[Firecow]

Hello there
I'm all confused now! Somewhere on here I was reading about Hijackthis being overtaken now by Runscanner (or something like that). I ran a Runscanner and have the report, but then I looked again and you seem to suggest OTL? Is it the same? Can I post my Runscanner report? Can anybody please help me read it? I've been having problems with my computer freezing and 'stuttering' a lot. My C drive has only got 60 mb (or is it kb?) free. I wonder if it's all just cluttered up. I have done my clean ups, disc clean, defrag. It's running Vista home.
Here is my report :-
Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : TROG28-PC
Creation time : 25/10/2012 23:40:19
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.0.8112.16421
OS : Windows Vista ™ Home Premium
OS Build : 6002
OS SP : Service Pack 2
RunScanner Version : 2.0.0.60
User Language : English (United Kingdom)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe (Adobe Systems Incorporated)
* C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.139.517.0.exe (Microsoft Corporation)
* C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
* C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
* C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
* C:\Windows\System32\MpSigStub.exe (Microsoft Corporation)
* C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
* C:\Windows\System32\SLsvc.exe (Microsoft Corporation)
* C:\Windows\System32\SearchFilterHost.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\System32\SearchProtocolHost.exe (Microsoft Corporation)
* C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
* C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
* C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ONWN1UK\runscanner.exe (Runscanner.net)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Windows\System32\taskeng.exe (Microsoft Corporation)
* C:\Windows\System32\taskeng.exe (Microsoft Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Windows\servicing\TrustedInstaller.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\wuauclt.exe (Microsoft Corporation)

Unrated items
-------------
010 * C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 11.4 r402)
010 C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe (SetupAfterRebootService)
010 * C:\Program Files\Skype\Updater\Updater.exe (Skype Updater Service)
011 * C:\Windows\system32\DRIVERS\HssDrv.sys (Expat Shield Routing Driver)
011 * C:\Windows\system32\DRIVERS\SWDUMon.sys (SWDUMon.sys)
011 * C:\Windows\system32\DRIVERS\taphss.sys (TAP-Win32 Virtual Network Driver)
011 C:\Windows\System32\Drivers\VoIPUSBDriver.sys (USB Scanner Driver)
041 * C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) {2318C2B1-4965-11d4-9B18-009027A5CD4F}
042 GUID / CLSID not found {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
042 GUID / CLSID not found {925DAB62-F9AC-4221-806A-057BFB1014AA}
042 GUID / CLSID not found {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
045 * C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) {2318C2B1-4965-11D4-9B18-009027A5CD4F}
052 GUID / CLSID not found {02478D38-C3F9-4efb-9B51-7695ECA05670}
052 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
052 * C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.) {3706EE7C-3CAD-445D-8A43-03EBC3B75908}
052 * C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7}
062 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
073 Adobe Flash Player Updater.job : C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
100 ProxyServer HKCU : http=88.208.239.66:808;https=88.208.239.66:808;ftp=88.208.239.66:808;socks=88.208.239.66:1808
100 SearchAssistant HKLM : http://start.facemoo...earchTerms}&f=4
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 GUID / CLSID not found {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
173 GUID / CLSID not found
221 GUID / CLSID not found
225 GUID / CLSID not found
225 GUID / CLSID not found
227 GUID / CLSID not found
231 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files
-------------
011 System32\Drivers\adildr.sys
011 c:\windows\system32\DRIVERS\adiusbaw.sys
011 c:\windows\system32\drivers\blbdrive.sys
011 c:\windows\system32\drivers\CM108.sys
011 C:\Users\Trog28\AppData\Local\Temp\cpuz134\cpuz134_x32.sys
011 c:\windows\system32\DRIVERS\ipinip.sys
011 c:\windows\system32\DRIVERS\nwlnkflt.sys
011 c:\windows\system32\DRIVERS\nwlnkfwd.sys
011 c:\windows\system32\DRIVERS\pccsmcfd.sys
011 c:\windows\system32\drivers\RTKVHDA.sys
011 C:\Windows\system32\drivers\SBREdrv.sys
011 c:\windows\system32\DRIVERS\usbser_lowerflt.sys
011 System32\Drivers\usbaapl.sys
032 rdpclip
052 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

I hope I'm in the right place and someone can help?
Many thanks

[Advertisements]

Hi, Firecow! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Runscanner is a tool we use to find specific information after being led to use it from our initial analysis. I need that initial general analysis for your computer. Please perform the following steps for me:



Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan All Users
• Select Lop Check and Purity Check
• Under the Custom Scan box paste this in
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.

[CompCav]

Hi, Firecow! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Runscanner is a tool we use to find specific information after being led to use it from our initial analysis. I need that initial general analysis for your computer. Please perform the following steps for me:



Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply



If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select Scan All Users
• Select Lop Check and Purity Check
• Under the Custom Scan box paste this in
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt

Give me an update on your computer's issues.

[Firecow]

Hello there Compcav
Many thanks for replying
Here are my reports :-
OTL logfile created on: 29/10/2012 23:07:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trog28\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.77 Mb Total Physical Memory | 400.61 Mb Available Physical Memory | 39.52% Memory free
2.24 Gb Paging File | 1.21 Gb Available in Paging File | 54.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.05 Gb Total Space | 74.90 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.01% Space Free | Partition Type: NTFS

Computer Name: TROG28-PC | User Name: Trog28 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/29 23:05:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trog28\Downloads\OTL.exe
PRC - [2012/10/09 08:49:45 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/10/19 08:54:15 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2012/10/09 08:49:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM108.sys -- (USBPNPA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Trog28\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Trog28\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2012/10/29 20:30:09 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA46843F-2A18-4E7E-88D2-3C13B043BA34}\MpKsl56e8455e.sys -- (MpKsl56e8455e)
DRV - [2012/10/25 19:31:04 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/11/23 22:45:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011/05/25 01:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/20 15:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/01/19 07:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/07/13 07:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/08 15:18:18 | 001,534,464 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC211)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2005/09/16 15:14:02 | 000,149,504 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VoIPUSBDriver.sys -- (BulkUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2549263


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enBG450
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=88.208.239.66:808;https=88.208.239.66:808;ftp=88.208.239.66:808;socks=88.208.239.66:1808


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trog28\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trog28\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/19 20:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/05/12 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Extensions
[2009/05/12 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/24 13:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions
[2012/03/24 13:35:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/20 19:05:04 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: uTorrentControl2 = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\
CHR - Extension: Gmail = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B2C0DA6-AB8E-48E0-8D1D-6610060175D2}: DhcpNameServer = 10.202.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{920086BE-3EC9-42BE-9C5E-7ADC82DB54ED}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Applications\oem\wallpaper5.jpg
O24 - Desktop BackupWallPaper: C:\Applications\oem\wallpaper5.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/25 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\Runscanner.net
[2012/10/24 22:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\T55
[2012/10/24 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\T55
[2012/10/19 09:28:10 | 000,000,000 | ---D | C] -- C:\Users\Trog28\Desktop\Little [bleep]
[2012/10/19 09:08:55 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012/10/19 08:53:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012/10/19 08:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/10/19 08:24:30 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Local\SlimWare Utilities Inc
[2012/10/19 08:24:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/12 17:06:16 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\LavasoftStatistics
[2012/10/12 17:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/12 17:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/10/12 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Local\Downloaded Installations
[2012/10/12 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Local\adawarebp
[2012/10/12 17:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/10/12 16:59:39 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus
[2012/10/09 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/29 23:03:34 | 000,000,512 | ---- | M] () -- C:\Users\Trog28\Desktop\MBR.dat
[2012/10/29 22:56:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-49009418-3967457827-3402590753-1000UA.job
[2012/10/29 22:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/29 22:48:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/29 21:21:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 21:21:01 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 19:56:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-49009418-3967457827-3402590753-1000Core.job
[2012/10/29 19:52:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/29 19:28:42 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/29 19:28:42 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/29 19:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 22:42:19 | 000,168,182 | ---- | M] () -- C:\Users\Trog28\Desktop\runscanner.run
[2012/10/25 19:31:04 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/10/19 09:05:50 | 000,000,111 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012/10/14 09:49:37 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2012/10/11 00:02:59 | 000,002,052 | ---- | M] () -- C:\Users\Trog28\Desktop\Google Chrome.lnk
[2012/10/10 19:59:34 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/09 19:56:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/07 21:18:58 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 23:03:34 | 000,000,512 | ---- | C] () -- C:\Users\Trog28\Desktop\MBR.dat
[2012/10/25 22:42:18 | 000,168,182 | ---- | C] () -- C:\Users\Trog28\Desktop\runscanner.run
[2012/10/19 09:05:50 | 000,000,111 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012/10/19 09:04:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012/10/19 08:35:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1587.dll
[2012/10/19 08:35:21 | 000,032,912 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2012/10/19 08:24:35 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/10/14 09:49:37 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2012/10/09 19:56:48 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/10 08:34:14 | 000,067,072 | ---- | C] () -- C:\Users\Trog28\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 14:32:13 | 000,000,104 | ---- | C] () -- C:\Users\Trog28\Network - Shortcut.lnk
[2011/03/05 00:51:24 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/08/29 09:24:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/10 08:01:09 | 000,000,104 | ---- | C] () -- C:\Users\Trog28\Computer - Shortcut.lnk
[2008/05/18 15:25:58 | 000,000,680 | ---- | C] () -- C:\Users\Trog28\AppData\Local\d3d9caps.dat
[2008/05/15 21:07:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/03/28 12:37:21 | 000,001,490 | ---- | C] () -- C:\Users\Trog28\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2011/03/04 09:23:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 07:27:31 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus
[2012/02/13 01:20:25 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\AVG
[2010/09/01 13:56:25 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\AVG9
[2011/07/07 22:24:24 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Azureus
[2011/12/16 23:25:40 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/04/08 22:34:21 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\BitComet
[2008/11/11 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/08 21:25:30 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\CometPlayer
[2011/03/05 00:37:33 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\DriverCure
[2012/02/02 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\eTeks
[2011/03/30 09:47:42 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FinalMediaPlayer
[2008/05/25 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FlashGet
[2011/06/10 09:20:35 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FrostWire
[2010/01/20 00:07:40 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FUJIFILM
[2011/04/22 09:48:36 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\GetRightToGo
[2012/10/10 12:30:29 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\IObit
[2012/02/01 11:37:38 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\IrfanView
[2009/04/05 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Nokia
[2009/04/05 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Nseries
[2010/05/29 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Octoshape
[2011/07/13 23:51:18 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Opera
[2011/03/05 00:37:33 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\ParetoLogic
[2009/04/05 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\PC Suite
[2012/10/25 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Runscanner.net
[2012/02/11 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\SmartDraw
[2011/03/26 00:35:17 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Systweak
[2012/10/24 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\T55
[2008/04/30 10:28:18 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Template
[2012/04/08 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\tigerplayer
[2012/10/10 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Uniblue
[2011/02/23 01:29:27 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 11:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 09:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 09:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 08:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 08:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 08:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 09:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 02:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 08:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 08:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 17:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 09:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 08:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 09:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 08:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 08:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 09:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 09:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 09:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 09:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 09:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 08:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 08:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 09:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 08:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 08:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 09:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 08:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 18:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 13:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 20:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 08:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 13:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 08:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 08:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 08:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 08:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 09:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 08:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 08:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 08:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 08:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 08:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 08:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 21:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 13:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2008/03/01 15:37:27 | 000,000,184 | ---- | M] () -- C:\setuplog.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/16 01:07:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/16 01:07:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 09:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/05/27 19:22:57 | 000,001,688 | ---- | M] () MD5=1F3B2B641F92A2E2F5C1B813A2871161 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Files - Unicode (All) ==========
[2008/06/09 20:45:43 | 001,214,442 | ---- | M] ()(C:\Users\Trog28\Documents\??? ???.bmp) -- C:\Users\Trog28\Documents\без име.bmp
[2008/06/09 20:44:57 | 001,214,442 | ---- | C] ()(C:\Users\Trog28\Documents\??? ???.bmp) -- C:\Users\Trog28\Documents\без име.bmp
[2008/06/05 18:24:16 | 001,214,442 | ---- | M] ()(C:\Users\Trog28\Documents\????.bmp) -- C:\Users\Trog28\Documents\план.bmp
[2008/06/05 18:23:22 | 001,214,442 | ---- | C] ()(C:\Users\Trog28\Documents\????.bmp) -- C:\Users\Trog28\Documents\план.bmp
[2008/06/05 18:22:54 | 001,214,442 | ---- | M] ()(C:\Users\Trog28\Documents\????? ??????.bmp) -- C:\Users\Trog28\Documents\Малки Чифлик.bmp
[2008/06/05 18:22:06 | 001,214,442 | ---- | C] ()(C:\Users\Trog28\Documents\????? ??????.bmp) -- C:\Users\Trog28\Documents\Малки Чифлик.bmp

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7638A5DA

< End of report >



OTL Extras logfile created on: 29/10/2012 23:07:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trog28\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.77 Mb Total Physical Memory | 400.61 Mb Available Physical Memory | 39.52% Memory free
2.24 Gb Paging File | 1.21 Gb Available in Paging File | 54.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.05 Gb Total Space | 74.90 Gb Free Space | 33.13% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.01% Space Free | Partition Type: NTFS

Computer Name: TROG28-PC | User Name: Trog28 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A6D3F87-A8AE-403C-9B75-8D66C4E85C7E}" = rport=138 | protocol=17 | dir=out | app=system |
"{203CA958-123F-4CAF-B022-9F63E055AD24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{22034ABD-C7DD-4E19-A596-380B23CDB1EA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{35663F2C-9B87-43FE-93DC-A972D3E8F50F}" = lport=137 | protocol=17 | dir=in | app=system |
"{39DF5E66-0BBA-4B72-8A65-941CC4B2DBA9}" = lport=139 | protocol=6 | dir=in | app=system |
"{50ED70D8-F0D2-42CB-B3E1-A195C019B6AC}" = rport=445 | protocol=6 | dir=out | app=system |
"{64E75883-796A-43D3-A4F9-CF7A1CA6DB1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{68B6E08F-BF8F-423F-BAA5-28FDD2C55DE0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{6DBCEDDC-246F-44FB-9882-E77865B2194F}" = rport=137 | protocol=17 | dir=out | app=system |
"{76C5ECE8-D984-425B-9F70-A48CE311BDC7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{76D42DD6-780C-422F-9E54-1C2F04973635}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{8E373349-5E01-4D8A-ACE5-A71363CF679A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{99E6DCED-A4B8-43FB-A929-A0C3D71A0504}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9A78A3E1-CB34-4658-A689-53A55A22A24C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9B5E33F2-E2CD-4983-AEFD-F968F676F521}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{A28048CB-35A1-4FD9-86BE-0D865A51154E}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{A87B5AD0-423C-4AA8-9424-CF7E856D036A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{B0245A8E-EFBA-408C-8829-774D59680975}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B8D53041-D13C-4607-B566-33DBE062BD09}" = rport=139 | protocol=6 | dir=out | app=system |
"{C5FF3614-917A-477A-A7C3-24BCFF59DB9E}" = lport=138 | protocol=17 | dir=in | app=system |
"{E1EF4745-AFE9-4ADD-B7A5-F851C41BC3BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F5DA0904-0F3B-49E6-AD66-F909709373BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{F835707F-F455-4D30-8816-086E126E08E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD404EAB-AEE4-42AF-BF46-4EDCE26998DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FFC1792E-B3A5-4F38-B920-D5CC5B07C37F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027AE85B-9287-468C-A33C-E6A8ABEE95CF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{0AFA45C1-6E28-4BF4-9600-9990FBF92ED5}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{191C8C35-7DBD-42F7-BF63-234B21175191}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{512477CD-5DAF-492E-9EE1-EB3A504D2027}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{564E90B1-461C-45A7-A7A9-8D7C33F78E9A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{9D825A88-28B4-4F7B-94B4-4AFFC349E992}" = protocol=1 | dir=in | [email protected],-28543 |
"{B2A2F7F3-1C7C-4A3E-A52A-159AC8C37598}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B3C85A04-B745-44F6-94F0-89D07757E81D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{C2CA10E0-0095-4A83-B7D6-B891467CC267}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{C75DA719-4EF3-4DF8-92FA-97ECFDBFBD64}" = protocol=58 | dir=in | [email protected],-28545 |
"{CF52002B-F292-4607-822C-6C12E244DAEE}" = protocol=58 | dir=out | [email protected],-28546 |
"{D10ADA50-C359-486C-B5CC-88F781873CDF}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{D8F010D0-0371-4438-9D64-DA2BE7623DEE}" = protocol=1 | dir=out | [email protected],-28544 |
"{E016272A-D1EF-46B3-BE57-34C6642425A1}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{FF7FDDBF-DFB1-4515-B4BE-EC4A3D95299C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{51BE58DC-4B95-499F-8FFB-DBB2EB0DABB2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B26F6E6C-8411-4D3E-88D5-3C386E89429A}C:\users\trog28\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\trog28\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{D93C54B0-CAEE-4472-80E0-117F3A84B105}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{DC6820A8-96CB-4CA0-BAE5-3445F06911B1}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{17C70B9B-8859-4528-A373-61A54BB7B2DD}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{40835B19-4C58-4C44-90F2-8ADBBFB5E780}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{92F07FFC-3E96-4B04-9227-E049B8817201}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{EB625CA1-66FB-4BA8-93CD-F1D0AE5BC9E3}C:\users\trog28\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\trog28\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = USB PC Camera(ZS0211)
"{465FF858-065A-4DD1-B010-388E75513F9B}" = DT2-1 V2.4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50D47CE8-9C16-42D1-A8D8-B143B22E232A}" = Belkin Desktop PCI Card Driver
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Internet Scrabble Club_is1" = WordBiz version 1.8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09/10/2012 13:09:51 | Computer Name = Trog28-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e70 Start Time: 01cda640d33481da Termination Time: 16

Error - 09/10/2012 13:10:18 | Computer Name = Trog28-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 398 Start Time: 01cda640e4cc2b5a Termination Time: 0

Error - 10/10/2012 06:23:39 | Computer Name = Trog28-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/10/2012 06:31:16 | Computer Name = Trog28-PC | Source = VSS | ID = 8194
Description =

Error - 11/10/2012 02:43:39 | Computer Name = Trog28-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: fb4 Start Time: 01cda77ab6737016 Termination Time: 608

Error - 14/10/2012 03:58:29 | Computer Name = Trog28-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1c0 Start Time: 01cda9d5b5a08a27 Termination Time: 172

Error - 16/10/2012 01:20:57 | Computer Name = Trog28-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 638 Start Time: 01cdab5cde2cd637 Termination Time: 2387

Error - 19/10/2012 02:26:31 | Computer Name = Trog28-PC | Source = VSS | ID = 8194
Description =

Error - 19/10/2012 02:33:16 | Computer Name = Trog28-PC | Source = VSS | ID = 8194
Description =

Error - 21/10/2012 14:43:05 | Computer Name = Trog28-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp
0x503723f6, faulting module MSHTML.dll, version 9.0.8112.16450, time stamp 0x50372c8a,
exception code 0xc0000005, fault offset 0x001d9ad6, process id 0xe64, application
start time 0x01cdafbb4ca083f2.

[ System Events ]
Error - 29/10/2012 13:11:41 | Computer Name = Trog28-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/10/2012 13:20:46 | Computer Name = Trog28-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 29/10/2012 13:21:00 | Computer Name = Trog28-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:18:55 on 29/10/2012 was unexpected.

Error - 29/10/2012 13:20:51 | Computer Name = Trog28-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 29/10/2012 13:22:38 | Computer Name = Trog28-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/10/2012 13:22:38 | Computer Name = Trog28-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 29/10/2012 13:22:38 | Computer Name = Trog28-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 29/10/2012 13:22:38 | Computer Name = Trog28-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 29/10/2012 13:32:35 | Computer Name = Trog28-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.139.773.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error
code: 0x80070643 Error description: Fatal error during installation.

Error - 29/10/2012 13:33:39 | Computer Name = Trog28-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-29 20:29:28
-----------------------------
20:29:28.162 OS Version: Windows 6.0.6002 Service Pack 2
20:29:28.162 Number of processors: 2 586 0xF02
20:29:28.162 ComputerName: TROG28-PC UserName: Trog28
20:30:08.800 Initialize success
20:31:35.672 AVAST engine defs: 12102900
20:31:54.720 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
20:31:54.735 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7EA Size: 238475MB BusType: 3
20:31:54.751 Disk 0 MBR read successfully
20:31:54.751 Disk 0 MBR scan
20:31:54.829 Disk 0 Windows VISTA default MBR code
20:31:54.844 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 5500 MB offset 2048
20:31:54.876 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 11266048
20:31:54.907 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 231473 MB offset 14338048
20:31:55.000 Disk 0 scanning sectors +488394752
20:31:55.125 Disk 0 scanning C:\Windows\system32\drivers
20:32:20.148 Service scanning
20:32:40.069 Service MpKsl56e8455e c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA46843F-2A18-4E7E-88D2-3C13B043BA34}\MpKsl56e8455e.sys **LOCKED** 32
20:33:09.553 Modules scanning
20:33:16.651 Disk 0 trace - called modules:
20:33:16.682 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:33:16.698 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84ea4ac8]
20:33:16.713 3 CLASSPNP.SYS[865a98b3] -> nt!IofCallDriver -> [0x846ec918]
20:33:16.729 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x846eab98]
20:33:17.930 AVAST engine scan C:\Windows
20:33:24.186 AVAST engine scan C:\Windows\system32
20:37:49.620 AVAST engine scan C:\Windows\system32\drivers
20:38:16.093 AVAST engine scan C:\Users\Trog28
21:02:25.524 AVAST engine scan C:\ProgramData
21:08:00.818 Scan finished successfully
23:03:34.257 Disk 0 MBR has been saved successfully to "C:\Users\Trog28\Desktop\MBR.dat"
23:03:34.388 The log file has been saved successfully to "C:\Users\Trog28\Desktop\aswMBR.txt"


Computer at the moment is still very stuttery. It seems to get caught up with itself and spends a lot of time 'thinking'? Actually it's like when you get a satellite echo on the phone. It freezes several times a day.

Thanks again

F

[CompCav]

Low Memory

After we do some clean up you need to look into getting more memory.

1013.77 Mb Total Physical Memory This is a major issue for a computer with Vista SP 2. It may have been enough memory when you purchased the computer but with the software you are running you need at least 3 Gigabytes and you have barely one.

For the memory I would recommend that you run the Crucial Scanner that will give you full details about the RAM that your system will accept.


Uninstalls

You have several programs that are troublesome please go to Start >> Control Panel >> Add/Remove Programs and remove the following:

Yontoo 1.10.02
IObit This is of limited utility and will always ask you to upgrade to do real removal.

Ad-Aware Antivirus
AVG
Multiple antivirus programs are bad for your computer. They can cause lockups, stuttering, and other problems. Once you have uninstalled these completely then download and run the following tools to remove all remnants of AVG:

AVG


Then follow the second set of instructions for Lavasoft listed in the link:

LavaSoft Ad-Aware AV


Finally remove all these programs that are present on your computer they are P2P and are conduits for malware:

Azureus
BitComet
CometPlayer
FrostWire
uTorrentBar



Proxy Issue

A single user has a proxy from:

Fasthosts Internet Limited

It is the following proxy, are you using this on purpose?

IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=88.208.239.66:808;https=88.208.239.66:808;ftp=88.208.239.66:808;socks=88.208.239.66:1808



AdwCleaner Tool Run

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please post it


New OTL log

Reopen OTL
Click Scan All Users
Click Quick Scan, when it is finished it will produce one log, OTL.txt, please post the log in your next reply.


Next Post

Let me know:

• Which programs you could not uninstall.
• Is the proxy above legitimate and if so for what purpose?

Please post:

AdwCleaner log
OTL.txt


Also let me know if there has been any change in your computer's issues

[Firecow]

Hello again
I can't see Lavasoft anything or Azureus,BitComet,CometPlayer,FrostWire,uTorrentBar on my add/remove programmes list?
Also I ran the adwcleaner on delete, saw the report. I shut the report though so I could read the next instructions and now I can't find it? It didn't go to the desktop like the OTL report. Should I run it again?
Sorry for being a bit of a dumb bunny!
The proxy address we use for watching Uk IPlayers

F

Edited by Firecow, 30 October 2012 - 12:31 PM.

[CompCav]

can't see Lavasoft anything or Azureus,BitComet,CometPlayer,FrostWire,uTorrentBar on my add/remove programmes list?

That is OK, I can remove remnants after posts.

I shut the report though so I could read the next instructions and now I can't find it?

It is in your root drive, C:\AdwCleaner.txt

The proxy address we use for watching Uk IPlayers

Thanks


Please post the AdwCleaner log from your C:\ drive

Then run and post OTL as noted in my previous post. Be sure to check Scan all users then press Quick Scan

[Firecow]

# AdwCleaner v2.005 - Logfile created 10/30/2012 at 08:36:46
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Trog28 - TROG28-PC
# Boot Mode : Normal
# Running from : C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39CV6H5Y\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Trog28\AppData\Local\Conduit
Folder Deleted : C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Deleted : C:\Users\Trog28\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Trog28\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Trog28\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Trog28\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Trog28\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Trog28\AppData\LocalLow\TheBflix

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2549263
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5073 octets] - [30/10/2012 08:35:06]
AdwCleaner[S1].txt - [4545 octets] - [30/10/2012 08:36:46]

########## EOF - C:\AdwCleaner[S1].txt - [4605 octets] ##########

[Firecow]

OTL logfile created on: 30/10/2012 22:10:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trog28\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.77 Mb Total Physical Memory | 299.53 Mb Available Physical Memory | 29.55% Memory free
2.24 Gb Paging File | 1.21 Gb Available in Paging File | 54.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.05 Gb Total Space | 72.79 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.41 Gb Free Space | 96.01% Space Free | Partition Type: NTFS

Computer Name: TROG28-PC | User Name: Trog28 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 22:09:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trog28\Downloads\OTL (1).exe
PRC - [2012/10/09 08:49:45 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2012/10/19 08:54:15 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2012/10/09 08:49:47 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM108.sys -- (USBPNPA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Trog28\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\adildr.sys -- (ADILOADER)
DRV - [2012/10/25 19:31:04 | 000,013,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/11/23 22:45:42 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2011/05/25 01:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/11/20 15:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/01/19 07:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/07/13 07:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/08 15:18:18 | 001,534,464 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZS211.sys -- (ZSMC211)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2005/09/16 15:14:02 | 000,149,504 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VoIPUSBDriver.sys -- (BulkUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enBG450
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=88.208.239.66:808;https=88.208.239.66:808;ftp=88.208.239.66:808;socks=88.208.239.66:1808


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trog28\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trog28\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/19 20:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/05/12 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Extensions
[2009/05/12 09:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/24 13:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions
[2012/03/24 13:35:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/20 19:05:04 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Trog28\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B2C0DA6-AB8E-48E0-8D1D-6610060175D2}: DhcpNameServer = 10.202.48.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{920086BE-3EC9-42BE-9C5E-7ADC82DB54ED}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Applications\oem\wallpaper5.jpg
O24 - Desktop BackupWallPaper: C:\Applications\oem\wallpaper5.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/25 22:39:35 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\Runscanner.net
[2012/10/24 22:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\T55
[2012/10/24 22:14:00 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\T55
[2012/10/19 09:28:10 | 000,000,000 | ---D | C] -- C:\Users\Trog28\Desktop\Little [bleep]
[2012/10/19 09:08:55 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2012/10/19 08:53:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2012/10/19 08:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/10/19 08:24:30 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Local\SlimWare Utilities Inc
[2012/10/19 08:24:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/10/12 17:06:16 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\LavasoftStatistics
[2012/10/12 17:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/10/12 17:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2012/10/12 17:00:51 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Local\Downloaded Installations
[2012/10/12 17:00:23 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Local\adawarebp
[2012/10/12 17:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/10/12 16:59:39 | 000,000,000 | ---D | C] -- C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus
[2012/10/09 19:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/30 21:56:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 21:56:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/30 21:56:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-49009418-3967457827-3402590753-1000UA.job
[2012/10/30 21:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/30 21:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/30 20:04:26 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/30 20:04:26 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/30 19:57:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/30 19:56:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/29 23:03:34 | 000,000,512 | ---- | M] () -- C:\Users\Trog28\Desktop\MBR.dat
[2012/10/29 19:56:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-49009418-3967457827-3402590753-1000Core.job
[2012/10/25 19:31:04 | 000,013,024 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/10/19 09:05:50 | 000,000,111 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012/10/14 09:49:37 | 000,000,105 | ---- | M] () -- C:\prefs.js
[2012/10/11 00:02:59 | 000,002,052 | ---- | M] () -- C:\Users\Trog28\Desktop\Google Chrome.lnk
[2012/10/10 19:59:34 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/09 19:56:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/07 21:18:58 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 23:03:34 | 000,000,512 | ---- | C] () -- C:\Users\Trog28\Desktop\MBR.dat
[2012/10/19 09:05:50 | 000,000,111 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2012/10/19 09:04:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2012/10/19 08:35:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1587.dll
[2012/10/19 08:35:21 | 000,032,912 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2012/10/19 08:24:35 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/10/14 09:49:37 | 000,000,105 | ---- | C] () -- C:\prefs.js
[2012/10/09 19:56:48 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/10 08:34:14 | 000,067,072 | ---- | C] () -- C:\Users\Trog28\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/22 14:32:13 | 000,000,104 | ---- | C] () -- C:\Users\Trog28\Network - Shortcut.lnk
[2011/03/05 00:51:24 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/08/29 09:24:49 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/09/10 08:01:09 | 000,000,104 | ---- | C] () -- C:\Users\Trog28\Computer - Shortcut.lnk
[2008/05/18 15:25:58 | 000,000,680 | ---- | C] () -- C:\Users\Trog28\AppData\Local\d3d9caps.dat
[2008/05/15 21:07:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/03/28 12:37:21 | 000,001,490 | ---- | C] () -- C:\Users\Trog28\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2011/03/04 09:23:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/13 07:27:31 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus
[2012/02/13 01:20:25 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\AVG
[2010/09/01 13:56:25 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\AVG9
[2011/07/07 22:24:24 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Azureus
[2011/12/16 23:25:40 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/04/08 22:34:21 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\BitComet
[2008/11/11 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/08 21:25:30 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\CometPlayer
[2011/03/05 00:37:33 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\DriverCure
[2012/02/02 16:20:02 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\eTeks
[2011/03/30 09:47:42 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FinalMediaPlayer
[2008/05/25 10:03:44 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FlashGet
[2011/06/10 09:20:35 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FrostWire
[2010/01/20 00:07:40 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FUJIFILM
[2011/04/22 09:48:36 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\GetRightToGo
[2012/10/10 12:30:29 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\IObit
[2012/02/01 11:37:38 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\IrfanView
[2009/04/05 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Nokia
[2009/04/05 20:43:54 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Nseries
[2010/05/29 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Octoshape
[2011/07/13 23:51:18 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Opera
[2011/03/05 00:37:33 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\ParetoLogic
[2009/04/05 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\PC Suite
[2012/10/25 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Runscanner.net
[2012/02/11 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\SmartDraw
[2011/03/26 00:35:17 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Systweak
[2012/10/24 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\T55
[2008/04/30 10:28:18 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Template
[2012/04/08 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\tigerplayer
[2012/10/10 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Uniblue
[2011/02/23 01:29:27 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 11:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 09:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 09:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 08:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 08:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 08:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 09:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 02:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 08:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 08:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 17:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 09:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 08:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 09:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 08:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 08:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 09:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 09:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 09:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 09:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 09:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 08:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 08:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 09:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 08:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 08:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 09:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 16:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 08:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 18:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 13:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 20:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 08:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 13:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 08:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 08:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 08:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 08:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 09:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 08:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 08:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 08:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 08:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 08:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 08:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 21:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 13:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2008/03/01 15:37:27 | 000,000,184 | ---- | M] () -- C:\setuplog.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/05/16 01:07:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/05/16 01:07:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 23:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 09:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 11:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 14:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/05/27 19:22:57 | 000,001,688 | ---- | M] () MD5=1F3B2B641F92A2E2F5C1B813A2871161 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 23:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 14:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 23:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2006/11/02 11:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 09:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >
[2006/11/02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 15:01:49 | 000,032,644 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/10/19 19:00:25 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/19 19:00:26 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/03/02 00:18:14 | 000,000,860 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-49009418-3967457827-3402590753-1000Core.job
[2010/03/02 00:18:15 | 000,000,912 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-49009418-3967457827-3402590753-1000UA.job
[2012/04/11 22:13:23 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

========== Files - Unicode (All) ==========
[2008/06/09 20:45:43 | 001,214,442 | ---- | M] ()(C:\Users\Trog28\Documents\??? ???.bmp) -- C:\Users\Trog28\Documents\без име.bmp
[2008/06/09 20:44:57 | 001,214,442 | ---- | C] ()(C:\Users\Trog28\Documents\??? ???.bmp) -- C:\Users\Trog28\Documents\без име.bmp
[2008/06/05 18:24:16 | 001,214,442 | ---- | M] ()(C:\Users\Trog28\Documents\????.bmp) -- C:\Users\Trog28\Documents\план.bmp
[2008/06/05 18:23:22 | 001,214,442 | ---- | C] ()(C:\Users\Trog28\Documents\????.bmp) -- C:\Users\Trog28\Documents\план.bmp
[2008/06/05 18:22:54 | 001,214,442 | ---- | M] ()(C:\Users\Trog28\Documents\????? ??????.bmp) -- C:\Users\Trog28\Documents\Малки Чифлик.bmp
[2008/06/05 18:22:06 | 001,214,442 | ---- | C] ()(C:\Users\Trog28\Documents\????? ??????.bmp) -- C:\Users\Trog28\Documents\Малки Чифлик.bmp

========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7638A5DA

< End of report >

[CompCav]

What are your current issues?

[Firecow]

Very slow to change a page, eg it takes several minutes to refresh this thread, and it's coming up just as script on a veeeeeeery long page! I haven't tried restarting it tonight, but it takes many minutes to shut down (5 or 6?)
I don't know how it is on the stuttering/ freezing so far, but it has been playing the tv okay tonight.
I'll see how it goes and put another message up tomorrow

F

[CompCav]

Step 1.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  [2012/03/24 13:35:30 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
  [2011/12/20 19:05:04 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O3 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
  O3 - HKU\S-1-5-21-49009418-3967457827-3402590753-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
  [2012/10/13 07:27:31 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus
  [2012/02/13 01:20:25 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\AVG
  [2010/09/01 13:56:25 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\AVG9
  [2011/07/07 22:24:24 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\Azureus
  [2012/04/08 22:34:21 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\BitComet
  [2012/04/08 21:25:30 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\CometPlayer
  [2011/06/10 09:20:35 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\FrostWire
  [2012/10/10 12:30:29 | 000,000,000 | ---D | M] -- C:\Users\Trog28\AppData\Roaming\IObit
  [2008/03/01 15:37:27 | 000,000,184 | ---- | M] () -- C:\setuplog.exe
  
  
  :files
  ipconfig /flushdns /c
  
  
  :reg
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [createrestorepoint]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 3.

Please post:

OTL fix log
MalwareBytes' log


Update me on computer performance.

[Firecow]

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
Registry value HKEY_USERS\S-1-5-21-49009418-3967457827-3402590753-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121014T061739.152076PID3112 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121013T052155.326373PID3124 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121013T052147.566773PID2204 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121013T050555.799788PID3272 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121013T050548.859388PID2344 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121012T150843.877994PID3524 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121012T150818.587994PID2116 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs\20121012T145939.078267PID1132 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\Rescue\Tweak Manager folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\Rescue\ServiceManager folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG\PC Tuneup folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Trog28\AppData\Roaming\AVG9 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\torrents folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\tmp folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\shares folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\rss folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\plugins folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\net folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\logs folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\dht folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus\active folder moved successfully.
C:\Users\Trog28\AppData\Roaming\Azureus folder moved successfully.
C:\Users\Trog28\AppData\Roaming\BitComet\torrents folder moved successfully.
C:\Users\Trog28\AppData\Roaming\BitComet\share folder moved successfully.
C:\Users\Trog28\AppData\Roaming\BitComet\rules folder moved successfully.
C:\Users\Trog28\AppData\Roaming\BitComet\fav folder moved successfully.
C:\Users\Trog28\AppData\Roaming\BitComet\cache folder moved successfully.
C:\Users\Trog28\AppData\Roaming\BitComet\archive folder moved successfully.
C:\Users\Trog28\AppData\Roaming\BitComet folder moved successfully.
C:\Users\Trog28\AppData\Roaming\CometPlayer\skin folder moved successfully.
C:\Users\Trog28\AppData\Roaming\CometPlayer folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5048 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\image_cache folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
Folder move failed. C:\Users\Trog28\AppData\Roaming\FrostWire\.AppSpecialShare scheduled to be moved on reboot.
Folder move failed. C:\Users\Trog28\AppData\Roaming\FrostWire scheduled to be moved on reboot.
C:\Users\Trog28\AppData\Roaming\IObit\SmartRAM folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\InternetBooster folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced Uninsataller folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit\Advanced SystemCare folder moved successfully.
C:\Users\Trog28\AppData\Roaming\IObit folder moved successfully.
C:\setuplog.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Trog28\Downloads\cmd.bat deleted successfully.
C:\Users\Trog28\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User

User: Public

User: Trog28
->Temp folder emptied: 1349089 bytes
->Temporary Internet Files folder emptied: 74559350 bytes
->Java cache emptied: 2867978 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 15164923 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13350 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10302012_234740

Files\Folders moved on Reboot...
C:\Users\Trog28\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\Trog28\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6VREIT1O\page__gopid__2222411[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Firecow]

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.30.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Trog28 :: TROG28-PC [administrator]

31/10/2012 00:18:54
mbam-log-2012-10-31 (00-18-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185624
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Progress report
There's an add on that cannot be opened on this site and on Freemeteo.com, and I wasn't able to connect to the internet when it rebooted. I had to reset the modem, but maybe that was just coincidence? I haven't been surfing properly yet. Shut down and restart is very slow
Apart from that - all good!

F

[CompCav]

Do you have this issue with all browsers or just one/some?

Step 1.

Download farbar service scanner to your desktop and then run it.



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply


Step 2.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
  [2012/10/14 09:49:37 | 000,000,105 | ---- | C] () -- C:\prefs.js
  
  
  :files
  ipconfig /flushdns /c
  
  
  :reg
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [createrestorepoint]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 4.

Please post:

FSS.txt
checkup.txt
OTL fix log

Please answer question about which browsers or all?
Also give me an update on computer issues

[Firecow]

Hello there

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
C:\prefs.js moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Trog28\Downloads\cmd.bat deleted successfully.
C:\Users\Trog28\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Public

User: Trog28
->Temp folder emptied: 49152 bytes
->Temporary Internet Files folder emptied: 55153264 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 530046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10312012_193707

Files\Folders moved on Reboot...
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RPXYYDAH\0[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RPXYYDAH\33295-9[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RPXYYDAH\page__pid__2222442[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\87OV45QR\emily[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1NULDEMN\csc-render[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1NULDEMN\ext-render-secure[3].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1NULDEMN\fc[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1NULDEMN\launch[1].htm moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1NULDEMN\st[1] moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1NULDEMN\st[3] moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Trog28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\TMP000000053A7AB8608D174C48 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 08:59] - [2012-06-02 02:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-05-27 11:57] - [2008-01-19 09:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java™ 6 Update 26
Java™ 6 Update 7
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

It seems to be generally running smoother than it was a few days ago. It was happening on IE, I haven't used Chrome for ages, haven't noticed on there. Shut down still takes ages.