Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pup.offerbundler.st and affiliate.downloader malware causing problems.

Started by nickolay83 , Nov 18 2012 05:40 AM

  • This topic is locked This topic is locked

#1
nickolay83
Posted 18 November 2012 - 05:40 AM

nickolay83

    New Member

  • Member
  • Pip
  • 7 posts
hello there.
i have been having problems from yesterday with my computer, i think its because i wanted to download music from youtube and i've been downloading some files on the computer, but i'm not too sure if thats the reason.

anyway the first problem occur when i've downloaded few songs and than i tried to open the chrome to see if i can download any more songs, but only blank screen came out and after some time it saz if i wanted to kill the page as it doesnt respond. so i knew than, that i got a virus. well i have switched my computer off and this morning when i boot up my computer it gave me 2 errors:
1. Userinit Logon Application has stopped working
2. Task Scheduler Engine has stopped working
after i clicked them, i just had black screen. i tried to reboot my comp few times and it told me same thing, only on the 4-5th time it opened properly.

chrome and mozila wont work but only internet explorer is working atm, so i started to google for help and came on to one of your previouse users having same problem with userinit (topic: help with bprotect.exe malware on 21 dec 2011 by icikle)

i have read your post about downloading malwarebytes (which found 2 viruses as i have mention in topic) and OTL so i'm including them as well.

thanks

OTL logfile created on: 18/11/2012 11:12:53 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nickolay\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 52.00% Memory free
6.99 Gb Paging File | 4.90 Gb Available in Paging File | 70.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 379.07 Gb Free Space | 40.70% Space Free | Partition Type: NTFS

Computer Name: NICKOLAY-PC | User Name: nickolay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 11:00:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
PRC - [2012/10/17 15:56:16 | 000,392,160 | ---- | M] (Montera Technologeis LTD) -- C:\Program Files\Claro LTD\claro\1.8.3.10\clarosrv.exe
PRC - [2012/10/13 18:43:30 | 000,569,720 | ---- | M] () -- C:\Program Files\Freecorder extension\PropertySync.exe
PRC - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/10/08 22:29:24 | 000,092,360 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
PRC - [2012/10/02 22:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 19:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/10/02 19:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/14 14:14:19 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/06 22:49:59 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files\Bandoo\Bandoo.exe
PRC - [2012/03/06 10:23:40 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
PRC - [2009/10/16 10:44:14 | 001,600,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
PRC - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
PRC - [2009/10/16 10:44:06 | 001,060,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 12:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\SDBMSG.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 00:05:48 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
MOD - [2012/11/15 00:05:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
MOD - [2012/11/15 00:05:19 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
MOD - [2012/11/15 00:05:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
MOD - [2012/10/17 14:45:54 | 000,058,880 | ---- | M] () -- C:\Program Files\Claro LTD\claro\1.8.3.10\escortShld.dll
MOD - [2012/10/13 18:43:30 | 000,569,720 | ---- | M] () -- C:\Program Files\Freecorder extension\PropertySync.exe
MOD - [2012/10/13 18:43:30 | 000,256,888 | ---- | M] () -- C:\Program Files\Freecorder extension\ButtonSite.dll
MOD - [2012/10/13 18:43:30 | 000,094,072 | ---- | M] () -- C:\Program Files\Freecorder extension\RegistryHelper.dll
MOD - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/10/11 11:17:06 | 002,069,528 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/10/08 22:29:24 | 000,090,824 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/08 12:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\SDBMSG.exe
MOD - [2009/06/10 15:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\DBIOS.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/11/15 00:09:49 | 000,539,984 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/10/09 02:19:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 22:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/16 13:45:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/06 22:49:59 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 13:12:58 | 001,406,264 | ---- | M] (Virgin Media) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/09/12 23:34:50 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Disabled | Stopped] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/08/29 22:29:58 | 003,893,752 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/09/08 08:51:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Disabled | Stopped] -- C:\Program Files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nickolay\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2012/11/18 11:10:38 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\rhtrvpw.sys -- (hgyuct)
DRV - [2012/11/18 10:56:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/11/18 10:18:54 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44A3B9C6-9367-4CAC-B6D3-4E3CBF777643}\MpKsl31bdd3f9.sys -- (MpKsl31bdd3f9)
DRV - [2012/11/18 10:18:09 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/10/02 22:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/30 12:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/30 12:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/07/03 15:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/07/09 12:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/10/16 10:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2009/10/16 10:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2009/10/16 10:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/13 08:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...00000ff66238616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 45 E3 6F 33 52 CB 01 [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...00000ff66238616
IE - HKCU\..\SearchScopes\{7A0D77A4-01F2-4196-92FC-68A4233EC21B}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-10 12:36:07&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B652AD0D-8E12-45C5-B3BA-BF141C1B537A}: "URL" = http://search.condui...&ctid=CT3078318
IE - HKCU\..\SearchScopes\{EFDAEBF9-58C3-434e-9077-10566405FC0A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaultthis.engineName: "Apps-O-Rama Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit...d=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..browser.startup.homepage: "http://home.speedbit...?pid=%s&aid=%s"
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:10.0.2.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.1.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: {073fbacd-9ac2-4e44-8b72-e2dad6810509}:3.4.1.0
FF - prefs.js..keyword.URL: "http://home.speedbit...d=%s&shr=%d&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nickolay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/09/17 17:51:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/25 13:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DAP\daplinkchecker [2012/10/08 22:29:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/16 13:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 09:59:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/10/08 22:29:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected] [2012/04/09 13:40:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/11/17 14:49:56 | 000,000,000 | ---D | M]

[2012/04/09 13:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Extensions
[2012/11/17 15:30:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions
[2012/11/06 11:18:16 | 000,000,000 | ---D | M] (Apps-O-Rama Community Toolbar) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\{073fbacd-9ac2-4e44-8b72-e2dad6810509}
[2012/09/04 10:22:06 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/04/09 13:41:06 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/11/17 14:53:31 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2010/10/25 16:43:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/04/09 13:40:47 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/10/09 00:05:40 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/11/17 14:50:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/02/23 13:54:22 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/04/09 19:06:15 | 000,002,306 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\askcomsearch.xml
[2012/11/17 14:49:56 | 000,002,514 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\browsemngr.xml
[2011/04/27 15:06:18 | 000,000,925 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\conduit.xml
[2012/04/09 13:41:00 | 000,002,519 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\Search_Results.xml
[2012/10/09 01:12:39 | 000,002,520 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\speedbit.xml
[2012/10/21 10:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/25 13:04:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/25 13:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/04 12:25:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/21 10:44:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/08 22:29:52 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2012/10/08 22:29:52 | 000,000,000 | ---D | M] (DAP Link Checker) -- C:\PROGRAM FILES\DAP\DAPLINKCHECKER
[2012/08/25 13:04:44 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/11/17 14:49:56 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012/09/16 13:45:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/14 09:14:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/04/25 11:56:59 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/18 10:35:45 | 000,003,727 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/11/17 14:49:35 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/16 13:45:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/25 11:56:59 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 11:56:59 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/09 13:41:00 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/09/16 13:45:00 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 11:56:58 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

Hosts file not found
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension\ScriptHost.dll (freecorder.com)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ytbyclick Toolbar) - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files\gigabyte\smart6\dbios\Run.exe ()
O4 - Startup: C:\Users\nickolay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\nickolay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66238616-D0C2-4449-8C43-D9EEBE9AD4AD}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69D585D6-4F9D-4E61-815E-550709183A55}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D899F138-0CF2-44E0-9C6C-D8D486F4A8E4}: DhcpNameServer = 172.31.139.17 172.30.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9A7F188-6418-4547-B588-18CE17204CFE}: DhcpNameServer = 149.254.230.7 149.254.199.126
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 11:00:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
[2012/11/18 10:56:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/18 10:56:20 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Malwarebytes
[2012/11/18 10:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/18 10:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/18 10:56:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/18 10:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/18 10:55:16 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\nickolay\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/17 14:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/11/17 14:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension
[2012/11/17 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/11/17 14:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/11/17 14:50:04 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Claro
[2012/11/17 14:50:03 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/11/17 14:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/17 14:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD
[2012/11/17 14:49:17 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Babylon
[2012/11/17 14:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/17 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Nero
[2012/11/16 15:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/11/15 15:43:52 | 000,000,000 | ---D | C] -- C:\Temp
[2012/11/15 15:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/11/15 15:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/11/15 15:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/11/15 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/11/07 10:43:22 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{40D6C512-A02B-400A-AC3D-4D0F94B4130F}
[2012/11/05 09:14:19 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EB2ED8F8-8DB3-426C-B742-FAC18452A40E}
[2012/11/01 23:50:28 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{5870CB54-6DEB-4819-B09C-7716CCBC26B8}
[2012/11/01 11:33:45 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{527A4F92-4CB6-4AA5-A352-016C90EFB245}
[2012/10/30 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{E0D96E67-D979-440B-91DC-E4774D1C4152}
[2012/10/30 11:05:36 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EF2B4BD3-4EAE-4DDB-BEBF-A6EC2BCDA267}
[2012/10/29 11:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/26 10:05:12 | 000,000,000 | ---D | C] -- C:\steampipetools
[2012/10/26 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PWD
[2012/10/26 07:20:39 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EFAEAC54-BFE2-4593-8459-42F7C0862FEF}
[2012/10/25 11:16:45 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{0078FA00-C66B-4F56-9827-1D26046E2E1F}
[2012/10/24 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{9B9C6A60-FE29-4959-89BC-23F9B10C766D}
[2012/10/24 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{ED7FAD4B-791A-418B-A23A-77F9C9D3B087}
[2012/10/22 12:01:39 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{6EB013C9-2F96-46CA-8CB2-313B55EEBDC4}
[2012/10/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{E8CB03C7-037B-4744-A7CC-D519478EB011}
[2012/10/21 12:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/10/20 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{7D7D8D4F-F044-48F8-817C-43258D135D97}
[2012/10/19 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{C29DCB31-9AA9-4227-A1F4-B445DF582D4A}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/18 11:10:38 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rhtrvpw.sys
[2012/11/18 11:00:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
[2012/11/18 11:00:21 | 000,001,247 | ---- | M] () -- C:\Users\nickolay\Desktop\My DAP Downloads.lnk
[2012/11/18 10:56:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/11/18 10:56:13 | 000,001,087 | ---- | M] () -- C:\Users\nickolay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 10:56:13 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/18 10:55:44 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\nickolay\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/18 10:41:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 10:25:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 10:25:31 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 10:22:27 | 000,722,244 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2012/11/18 10:22:27 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/18 10:22:27 | 000,149,282 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2012/11/18 10:22:27 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/18 10:19:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/18 10:19:14 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68469809-3883249263-866296372-1000UA.job
[2012/11/18 10:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 10:17:56 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 10:17:12 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/17 15:19:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68469809-3883249263-866296372-1000Core.job
[2012/11/15 15:44:09 | 000,002,713 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012/11/15 15:41:51 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012/11/15 00:03:31 | 000,403,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Zombies.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012/11/08 11:20:17 | 000,002,456 | ---- | M] () -- C:\Users\nickolay\Desktop\Google Chrome.lnk
[2012/11/04 12:49:27 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/11/04 12:49:21 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/11/04 12:48:57 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/11/02 00:19:30 | 000,001,296 | ---- | M] () -- C:\Users\nickolay\Desktop\SnippingTool.exe - Shortcut.lnk
[2012/11/02 00:11:26 | 000,452,043 | ---- | M] () -- C:\Users\nickolay\Desktop\Untitled.png
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/18 11:10:38 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\rhtrvpw.sys
[2012/11/18 10:56:13 | 000,001,087 | ---- | C] () -- C:\Users\nickolay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 10:56:13 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 15:44:09 | 000,002,713 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012/11/15 15:41:51 | 000,002,655 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012/11/14 15:28:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 15:27:23 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 15:31:43 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Zombies.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012/11/13 15:31:42 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II.url
[2012/11/02 00:19:30 | 000,001,296 | ---- | C] () -- C:\Users\nickolay\Desktop\SnippingTool.exe - Shortcut.lnk
[2012/11/02 00:11:26 | 000,452,043 | ---- | C] () -- C:\Users\nickolay\Desktop\Untitled.png
[2012/10/12 23:02:05 | 000,000,178 | ---- | C] () -- C:\Windows\System32\BoR_Launcher.ini
[2012/10/12 23:02:05 | 000,000,047 | ---- | C] () -- C:\Windows\System32\config.ini
[2012/10/12 23:01:53 | 000,194,048 | ---- | C] () -- C:\Windows\System32\antihack.dll
[2012/10/12 23:01:53 | 000,000,373 | ---- | C] () -- C:\Windows\System32\addons.ini
[2012/10/12 22:58:41 | 000,999,424 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll
[2012/10/12 22:58:41 | 000,381,010 | ---- | C] () -- C:\Windows\System32\wz_zp.dll
[2012/10/12 22:58:41 | 000,229,432 | ---- | C] () -- C:\Windows\System32\wsctlcd.dll
[2012/10/12 22:58:41 | 000,212,992 | ---- | C] () -- C:\Windows\System32\wzAudio.dll
[2012/10/12 22:58:41 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2012/10/12 22:58:41 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mumsg.dll
[2012/10/12 22:58:41 | 000,046,080 | ---- | C] () -- C:\Windows\System32\ttlci_2.dll
[2012/10/12 22:58:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\wsctlc.dll
[2012/10/12 22:58:41 | 000,000,397 | ---- | C] () -- C:\Windows\System32\MuEng.ini
[2012/10/12 22:58:41 | 000,000,389 | ---- | C] () -- C:\Windows\System32\MuEngTest.ini
[2012/10/12 22:58:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Glow.dll
[2012/10/08 22:29:50 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/10/08 22:29:50 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/05/22 11:31:16 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/05/17 09:28:14 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/03/01 13:10:53 | 000,003,584 | ---- | C] () -- C:\Users\nickolay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 14:51:28 | 000,040,034 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\UserTile.png
[2011/12/05 11:47:47 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/31 06:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/05/31 06:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/05/22 07:57:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/28 09:10:27 | 000,106,496 | ---- | C] () -- C:\Windows\System32\PixText.dll
[2011/04/26 11:32:47 | 000,000,000 | ---- | C] () -- C:\Users\nickolay\AppData\Local\prvlcl.dat
[2011/04/20 14:34:40 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/04/20 14:34:40 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/02/27 00:50:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/27 00:50:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/21 13:19:58 | 000,022,328 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\PnkBstrK.sys

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/31 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\AVG
[2012/11/17 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Babylon
[2012/04/09 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Bandoo
[2011/04/20 15:28:13 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\BugTrap Console Test108
[2012/11/17 14:50:04 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Claro
[2011/03/26 10:08:54 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/07/19 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\DarkBlood ServiceNa
[2012/01/09 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\DriverCure
[2012/11/18 10:20:22 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Dropbox
[2012/02/15 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\FOG Downloader
[2010/09/14 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Foxit
[2011/10/09 14:09:32 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\GiftBoxPlus
[2010/09/14 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\ijjigame
[2011/01/13 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\launcher
[2011/01/14 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\LolClient
[2012/05/24 17:38:20 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\LolClient2
[2011/01/13 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Martial Empires Luancher OBT
[2011/07/12 08:26:09 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Need for Speed World
[2011/09/26 18:31:00 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\NPLUTO Corporation
[2010/09/27 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Radialpoint
[2012/02/29 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\redsn0w
[2011/12/02 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\TS3Client
[2011/12/02 14:41:08 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\ts3overlay
[2012/10/09 03:02:38 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Tunngle
[2011/02/27 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Unity
[2012/11/18 11:09:00 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\uTorrent
[2011/02/05 13:41:18 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Virgin Media
[2011/09/23 08:23:21 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Windows Live Writer
[2012/10/08 23:51:03 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\YourFileDownloader
[2012/09/01 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\ZalmanInstaller_otshot

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/01/03 00:12:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\㗠ǂ
[2012/01/03 00:12:05 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\㗠ǂ
[2011/08/29 21:02:00 | 000,000,017 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ˀǾ
[2011/08/29 21:02:00 | 000,000,017 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ˀǾ

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF

< End of report >


i have added extra from otl and aswMBR, dont know if u need this but i included dxdiag.

Attached Files


Edited by nickolay83, 18 November 2012 - 06:10 AM.

  • 0

Advertisements

#2
Essexboy
Posted 18 November 2012 - 06:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets clear some of the dross first so that I can get a better look at the system

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2012/10/11 11:17:59 | 002,312,216 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/03/06 22:49:59 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files\Bandoo\Bandoo.exe -- (Bandoo Coordinator)
SRV - [2010/09/12 23:34:50 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Disabled | Stopped] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva398.sys -- (XDva398)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva385.sys -- (XDva385)
DRV - [2012/11/18 11:10:38 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\rhtrvpw.sys -- (hgyuct)
IE - HKLM\..\URLSearchHook: {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...00000ff66238616
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {7F4EFF06-7032-458e-AE16-1C1D8255C28A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...00000ff66238616
IE - HKCU\..\SearchScopes\{7A0D77A4-01F2-4196-92FC-68A4233EC21B}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B652AD0D-8E12-45C5-B3BA-BF141C1B537A}: "URL" = http://search.condui...&ctid=CT3078318
IE - HKCU\..\SearchScopes\{EFDAEBF9-58C3-434e-9077-10566405FC0A}: "URL" = http://home.speedbit...q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaultthis.engineName: "Apps-O-Rama Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..browser.startup.homepage: "http://home.speedbit.com/?pid=%s&aid=%s"
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {073fbacd-9ac2-4e44-8b72-e2dad6810509}:3.4.1.0
FF - prefs.js..keyword.URL: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010/09/17 17:51:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected] [2012/04/09 13:40:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/11/17 14:49:56 | 000,000,000 | ---D | M]
[2012/11/06 11:18:16 | 000,000,000 | ---D | M] (Apps-O-Rama Community Toolbar) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\{073fbacd-9ac2-4e44-8b72-e2dad6810509}
[2012/04/09 13:41:06 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/11/17 14:53:31 | 000,000,000 | ---D | M] (Freecorder) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/04/09 13:40:47 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/10/09 00:05:40 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/11/17 14:50:12 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/11/17 14:49:56 | 000,002,514 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\browsemngr.xml
[2011/04/27 15:06:18 | 000,000,925 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\conduit.xml
[2012/04/09 13:41:00 | 000,002,519 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\Search_Results.xml
[2012/10/09 01:12:39 | 000,002,520 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\speedbit.xml
[2012/08/25 13:04:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/04 12:25:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/17 14:49:56 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012/11/17 14:49:35 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/09 13:41:00 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension\ScriptHost.dll (freecorder.com)
O2 - BHO: (SpeedBit Link Verification Helper) - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files\DAP\LinkVerifier.dll (Speedbit Ltd.)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (ytbyclick Toolbar) - {d4f1c433-f9c3-49f2-8645-37dbeca19e90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKCU\..\Toolbar\WebBrowser: (ytbyclick Toolbar) - {D4F1C433-F9C3-49F2-8645-37DBECA19E90} - C:\Program Files\ytbyclick\prxtbytb0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\bandoo\bndhook.dll) - c:\Program Files\Bandoo\BndHook.dll (Discordia Limited)
[2012/11/17 14:50:41 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2012/11/17 14:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder extension
[2012/11/17 14:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2012/11/17 14:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/11/17 14:50:04 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Claro
[2012/11/17 14:50:03 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
[2012/11/17 14:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/11/17 14:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Claro LTD
[2012/11/17 14:49:17 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Babylon
[2012/11/17 14:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/11/18 11:10:38 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\rhtrvpw.sys
[2012/11/17 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Babylon
[2012/04/09 13:41:17 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Bandoo
[2012/11/17 14:50:04 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Claro
[2012/01/03 00:12:08 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\㗠ǂ
[2012/01/03 00:12:05 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\㗠ǂ
[2011/08/29 21:02:00 | 000,000,017 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\ˀǾ
[2011/08/29 21:02:00 | 000,000,017 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\ˀǾ

:Files
C:\ProgramData\Browser Manager
C:\Program Files\Bandoo
C:\Program Files\Searchqu Toolbar
C:\Program Files\Claro LTD
C:\Users\nickolay\Downloads\DownloadSetup.exe 
C:\Users\nickolay\Downloads\SoftonicDownloader_for_windows-live-messenger.exe 
C:\Program Files\SpeedBit Video Accelerator
C:\Program Files\ytbyclick
C:\Program Files\Freecorder extension
C:\Program Files\Yontoo

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

FINALLY

  • Run OTL.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
nickolay83
Posted 18 November 2012 - 06:25 AM

nickolay83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hi mate.
thanks for the quick respond.
i dont have in otl 64bit scans as in your pic, can you send me a link to the new one?
  • 0

#4
Essexboy
Posted 18 November 2012 - 06:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That will only appear if you have a 64bit system :)
  • 0

#5
nickolay83
Posted 18 November 2012 - 07:37 AM

nickolay83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hi again :P
as you can see i dont even know that (64 or 32) :D

i've done as you said and this is the report. for some reason it didnt opened the extra report :blink:
it made first report after i pressed run fix and i changed it to otl clean as it gave me some numbers as a name :blush:

OTL logfile created on: 18/11/2012 13:18:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nickolay\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 65.34% Memory free
6.99 Gb Paging File | 5.79 Gb Available in Paging File | 82.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 382.40 Gb Free Space | 41.06% Space Free | Partition Type: NTFS

Computer Name: NICKOLAY-PC | User Name: nickolay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 11:00:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
PRC - [2012/10/08 22:29:24 | 000,092,360 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
PRC - [2012/10/02 22:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 19:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/10/02 19:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/14 14:14:19 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/26 07:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
PRC - [2009/10/16 10:44:14 | 001,600,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
PRC - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
PRC - [2009/10/16 10:44:06 | 001,060,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
PRC - [2009/07/14 01:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 12:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\SDBMSG.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 15:55:14 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\471c9203ac2cc166ab3321f63d3bbc4a\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/15 00:06:33 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\398df77267992efc77df5ef5176a89c6\System.Web.ni.dll
MOD - [2012/11/15 00:06:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 00:05:48 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
MOD - [2012/11/15 00:05:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
MOD - [2012/11/15 00:05:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
MOD - [2012/11/15 00:05:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
MOD - [2012/11/15 00:05:19 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
MOD - [2012/11/15 00:05:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
MOD - [2012/10/08 22:29:24 | 000,090,824 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/08 12:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\SDBMSG.exe
MOD - [2009/06/10 15:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\DBIOS.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/11/15 00:09:49 | 000,539,984 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/09 02:19:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 22:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/16 13:45:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 13:12:58 | 001,406,264 | ---- | M] (Virgin Media) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/08/29 22:29:58 | 003,893,752 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/09/08 08:51:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Disabled | Stopped] -- C:\Program Files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nickolay\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2012/11/18 13:14:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44A3B9C6-9367-4CAC-B6D3-4E3CBF777643}\MpKslcb7aaf90.sys -- (MpKslcb7aaf90)
DRV - [2012/11/18 13:14:24 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/10/02 22:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/30 12:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/30 12:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/07/03 15:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/07/09 12:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/10/16 10:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2009/10/16 10:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2009/10/16 10:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/13 08:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 45 E3 6F 33 52 CB 01 [binary data]
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 45 E3 6F 33 52 CB 01 [binary data]
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\SearchScopes\{7A0D77A4-01F2-4196-92FC-68A4233EC21B}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\SearchScopes\{EFDAEBF9-58C3-434e-9077-10566405FC0A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit...d=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..browser.startup.homepage: "http://home.speedbit...?pid=%s&aid=%s"
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:10.0.2.6
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: [email protected]:3.11.3.15590
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.31.0
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..keyword.URL: "http://home.speedbit...d=%s&shr=%d&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nickolay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/25 13:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DAP\daplinkchecker [2012/10/08 22:29:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/16 13:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 09:59:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/10/08 22:29:52 | 000,000,000 | ---D | M]

[2012/04/09 13:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Extensions
[2012/11/18 13:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions
[2010/10/25 16:43:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/11/18 13:06:15 | 000,002,520 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\speedbit.xml
[2012/11/18 12:42:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/25 13:04:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/21 10:44:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/08 22:29:52 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2012/10/08 22:29:52 | 000,000,000 | ---D | M] (DAP Link Checker) -- C:\PROGRAM FILES\DAP\DAPLINKCHECKER
[2012/08/25 13:04:44 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.796.11\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\NICKOLAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MXJURTA0.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\USERS\NICKOLAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MXJURTA0.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\NICKOLAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MXJURTA0.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\NICKOLAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MXJURTA0.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\NICKOLAY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MXJURTA0.DEFAULT\EXTENSIONS\[email protected]
[2012/09/16 13:45:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/14 09:14:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/04/25 11:56:59 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/16 13:45:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/25 11:56:59 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 11:56:59 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/16 13:45:00 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 11:56:58 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\nickolay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2012/11/18 12:43:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1000..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1000..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1002..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1002..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1002..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files\gigabyte\smart6\dbios\Run.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-68469809-3883249263-866296372-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\nickolay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\nickolay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66238616-D0C2-4449-8C43-D9EEBE9AD4AD}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69D585D6-4F9D-4E61-815E-550709183A55}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D899F138-0CF2-44E0-9C6C-D8D486F4A8E4}: DhcpNameServer = 172.31.139.17 172.30.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9A7F188-6418-4547-B588-18CE17204CFE}: DhcpNameServer = 149.254.230.7 149.254.199.126
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 12:42:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/18 12:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/18 12:19:14 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/18 12:18:59 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/18 12:18:59 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/18 12:18:59 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/18 12:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/11/18 12:16:31 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Users\nickolay\Desktop\JavaSetup7u9.exe
[2012/11/18 11:46:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\nickolay\Desktop\aswMBR.exe
[2012/11/18 11:00:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
[2012/11/18 10:56:20 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Malwarebytes
[2012/11/18 10:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/18 10:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/18 10:56:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/18 10:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/17 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Nero
[2012/11/16 15:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/11/15 15:46:33 | 000,019,096 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\InCDRec.sys
[2012/11/15 15:46:31 | 000,130,200 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\InCDFs.sys
[2012/11/15 15:46:26 | 000,048,280 | ---- | C] (Nero AG) -- C:\Windows\System32\drivers\InCDPass.sys
[2012/11/15 15:43:52 | 000,000,000 | ---D | C] -- C:\Temp
[2012/11/15 15:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/11/15 15:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/11/15 15:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/11/15 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/11/14 15:28:01 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/14 15:28:01 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/11/14 15:27:24 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/11/14 15:27:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/11/14 15:27:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/11/14 15:26:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/14 15:26:58 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/14 15:26:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/14 15:26:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/14 15:26:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/14 15:26:57 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/14 15:26:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/14 15:26:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/14 10:13:36 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/14 10:13:34 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/07 10:43:22 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{40D6C512-A02B-400A-AC3D-4D0F94B4130F}
[2012/11/05 09:14:19 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EB2ED8F8-8DB3-426C-B742-FAC18452A40E}
[2012/11/01 23:50:28 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{5870CB54-6DEB-4819-B09C-7716CCBC26B8}
[2012/11/01 11:33:45 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{527A4F92-4CB6-4AA5-A352-016C90EFB245}
[2012/10/30 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{E0D96E67-D979-440B-91DC-E4774D1C4152}
[2012/10/30 11:05:36 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EF2B4BD3-4EAE-4DDB-BEBF-A6EC2BCDA267}
[2012/10/29 11:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/26 10:05:12 | 000,000,000 | ---D | C] -- C:\steampipetools
[2012/10/26 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PWD
[2012/10/26 07:20:39 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EFAEAC54-BFE2-4593-8459-42F7C0862FEF}
[2012/10/25 11:16:45 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{0078FA00-C66B-4F56-9827-1D26046E2E1F}
[2012/10/24 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{9B9C6A60-FE29-4959-89BC-23F9B10C766D}
[2012/10/24 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{ED7FAD4B-791A-418B-A23A-77F9C9D3B087}
[2012/10/22 12:01:39 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{6EB013C9-2F96-46CA-8CB2-313B55EEBDC4}
[2012/10/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{E8CB03C7-037B-4744-A7CC-D519478EB011}
[2012/10/20 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{7D7D8D4F-F044-48F8-817C-43258D135D97}
[2012/10/19 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{C29DCB31-9AA9-4227-A1F4-B445DF582D4A}

========== Files - Modified Within 30 Days ==========

[2012/11/18 13:21:16 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 13:21:16 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 13:19:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68469809-3883249263-866296372-1000UA.job
[2012/11/18 13:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/18 13:18:55 | 000,722,244 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2012/11/18 13:18:55 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/18 13:18:55 | 000,149,282 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2012/11/18 13:18:55 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/18 13:14:24 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012/11/18 13:14:17 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 13:14:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 13:13:55 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/18 12:43:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/11/18 12:41:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 12:27:13 | 000,001,247 | ---- | M] () -- C:\Users\nickolay\Desktop\My DAP Downloads.lnk
[2012/11/18 12:23:10 | 000,543,531 | ---- | M] () -- C:\Users\nickolay\Desktop\adwcleaner.exe
[2012/11/18 12:18:33 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/11/18 12:18:30 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/11/18 12:18:30 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/11/18 12:18:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/11/18 12:18:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/11/18 12:17:26 | 000,001,911 | ---- | M] () -- C:\Users\nickolay\Desktop\Update Checker.lnk
[2012/11/18 12:17:06 | 000,264,271 | ---- | M] () -- C:\Users\nickolay\Desktop\FHSetup.exe
[2012/11/18 12:16:34 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Users\nickolay\Desktop\JavaSetup7u9.exe
[2012/11/18 11:46:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\nickolay\Desktop\aswMBR.exe
[2012/11/18 11:00:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
[2012/11/18 10:56:13 | 000,001,087 | ---- | M] () -- C:\Users\nickolay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 10:56:13 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/17 15:19:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68469809-3883249263-866296372-1000Core.job
[2012/11/15 15:44:09 | 000,002,713 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012/11/15 15:41:51 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012/11/15 00:03:31 | 000,403,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Zombies.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012/11/08 11:20:17 | 000,002,456 | ---- | M] () -- C:\Users\nickolay\Desktop\Google Chrome.lnk
[2012/11/04 12:49:27 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/11/04 12:49:21 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/11/04 12:48:57 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/11/02 00:19:30 | 000,001,296 | ---- | M] () -- C:\Users\nickolay\Desktop\SnippingTool.exe - Shortcut.lnk
[2012/11/02 00:11:26 | 000,452,043 | ---- | M] () -- C:\Users\nickolay\Desktop\Untitled.png

========== Files Created - No Company Name ==========

[2012/11/18 12:23:09 | 000,543,531 | ---- | C] () -- C:\Users\nickolay\Desktop\adwcleaner.exe
[2012/11/18 12:17:26 | 000,001,941 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/11/18 12:17:26 | 000,001,911 | ---- | C] () -- C:\Users\nickolay\Desktop\Update Checker.lnk
[2012/11/18 12:17:11 | 000,264,271 | ---- | C] () -- C:\Users\nickolay\Desktop\FHSetup.exe
[2012/11/18 10:56:13 | 000,001,087 | ---- | C] () -- C:\Users\nickolay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 10:56:13 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 15:44:09 | 000,002,713 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012/11/15 15:41:51 | 000,002,655 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012/11/14 15:28:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 15:27:23 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 15:31:43 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Zombies.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012/11/13 15:31:42 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II.url
[2012/11/02 00:19:30 | 000,001,296 | ---- | C] () -- C:\Users\nickolay\Desktop\SnippingTool.exe - Shortcut.lnk
[2012/11/02 00:11:26 | 000,452,043 | ---- | C] () -- C:\Users\nickolay\Desktop\Untitled.png
[2012/10/12 23:02:05 | 000,000,178 | ---- | C] () -- C:\Windows\System32\BoR_Launcher.ini
[2012/10/12 23:02:05 | 000,000,047 | ---- | C] () -- C:\Windows\System32\config.ini
[2012/10/12 23:01:53 | 000,194,048 | ---- | C] () -- C:\Windows\System32\antihack.dll
[2012/10/12 23:01:53 | 000,000,373 | ---- | C] () -- C:\Windows\System32\addons.ini
[2012/10/12 22:58:41 | 000,999,424 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll
[2012/10/12 22:58:41 | 000,381,010 | ---- | C] () -- C:\Windows\System32\wz_zp.dll
[2012/10/12 22:58:41 | 000,229,432 | ---- | C] () -- C:\Windows\System32\wsctlcd.dll
[2012/10/12 22:58:41 | 000,212,992 | ---- | C] () -- C:\Windows\System32\wzAudio.dll
[2012/10/12 22:58:41 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2012/10/12 22:58:41 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mumsg.dll
[2012/10/12 22:58:41 | 000,046,080 | ---- | C] () -- C:\Windows\System32\ttlci_2.dll
[2012/10/12 22:58:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\wsctlc.dll
[2012/10/12 22:58:41 | 000,000,397 | ---- | C] () -- C:\Windows\System32\MuEng.ini
[2012/10/12 22:58:41 | 000,000,389 | ---- | C] () -- C:\Windows\System32\MuEngTest.ini
[2012/10/12 22:58:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Glow.dll
[2012/10/08 22:29:50 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/10/08 22:29:50 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/05/22 11:31:16 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/05/17 09:28:14 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/03/01 13:10:53 | 000,003,584 | ---- | C] () -- C:\Users\nickolay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 14:51:28 | 000,040,034 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\UserTile.png
[2011/12/05 11:47:47 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/31 06:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/05/31 06:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/05/22 07:57:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/28 09:10:27 | 000,106,496 | ---- | C] () -- C:\Windows\System32\PixText.dll
[2011/04/26 11:32:47 | 000,000,000 | ---- | C] () -- C:\Users\nickolay\AppData\Local\prvlcl.dat
[2011/04/20 14:34:40 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/04/20 14:34:40 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/02/27 00:50:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/27 00:50:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/21 13:19:58 | 000,022,328 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\PnkBstrK.sys

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF

< End of report >

Attached Files


  • 0

#6
Essexboy
Posted 18 November 2012 - 07:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The first one was to tell me whether the deletions worked and how much space was cleared from your computer Total Files Cleaned = 2,333.00 mb

Have you run AdwCleaner yet ?
  • 0

#7
nickolay83
Posted 18 November 2012 - 07:49 AM

nickolay83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
oh sorry forgot to include it, btw i'm posting from chrome :D

Attached Files


  • 0

#8
Essexboy
Posted 18 November 2012 - 07:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a few more to kill now... Once done could you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1000\..\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A}: "URL" = http://home.speedbit...q={searchTerms}
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\SearchScopes\{EFDAEBF9-58C3-434e-9077-10566405FC0A}: "URL" = http://home.speedbit...q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.startup.homepage: "http://home.speedbit.com/?pid=%s&aid=%s"
FF - prefs.js..keyword.URL: "http://home.speedbit.com/search.aspx?site=shdefault&pid=%s&aid=%s&shr=%d&q="
[2012/11/18 13:06:15 | 000,002,520 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\speedbit.xml
O3 - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-68469809-3883249263-866296372-1002\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
nickolay83
Posted 18 November 2012 - 08:16 AM

nickolay83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
here you go mate.
btw can you suggest a gamers antivirus? i had avg and avast but i always have problems with them as they blocking my games.

OTL logfile created on: 18/11/2012 14:08:15 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nickolay\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.50 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 50.96% Memory free
6.99 Gb Paging File | 5.07 Gb Available in Paging File | 72.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 383.02 Gb Free Space | 41.12% Space Free | Partition Type: NTFS

Computer Name: NICKOLAY-PC | User Name: nickolay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 11:00:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
PRC - [2012/10/08 22:29:24 | 000,092,360 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe
PRC - [2012/10/02 22:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 19:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/10/02 19:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/14 14:14:19 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/26 07:34:22 | 000,306,688 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe
PRC - [2009/10/16 10:44:14 | 001,600,816 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\NBHGui.exe
PRC - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe
PRC - [2009/10/16 10:44:06 | 001,060,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Tools\InCD\InCD.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 12:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\SDBMSG.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 15:55:14 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\471c9203ac2cc166ab3321f63d3bbc4a\Microsoft.VisualBasic.ni.dll
MOD - [2012/11/15 00:06:33 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\398df77267992efc77df5ef5176a89c6\System.Web.ni.dll
MOD - [2012/11/15 00:06:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll
MOD - [2012/11/15 00:05:48 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
MOD - [2012/11/15 00:05:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
MOD - [2012/11/15 00:05:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
MOD - [2012/11/15 00:05:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
MOD - [2012/11/15 00:05:19 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
MOD - [2012/11/15 00:05:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
MOD - [2012/10/31 22:15:05 | 000,460,312 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 22:15:04 | 012,455,448 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 22:15:02 | 004,007,448 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 22:13:47 | 000,587,288 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 22:13:46 | 000,123,928 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 22:13:35 | 000,156,712 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 22:13:34 | 000,274,984 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 22:13:32 | 002,168,360 | ---- | M] () -- C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/10/08 22:29:24 | 000,090,824 | ---- | M] () -- C:\Windows\System32\EasyHook32.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/08 12:55:24 | 000,028,200 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\SDBMSG.exe
MOD - [2009/06/10 15:28:56 | 000,106,496 | ---- | M] () -- C:\Program Files\gigabyte\smart6\dbios\DBIOS.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2012/11/18 14:07:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/15 00:09:49 | 000,539,984 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/02 22:20:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 20:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/10/02 12:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/16 13:45:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/31 14:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/03/25 12:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 13:12:58 | 001,406,264 | ---- | M] (Virgin Media) [Disabled | Stopped] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/08/29 22:29:58 | 003,893,752 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/10/16 10:44:18 | 000,053,560 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\NBHRegInCDSrv.exe -- (NeroRegInCDSrv)
SRV - [2009/10/16 10:44:10 | 001,420,592 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Tools\InCD\InCDSrv.exe -- (InCDSrv)
SRV - [2009/09/08 08:51:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Disabled | Stopped] -- C:\Program Files\gigabyte\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\nickolay\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - [2012/11/18 14:03:10 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{44A3B9C6-9367-4CAC-B6D3-4E3CBF777643}\MpKsl09d6accc.sys -- (MpKsl09d6accc)
DRV - [2012/11/18 14:03:09 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/10/02 22:20:00 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/30 12:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/30 12:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/07/03 15:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/12/13 14:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/07/09 12:18:54 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2009/10/16 10:43:04 | 000,130,200 | ---- | M] (Nero AG) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\InCDFs.sys -- (InCDFs)
DRV - [2009/10/16 10:42:58 | 000,019,096 | ---- | M] (Nero AG) [File_System | System | Running] -- C:\Windows\System32\drivers\InCDRec.sys -- (InCDRec)
DRV - [2009/10/16 10:42:50 | 000,048,280 | ---- | M] (Nero AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)
DRV - [2009/08/13 08:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.../?pid=%s&aid=%s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 45 E3 6F 33 52 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Speedbit"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://home.speedbit...d=%s&shr=%d&q="
FF - prefs.js..browser.search.order.1: "Speedbit"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: "Speedbit"
FF - prefs.js..browser.startup.homepage: "http://home.speedbit...?pid=%s&aid=%s"
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:10.0.2.6
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0.1.2
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..keyword.URL: "http://home.speedbit...d=%s&shr=%d&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_118.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nickolay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nickolay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/25 13:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DAP\daplinkchecker [2012/10/08 22:29:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/16 13:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 09:59:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2012/10/08 22:29:52 | 000,000,000 | ---D | M]

[2012/04/09 13:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Extensions
[2012/11/18 13:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions
[2010/10/25 16:43:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\extensions\[email protected]
[2012/11/18 14:03:22 | 000,002,520 | ---- | M] () -- C:\Users\nickolay\AppData\Roaming\Mozilla\Firefox\Profiles\mxjurta0.default\searchplugins\speedbit.xml
[2012/11/18 13:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/25 13:04:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/21 10:44:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/08 22:29:52 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2012/10/08 22:29:52 | 000,000,000 | ---D | M] (DAP Link Checker) -- C:\PROGRAM FILES\DAP\DAPLINKCHECKER
[2012/08/25 13:04:44 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/09/16 13:45:01 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/14 09:14:19 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010/07/27 15:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/04/25 11:56:59 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/16 13:45:00 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/25 11:56:59 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 11:56:59 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/16 13:45:00 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 11:56:58 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nickolay\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\nickolay\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: DAP Link Checker = C:\Users\nickolay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh\1.0.1.2_0\
CHR - Extension: ytbyclick = C:\Users\nickolay\AppData\Local\Google\Chrome\User Data\Default\Extensions\edflbdjfhpiboilnedfoiepbmcllkedb\10.13.1.89_0\
CHR - Extension: Download Accelerator Plus (DAP) = C:\Users\nickolay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdcfjdljhbehggjdkdioajnknjcpbjb\2.0.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\nickolay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: uTorrentControl2 = C:\Users\nickolay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.18.20_0\
CHR - Extension: OneClickDownload = C:\Users\nickolay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.2_0\

O1 HOSTS File: ([2012/11/18 13:54:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Tools\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NBHGui] C:\Program Files\Nero\Tools\InCD\NBHGui.exe (Nero AG)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (Speedbit Ltd.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files\gigabyte\smart6\dbios\Run.exe ()
O4 - Startup: C:\Users\nickolay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\nickolay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Verify with DAP - C:\Program Files\DAP\dapverify.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.giga...bject/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66238616-D0C2-4449-8C43-D9EEBE9AD4AD}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69D585D6-4F9D-4E61-815E-550709183A55}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D899F138-0CF2-44E0-9C6C-D8D486F4A8E4}: DhcpNameServer = 172.31.139.17 172.30.139.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9A7F188-6418-4547-B588-18CE17204CFE}: DhcpNameServer = 149.254.230.7 149.254.199.126
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 14:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/11/18 12:42:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/18 12:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/18 12:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/11/18 11:46:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\nickolay\Desktop\aswMBR.exe
[2012/11/18 11:00:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
[2012/11/18 10:56:20 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Malwarebytes
[2012/11/18 10:56:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/18 10:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/18 10:56:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/18 10:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/17 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Roaming\Nero
[2012/11/16 15:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/11/15 15:43:52 | 000,000,000 | ---D | C] -- C:\Temp
[2012/11/15 15:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2012/11/15 15:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/11/15 15:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/11/15 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/11/07 10:43:22 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{40D6C512-A02B-400A-AC3D-4D0F94B4130F}
[2012/11/05 09:14:19 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EB2ED8F8-8DB3-426C-B742-FAC18452A40E}
[2012/11/01 23:50:28 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{5870CB54-6DEB-4819-B09C-7716CCBC26B8}
[2012/11/01 11:33:45 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{527A4F92-4CB6-4AA5-A352-016C90EFB245}
[2012/10/30 23:42:09 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{E0D96E67-D979-440B-91DC-E4774D1C4152}
[2012/10/30 11:05:36 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EF2B4BD3-4EAE-4DDB-BEBF-A6EC2BCDA267}
[2012/10/29 11:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/26 10:05:12 | 000,000,000 | ---D | C] -- C:\steampipetools
[2012/10/26 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PWD
[2012/10/26 07:20:39 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{EFAEAC54-BFE2-4593-8459-42F7C0862FEF}
[2012/10/25 11:16:45 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{0078FA00-C66B-4F56-9827-1D26046E2E1F}
[2012/10/24 23:01:26 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{9B9C6A60-FE29-4959-89BC-23F9B10C766D}
[2012/10/24 08:21:31 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{ED7FAD4B-791A-418B-A23A-77F9C9D3B087}
[2012/10/22 12:01:39 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{6EB013C9-2F96-46CA-8CB2-313B55EEBDC4}
[2012/10/21 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{E8CB03C7-037B-4744-A7CC-D519478EB011}
[2012/10/20 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{7D7D8D4F-F044-48F8-817C-43258D135D97}
[2012/10/19 22:31:35 | 000,000,000 | ---D | C] -- C:\Users\nickolay\AppData\Local\{C29DCB31-9AA9-4227-A1F4-B445DF582D4A}

========== Files - Modified Within 30 Days ==========

[2012/11/18 14:10:11 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 14:10:11 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 14:07:38 | 000,722,244 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2012/11/18 14:07:38 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/18 14:07:38 | 000,149,282 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2012/11/18 14:07:38 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/18 14:07:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/18 14:06:18 | 000,000,562 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012/11/18 14:03:11 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 14:02:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 14:02:45 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/18 13:54:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/11/18 13:41:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/18 13:19:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68469809-3883249263-866296372-1000UA.job
[2012/11/18 12:27:13 | 000,001,247 | ---- | M] () -- C:\Users\nickolay\Desktop\My DAP Downloads.lnk
[2012/11/18 12:23:10 | 000,543,531 | ---- | M] () -- C:\Users\nickolay\Desktop\adwcleaner.exe
[2012/11/18 12:17:26 | 000,001,911 | ---- | M] () -- C:\Users\nickolay\Desktop\Update Checker.lnk
[2012/11/18 12:17:06 | 000,264,271 | ---- | M] () -- C:\Users\nickolay\Desktop\FHSetup.exe
[2012/11/18 11:46:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\nickolay\Desktop\aswMBR.exe
[2012/11/18 11:00:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nickolay\Desktop\OTL.exe
[2012/11/18 10:56:13 | 000,001,087 | ---- | M] () -- C:\Users\nickolay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 10:56:13 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/17 15:19:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-68469809-3883249263-866296372-1000Core.job
[2012/11/15 15:44:09 | 000,002,713 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012/11/15 15:41:51 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012/11/15 00:03:31 | 000,403,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Zombies.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | M] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012/11/08 11:20:17 | 000,002,456 | ---- | M] () -- C:\Users\nickolay\Desktop\Google Chrome.lnk
[2012/11/04 12:49:27 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/11/04 12:49:21 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012/11/04 12:48:57 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/11/02 00:19:30 | 000,001,296 | ---- | M] () -- C:\Users\nickolay\Desktop\SnippingTool.exe - Shortcut.lnk
[2012/11/02 00:11:26 | 000,452,043 | ---- | M] () -- C:\Users\nickolay\Desktop\Untitled.png

========== Files Created - No Company Name ==========

[2012/11/18 14:06:18 | 000,000,562 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2012/11/18 12:23:09 | 000,543,531 | ---- | C] () -- C:\Users\nickolay\Desktop\adwcleaner.exe
[2012/11/18 12:17:26 | 000,001,941 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012/11/18 12:17:26 | 000,001,911 | ---- | C] () -- C:\Users\nickolay\Desktop\Update Checker.lnk
[2012/11/18 12:17:11 | 000,264,271 | ---- | C] () -- C:\Users\nickolay\Desktop\FHSetup.exe
[2012/11/18 10:56:13 | 000,001,087 | ---- | C] () -- C:\Users\nickolay\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/11/18 10:56:13 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/15 15:44:09 | 000,002,713 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2012/11/15 15:41:51 | 000,002,655 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2012/11/14 15:28:03 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 15:27:23 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/13 15:31:43 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Zombies.url
[2012/11/13 15:31:43 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II - Multiplayer.url
[2012/11/13 15:31:42 | 000,000,216 | ---- | C] () -- C:\Users\nickolay\Desktop\Call of Duty Black Ops II.url
[2012/11/02 00:19:30 | 000,001,296 | ---- | C] () -- C:\Users\nickolay\Desktop\SnippingTool.exe - Shortcut.lnk
[2012/11/02 00:11:26 | 000,452,043 | ---- | C] () -- C:\Users\nickolay\Desktop\Untitled.png
[2012/10/12 23:02:05 | 000,000,178 | ---- | C] () -- C:\Windows\System32\BoR_Launcher.ini
[2012/10/12 23:02:05 | 000,000,047 | ---- | C] () -- C:\Windows\System32\config.ini
[2012/10/12 23:01:53 | 000,194,048 | ---- | C] () -- C:\Windows\System32\antihack.dll
[2012/10/12 23:01:53 | 000,000,373 | ---- | C] () -- C:\Windows\System32\addons.ini
[2012/10/12 22:58:41 | 000,999,424 | ---- | C] () -- C:\Windows\System32\vorbisfile.dll
[2012/10/12 22:58:41 | 000,381,010 | ---- | C] () -- C:\Windows\System32\wz_zp.dll
[2012/10/12 22:58:41 | 000,229,432 | ---- | C] () -- C:\Windows\System32\wsctlcd.dll
[2012/10/12 22:58:41 | 000,212,992 | ---- | C] () -- C:\Windows\System32\wzAudio.dll
[2012/10/12 22:58:41 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2012/10/12 22:58:41 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mumsg.dll
[2012/10/12 22:58:41 | 000,046,080 | ---- | C] () -- C:\Windows\System32\ttlci_2.dll
[2012/10/12 22:58:41 | 000,045,056 | ---- | C] () -- C:\Windows\System32\wsctlc.dll
[2012/10/12 22:58:41 | 000,000,397 | ---- | C] () -- C:\Windows\System32\MuEng.ini
[2012/10/12 22:58:41 | 000,000,389 | ---- | C] () -- C:\Windows\System32\MuEngTest.ini
[2012/10/12 22:58:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\Glow.dll
[2012/10/08 22:29:50 | 000,109,256 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/10/08 22:29:50 | 000,090,824 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/05/22 11:31:16 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/05/17 09:28:14 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012/03/01 13:10:53 | 000,003,584 | ---- | C] () -- C:\Users\nickolay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 14:51:28 | 000,040,034 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\UserTile.png
[2011/12/05 11:47:47 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/05/31 06:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011/05/31 06:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011/05/22 07:57:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/28 09:10:27 | 000,106,496 | ---- | C] () -- C:\Windows\System32\PixText.dll
[2011/04/26 11:32:47 | 000,000,000 | ---- | C] () -- C:\Users\nickolay\AppData\Local\prvlcl.dat
[2011/04/20 14:34:40 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/04/20 14:34:40 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/02/27 00:50:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/27 00:50:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/21 13:19:58 | 000,022,328 | ---- | C] () -- C:\Users\nickolay\AppData\Roaming\PnkBstrK.sys

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/31 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\AVG
[2011/04/20 15:28:13 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\BugTrap Console Test108
[2011/03/26 10:08:54 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/07/19 22:28:23 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\DarkBlood ServiceNa
[2012/01/09 16:57:08 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\DriverCure
[2012/11/18 14:04:15 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Dropbox
[2012/02/15 23:03:54 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\FOG Downloader
[2010/09/14 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Foxit
[2011/10/09 14:09:32 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\GiftBoxPlus
[2010/09/14 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\ijjigame
[2011/01/13 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\launcher
[2011/01/14 17:38:41 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\LolClient
[2012/05/24 17:38:20 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\LolClient2
[2011/01/13 21:17:44 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Martial Empires Luancher OBT
[2011/07/12 08:26:09 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Need for Speed World
[2011/09/26 18:31:00 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\NPLUTO Corporation
[2010/09/27 12:17:11 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Radialpoint
[2012/02/29 11:25:40 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\redsn0w
[2011/12/02 15:26:42 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\TS3Client
[2011/12/02 14:41:08 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\ts3overlay
[2012/10/09 03:02:38 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Tunngle
[2011/02/27 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Unity
[2012/11/18 14:04:43 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\uTorrent
[2011/02/05 13:41:18 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Virgin Media
[2011/09/23 08:23:21 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\Windows Live Writer
[2012/09/01 14:25:02 | 000,000,000 | ---D | M] -- C:\Users\nickolay\AppData\Roaming\ZalmanInstaller_otshot

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:56E2E879
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2B11E0DF

< End of report >

Attached Files

  • Attached File  OTL.Txt   102.74KB   87 downloads

  • 0

#10
Essexboy
Posted 18 November 2012 - 08:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That looks good .. Any further problems ?

With Avast you can set it to gaming mode

  • 0

#11
nickolay83
Posted 18 November 2012 - 08:52 AM

nickolay83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
none at the moment.
as i said i had avast before and i know it has that option, but every time i get a new game it still blocks me and than i have to go and make a new path and put in add to trusted bla bla so it takes time for me.
but it is one of the best i've had antiviruses before.
  • 0

#12
Essexboy
Posted 18 November 2012 - 08:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I have autosandbox to ask so that problem does not occur for me.. As there I can add the programme to trusted as it installs

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and press uninstall

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
nickolay83
Posted 19 November 2012 - 04:32 AM

nickolay83

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
hi mate.
thanks a lot for the help.
everything is working fine now, i'll be sharing your website with my friends in future as you guys help all people and doing great job at it.

thanks again
nickolay.
  • 0

#14
Essexboy
Posted 19 November 2012 - 07:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thanks for the vote of confidence :thumbsup:
  • 0

#15
Essexboy
Posted 19 November 2012 - 07:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP