25 11:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008/09/27 20:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007/04/27 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2006/12/11 00:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo
[2008/10/21 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008/11/09 13:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 10:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2007/02/16 18:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/03/28 16:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/05/31 14:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2012/10/16 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/10/20 18:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2008/11/05 19:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/11/08 19:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Games
[2008/11/02 21:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/06/01 15:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/09/17 19:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2007/01/15 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norbyte
[2009/02/01 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/11 13:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2008/09/27 22:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/09/16 02:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2007/09/01 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyGoodGames
[2012/08/22 18:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2007/11/28 17:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2006/07/28 20:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2012/10/17 19:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2008/09/27 17:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/05/17 14:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/05/13 18:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/03/12 16:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/30 14:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2004/09/19 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2008/10/17 15:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2007/06/09 21:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ValuSoft
[2004/08/27 10:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/05/11 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012/09/26 10:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\.mono
[2007/12/12 20:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Age of Japan II
[2008/02/04 18:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\AlwaysNeat
[2008/09/04 19:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Ancient Quest of Saqqarah__real
[2008/10/03 19:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Angkor
[2012/08/24 14:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Apowersoft
[2006/11/05 21:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Beep Industries
[2007/05/21 13:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BFGTOOLBAR
[2007/09/03 11:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Big Fish Games
[2006/12/09 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Boomzap
[2008/10/16 18:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\cerasus.media
[2007/02/13 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Chicken Chase
[2008/11/12 11:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/18 15:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Dropbox
[2006/11/11 19:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\EA
[2007/10/11 18:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\EleFun Games
[2009/02/02 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Fabulous Finds
[2008/10/24 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Flood Light Games
[2008/10/03 18:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\FloodLightGames
[2009/02/09 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\ForgottenRiddles2
[2008/10/07 17:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Friday's games
[2007/10/05 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Gaijin Ent
[2007/07/04 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\GameHouse
[2007/04/27 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\gamelab
[2008/11/08 19:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\gemsweeperextractedgfx
[2006/12/11 00:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Genimo
[2012/08/11 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\GetRightToGo
[2008/12/20 10:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Gogii Games
[2008/09/07 17:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\ITTNord
[2007/11/28 16:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Jane s Hotel
[2008/12/29 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\JewelMatch2
[2003/11/28 21:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Leadertech
[2006/04/26 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Magic Match
[2012/10/08 01:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\MAGIX
[2008/10/24 19:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Meridian93
[2008/05/18 16:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\My Games
[2008/05/26 20:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\MysteryStudio
[2008/08/06 20:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Mysteryville2
[2007/01/15 20:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Norbyte
[2012/08/23 21:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\OpenOffice.org
[2012/10/02 19:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Optimizer Pro
[2008/02/03 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Pirateville
[2006/11/01 23:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\pixelStorm
[2009/02/01 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\PlayFirst
[2008/07/09 17:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Playrix Entertainment
[2012/08/22 18:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\RapidTyping
[2008/05/10 21:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Restorer
[2008/11/09 17:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Righteous Kill
[2012/10/18 15:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\spiral
[2012/10/11 22:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\splitscreen
[2008/12/22 18:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\SprillBermudeEng
[2012/09/12 11:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Styler
[2007/11/09 17:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Super-Cow
[2012/10/05 13:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Unity
[2007/09/22 18:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\VeniceMysteryData
[2012/10/11 22:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Warsow 1.0
[2006/05/14 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Wildfire

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6390D9FB
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F098C56D
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF4BA1F5
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8F2B426
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86FA1A34
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C4BD503
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB0BFA84
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0BB7B35
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23C6969A
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10861A5E
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D0186E
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2686CD
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C065E0D
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4DCBA8B
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8961A52
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:258F3E77
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91B3E405
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C79FB81
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:053FEC11
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B1A93C
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5814AB4F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EA0D54
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0F20CD
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:766442E5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2753F1AE
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1792752F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D93F5F7
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71236697
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067DB605
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A953997
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60516BC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45292A84
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07FFC655
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7290F122
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B337D07E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D02044C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E22BBE8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D24FC46
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F154AF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEF96BC8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9710577
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370EF5E8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BCAA2E9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED66F190
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB6E0B6B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3327BC4F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD93CF96
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3C56885
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD83DC4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A360D1FA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EC66C03
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B7B11
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C1D9362
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCF42AF8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22786385
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B8F7F6
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6F784D3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A4217C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F54261D3
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9124CA95
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD46F6
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8DACDD8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:192F4D18
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8104EE7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9

< End of report >
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good, can you confirm that there are no other problems
  • 0

#7
Rsharp27

Rsharp27

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I concur, I have not been having the popups! I think its working fine now.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP