TRIED TO POST OTL.TXT BUT THIS CAME UP Error You aren't permitted to upload this kind of file
CHITKA REMOVAL [Solved]
Started by
RUSTY2
, Mar 23 2013 12:31 PM
#1
Posted 23 March 2013 - 12:31 PM
TRIED TO POST OTL.TXT BUT THIS CAME UP Error You aren't permitted to upload this kind of file
#2
Posted 23 March 2013 - 12:57 PM
OK could you paste the OTL log please
#3
Posted 23 March 2013 - 09:06 PM
OTL logfile created on: 23/03/2013 7:42:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
6.97 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 83.78% Memory free
13.93 Gb Paging File | 12.80 Gb Available in Paging File | 91.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.39 Gb Total Space | 785.74 Gb Free Space | 85.37% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.59 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Computer Name: BRIAN-PC | User Name: BR | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/23 19:23:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BR\Downloads\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013/03/11 10:29:54 | 003,284,008 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Stopped] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/17 09:56:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 09:53:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe -- (AnviCsbSvc)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/11/09 21:23:19 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 14:15:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/12/08 18:23:10 | 000,136,568 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe -- (SQLANYs_SmpParts)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 14:40:14 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/11/09 21:23:20 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/07 00:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 00:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 00:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/27 07:05:08 | 000,063,528 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2011/04/21 10:31:46 | 000,024,408 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV:64bit: - [2011/04/21 10:31:40 | 000,018,776 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV:64bit: - [2011/04/21 10:31:32 | 000,017,240 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\spyemrg.sys -- (SpyEmrg)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/02 04:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:64bit: - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=16553
IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=16553
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3F0BC86F-BC59-4463-8FA0-15C91CBF2E3E}: "URL" = http://websearch.ask...F3-BD78256C9859
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-12-15 12:32:56&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8CBbqFsI&i=26
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3220468.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://securesearch....2301514A181B21"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://lavasoft.blek...1514A181B21&q="
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Users\BR\AppData\Local\Temp\..\application data\nptrademanager\nptrademanager.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\BR\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 08:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/20 13:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:52:57 | 000,000,000 | ---D | M]
[2012/04/05 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Extensions
[2013/03/22 07:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\extensions
[2013/03/18 11:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\sgtqri72.default-1363220796849\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/08 09:53:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/31 02:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2011/07/29 06:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
[2013/03/20 13:12:44 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/12/15 13:32:33 | 000,003,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/02/06 17:18:53 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 15:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:17:05 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/04/05 09:25:42 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/03/03 09:04:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/09/17 19:05:54 | 000,001,386 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 72.29.93.243 www.google-analytics.com.
O1 - Hosts: 72.29.93.243 ad-emea.doubleclick.net.
O1 - Hosts: 72.29.93.243 www.statcounter.com.
O1 - Hosts: 64.27.10.42 www.google-analytics.com.
O1 - Hosts: 64.27.10.42 ad-emea.doubleclick.net.
O1 - Hosts: 64.27.10.42 www.statcounter.com.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [aliim] C:\Program Files (x86)\Trademanager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/20 09:13:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 14:56:58 | 000,000,030 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 10:55:11 | 000,000,038 | -H-- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell - "" = AutoRun
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- [2009/05/18 10:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/23 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxFreeway 2012
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Entropy Technology Ltd
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entropy Technology Ltd
[2013/03/23 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Downloaded Installations
[2013/03/23 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\IsolatedStorage
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHOK IT Consulting
[2013/03/23 16:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenuTax Standard
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\Tax
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GenuSource Consulting
[2013/03/23 09:30:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FDE64A63-12FB-478C-A881-31F250C231E7}
[2013/03/22 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\VirtualStore
[2013/03/22 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{B15CD21A-C931-4EBD-B6B9-F11A78F638F2}
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2013/03/21 10:03:17 | 000,024,408 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_access.sys
[2013/03/21 10:03:16 | 000,018,776 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_guard.sys
[2013/03/21 10:03:16 | 000,017,240 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg.sys
[2013/03/21 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2013/03/21 10:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/03/21 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{5720FADB-0439-4A3C-92F6-49C216F7E845}
[2013/03/20 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6BB28D13-B0A4-427E-934B-82DABF37E077}
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\LavasoftStatistics
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/20 13:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/20 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/20 13:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/03/20 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/03/20 13:11:23 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 13:11:21 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/20 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{7EEF3235-4AAA-4214-B541-5099BEC6ED5B}
[2013/03/20 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{686040E4-2BCA-4B6A-8EB8-CA8F00A23152}
[2013/03/20 09:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/20 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\DriverCure
[2013/03/20 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/20 06:59:57 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\otcv0.1-1
[2013/03/19 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{8A48AC88-5FAB-4A44-9A77-9EEAA79E8AA2}
[2013/03/19 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{457A205A-105F-41F8-8C6B-FDB4D9BD842E}
[2013/03/19 08:14:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{F1A6CAD4-A881-4AA2-B78F-3B8049966393}
[2013/03/18 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1FF460EA-A122-4E99-A2A4-DE3D41F1A41E}
[2013/03/18 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/03/18 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2013/03/18 15:14:33 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2013/03/18 15:14:33 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2013/03/18 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/03/18 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/18 15:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/18 10:48:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2013/03/18 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2013/03/18 09:13:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C24A48EC-72E1-4659-81A7-657CE5918BC9}
[2013/03/17 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AB2E2B86-0618-41E9-BB2B-8F2A6BEBCE54}
[2013/03/17 09:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/17 09:41:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E0F37E2B-D804-4752-9F44-BEE5E0F2C247}
[2013/03/15 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{69BA8EC4-267E-47A1-845A-2F5C2CF0F593}
[2013/03/15 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1CAFF28E-5BC4-4D9F-AE04-9703B7794FDB}
[2013/03/14 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1A86E95F-6E1D-474D-82F7-1025EE470D50}
[2013/03/14 05:47:40 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/13 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{A0320918-88E8-47ED-8FEA-53DAF2FC7102}
[2013/03/13 17:43:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6B8FCCAB-2462-44C4-8EEC-EC15E7700542}
[2013/03/13 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data-1
[2013/03/13 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data
[2013/03/13 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{D54CC5D4-E19F-4AB9-ADE3-00DEAC954B92}
[2013/03/12 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{00DECF31-5884-4B67-B03D-1580276728E6}
[2013/03/12 07:56:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E80F5D57-6E86-4407-A8B8-8CC62B27AB50}
[2013/03/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C3192566-D6A6-424D-B506-DE097BA928E3}
[2013/03/11 06:07:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Malwarebytes
[2013/03/11 06:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/11 06:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/11 06:07:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Programs
[2013/03/10 17:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/10 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/10 11:02:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E7357FA0-BF4F-4397-9629-8AC6C4F02034}
[2013/03/10 10:33:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{3072DAFF-ED98-4C2D-974F-435621D95050}
[2013/03/09 08:31:51 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C5EDE53E-C589-4C85-85A2-309D7FAFB1D6}
[2013/03/08 09:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AFF13EDA-C28F-4DA3-992D-5756F360BDE6}
[2013/03/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{30669A07-3F85-4B40-8F55-04FFDEAD597F}
[2013/03/07 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FD9F0475-12C1-4230-890C-B24CB8F0AD26}
[2013/03/06 13:53:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/06 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1B563261-1295-4362-966E-ACF08E175584}
[2013/03/05 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{CBBDFFAB-9162-40C0-A222-E84C05EDEDEB}
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/05 08:49:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{32D33FEE-F28D-4A95-A417-83BB6D096E5B}
[2013/03/04 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{43BF15EF-E208-488C-9442-462397E7710A}
[2013/03/03 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{ABED4794-38BE-4EB0-92F0-4CBCE275B5D3}
[2013/03/03 09:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/03/02 21:03:31 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{2F61ED36-D6BE-4571-99FE-D00AFB81AD21}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2030/07/20 19:57:30 | 000,648,124 | ---- | M] () -- C:\Users\BR\Documents\IMG_0087.JPG
[2030/07/20 19:55:56 | 000,905,640 | ---- | M] () -- C:\Users\BR\Documents\IMG_0085.JPG
[2030/07/20 19:55:26 | 000,792,710 | ---- | M] () -- C:\Users\BR\Documents\IMG_0083.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057(0).JPG
[2029/01/01 05:09:38 | 000,771,357 | ---- | M] () -- C:\Users\BR\Documents\IMG_0042.JPG
[2029/01/01 05:08:18 | 000,941,950 | ---- | M] () -- C:\Users\BR\Documents\IMG_0040.JPG
[2013/03/23 19:44:02 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/23 19:44:02 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/23 19:44:02 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/23 19:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/23 19:39:41 | 1314,791,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/23 19:27:23 | 000,001,034 | ---- | M] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 19:09:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 18:42:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 17:43:33 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\TaxFreeway 2012.lnk
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/23 17:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 16:07:14 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\GenuTax Standard.lnk
[2013/03/23 15:46:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 15:46:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 08:48:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/22 07:59:05 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/22 07:57:21 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 09:13:26 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | M] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | M] () -- C:\Users\BR\Documents\SCAN0000.odt
[2013/03/05 08:51:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/05 04:01:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/23 19:27:23 | 000,001,034 | ---- | C] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:43:33 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\TaxFreeway 2012.lnk
[2013/03/23 17:35:02 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:33 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/23 16:07:14 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\GenuTax Standard.lnk
[2013/03/21 10:03:20 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/20 17:53:35 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/20 09:13:26 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | C] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2013/03/18 15:14:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | C] () -- C:\Users\BR\Documents\SCAN0000.odt
[2012/12/02 13:08:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/10/03 18:23:13 | 000,049,261 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.1
[2012/10/03 18:23:12 | 000,136,857 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.0
[2012/10/03 18:23:12 | 000,049,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
[2012/10/03 18:22:42 | 000,050,685 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.1
[2012/10/03 18:22:40 | 000,135,858 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.0
[2012/10/03 18:22:40 | 000,050,520 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
[2012/10/03 18:22:18 | 000,134,269 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.0
[2012/10/03 18:22:18 | 000,049,466 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
[2012/10/03 18:21:55 | 000,115,714 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.0
[2012/10/03 18:21:55 | 000,038,427 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
[2012/10/03 18:21:35 | 000,121,078 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.0
[2012/10/03 18:21:35 | 000,044,248 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
[2012/10/03 18:18:39 | 000,112,551 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.0
[2012/10/03 18:18:39 | 000,040,181 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
[2012/09/23 14:15:55 | 000,132,533 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
[2012/09/23 14:15:52 | 000,132,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
[2012/09/23 14:15:39 | 000,003,890 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
[2012/09/23 14:15:33 | 000,137,289 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
[2012/08/22 16:05:20 | 000,006,400 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
[2012/08/22 16:05:20 | 000,001,969 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
[2012/06/07 21:09:05 | 000,000,000 | ---- | C] () -- C:\Users\BR\AppData\Local\Temptable.xml
[2012/06/07 14:40:49 | 000,016,016 | ---- | C] () -- C:\Users\BR\carbon_steel.jpg
[2012/06/07 14:07:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/14 09:36:24 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008(0).JPG
[2012/03/14 09:36:24 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021(0).JPG
[2012/03/14 08:44:41 | 000,000,133 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 18:47:41 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2012/03/13 08:16:26 | 000,202,546 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/13 08:16:26 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/03/13 06:43:42 | 000,768,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 05:27:04 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008.JPG
[2012/03/13 05:27:04 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021.JPG
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/14 05:47:40 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/18 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2012/12/15 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\AnvSoft
[2012/08/20 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Canneverbe Limited
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DassaultSystemes
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DriverCure
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\EDrawings
[2013/03/18 10:48:22 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2012/11/14 08:42:35 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\funkitron
[2013/03/06 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/23 11:45:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2012/04/18 23:06:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TeamViewer
[2012/09/13 08:52:41 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TightVNC
[2013/03/18 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\WildTangent
[2012/04/02 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Windows Live Writer
[2012/03/13 05:30:05 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Avery
[2012/03/16 01:10:57 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Babylon
[2012/03/13 05:30:35 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/14 09:41:17 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Template
[2012/03/13 05:30:39 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\WildTangent
[2012/03/13 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/03/14 09:44:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2012/03/14 09:43:54 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
[2012/03/13 05:33:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2012/03/13 05:32:55 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
========== Alternate Data Streams ==========
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> C:\Users\BR\Documents\2008 BMW 335I Service History.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
6.97 Gb Total Physical Memory | 5.84 Gb Available Physical Memory | 83.78% Memory free
13.93 Gb Paging File | 12.80 Gb Available in Paging File | 91.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.39 Gb Total Space | 785.74 Gb Free Space | 85.37% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.59 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Computer Name: BRIAN-PC | User Name: BR | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/23 19:23:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BR\Downloads\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013/03/11 10:29:54 | 003,284,008 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Stopped] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/17 09:56:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 09:53:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe -- (AnviCsbSvc)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/11/09 21:23:19 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 14:15:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/12/08 18:23:10 | 000,136,568 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe -- (SQLANYs_SmpParts)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 14:40:14 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/11/09 21:23:20 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/07 00:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 00:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 00:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/27 07:05:08 | 000,063,528 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2011/04/21 10:31:46 | 000,024,408 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV:64bit: - [2011/04/21 10:31:40 | 000,018,776 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV:64bit: - [2011/04/21 10:31:32 | 000,017,240 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\spyemrg.sys -- (SpyEmrg)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/02 04:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Stopped] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:64bit: - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=16553
IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=16553
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3F0BC86F-BC59-4463-8FA0-15C91CBF2E3E}: "URL" = http://websearch.ask...F3-BD78256C9859
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-12-15 12:32:56&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8CBbqFsI&i=26
IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..CT3220468.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://securesearch....2301514A181B21"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://lavasoft.blek...1514A181B21&q="
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Users\BR\AppData\Local\Temp\..\application data\nptrademanager\nptrademanager.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\BR\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 08:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/20 13:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:52:57 | 000,000,000 | ---D | M]
[2012/04/05 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Extensions
[2013/03/22 07:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\extensions
[2013/03/18 11:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\sgtqri72.default-1363220796849\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/08 09:53:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/31 02:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2011/07/29 06:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
[2013/03/20 13:12:44 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/12/15 13:32:33 | 000,003,546 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/02/06 17:18:53 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/30 15:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:17:05 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/04/05 09:25:42 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/03/03 09:04:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/09/17 19:05:54 | 000,001,386 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 72.29.93.243 www.google-analytics.com.
O1 - Hosts: 72.29.93.243 ad-emea.doubleclick.net.
O1 - Hosts: 72.29.93.243 www.statcounter.com.
O1 - Hosts: 64.27.10.42 www.google-analytics.com.
O1 - Hosts: 64.27.10.42 ad-emea.doubleclick.net.
O1 - Hosts: 64.27.10.42 www.statcounter.com.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [aliim] C:\Program Files (x86)\Trademanager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKU\S-1-5-21-998330651-303224156-1059126384-1004..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/20 09:13:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 14:56:58 | 000,000,030 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 10:55:11 | 000,000,038 | -H-- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell - "" = AutoRun
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- [2009/05/18 10:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/23 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxFreeway 2012
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Entropy Technology Ltd
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entropy Technology Ltd
[2013/03/23 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Downloaded Installations
[2013/03/23 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\IsolatedStorage
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHOK IT Consulting
[2013/03/23 16:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenuTax Standard
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\Tax
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GenuSource Consulting
[2013/03/23 09:30:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FDE64A63-12FB-478C-A881-31F250C231E7}
[2013/03/22 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\VirtualStore
[2013/03/22 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{B15CD21A-C931-4EBD-B6B9-F11A78F638F2}
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2013/03/21 10:03:17 | 000,024,408 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_access.sys
[2013/03/21 10:03:16 | 000,018,776 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_guard.sys
[2013/03/21 10:03:16 | 000,017,240 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg.sys
[2013/03/21 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2013/03/21 10:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/03/21 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{5720FADB-0439-4A3C-92F6-49C216F7E845}
[2013/03/20 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6BB28D13-B0A4-427E-934B-82DABF37E077}
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\LavasoftStatistics
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/20 13:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/20 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/20 13:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/03/20 13:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013/03/20 13:11:23 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 13:11:21 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/20 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{7EEF3235-4AAA-4214-B541-5099BEC6ED5B}
[2013/03/20 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{686040E4-2BCA-4B6A-8EB8-CA8F00A23152}
[2013/03/20 09:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/20 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\DriverCure
[2013/03/20 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/20 06:59:57 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\otcv0.1-1
[2013/03/19 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{8A48AC88-5FAB-4A44-9A77-9EEAA79E8AA2}
[2013/03/19 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{457A205A-105F-41F8-8C6B-FDB4D9BD842E}
[2013/03/19 08:14:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{F1A6CAD4-A881-4AA2-B78F-3B8049966393}
[2013/03/18 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1FF460EA-A122-4E99-A2A4-DE3D41F1A41E}
[2013/03/18 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/03/18 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2013/03/18 15:14:33 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2013/03/18 15:14:33 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2013/03/18 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/03/18 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/18 15:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/18 10:48:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2013/03/18 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2013/03/18 09:13:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C24A48EC-72E1-4659-81A7-657CE5918BC9}
[2013/03/17 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AB2E2B86-0618-41E9-BB2B-8F2A6BEBCE54}
[2013/03/17 09:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/17 09:41:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E0F37E2B-D804-4752-9F44-BEE5E0F2C247}
[2013/03/15 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{69BA8EC4-267E-47A1-845A-2F5C2CF0F593}
[2013/03/15 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1CAFF28E-5BC4-4D9F-AE04-9703B7794FDB}
[2013/03/14 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1A86E95F-6E1D-474D-82F7-1025EE470D50}
[2013/03/14 05:47:40 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/13 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{A0320918-88E8-47ED-8FEA-53DAF2FC7102}
[2013/03/13 17:43:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6B8FCCAB-2462-44C4-8EEC-EC15E7700542}
[2013/03/13 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data-1
[2013/03/13 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data
[2013/03/13 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{D54CC5D4-E19F-4AB9-ADE3-00DEAC954B92}
[2013/03/12 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{00DECF31-5884-4B67-B03D-1580276728E6}
[2013/03/12 07:56:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E80F5D57-6E86-4407-A8B8-8CC62B27AB50}
[2013/03/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C3192566-D6A6-424D-B506-DE097BA928E3}
[2013/03/11 06:07:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Malwarebytes
[2013/03/11 06:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/11 06:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/11 06:07:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Programs
[2013/03/10 17:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/10 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/10 11:02:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E7357FA0-BF4F-4397-9629-8AC6C4F02034}
[2013/03/10 10:33:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{3072DAFF-ED98-4C2D-974F-435621D95050}
[2013/03/09 08:31:51 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C5EDE53E-C589-4C85-85A2-309D7FAFB1D6}
[2013/03/08 09:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AFF13EDA-C28F-4DA3-992D-5756F360BDE6}
[2013/03/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{30669A07-3F85-4B40-8F55-04FFDEAD597F}
[2013/03/07 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FD9F0475-12C1-4230-890C-B24CB8F0AD26}
[2013/03/06 13:53:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/06 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1B563261-1295-4362-966E-ACF08E175584}
[2013/03/05 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{CBBDFFAB-9162-40C0-A222-E84C05EDEDEB}
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/05 08:49:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{32D33FEE-F28D-4A95-A417-83BB6D096E5B}
[2013/03/04 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{43BF15EF-E208-488C-9442-462397E7710A}
[2013/03/03 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{ABED4794-38BE-4EB0-92F0-4CBCE275B5D3}
[2013/03/03 09:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/03/02 21:03:31 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{2F61ED36-D6BE-4571-99FE-D00AFB81AD21}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2030/07/20 19:57:30 | 000,648,124 | ---- | M] () -- C:\Users\BR\Documents\IMG_0087.JPG
[2030/07/20 19:55:56 | 000,905,640 | ---- | M] () -- C:\Users\BR\Documents\IMG_0085.JPG
[2030/07/20 19:55:26 | 000,792,710 | ---- | M] () -- C:\Users\BR\Documents\IMG_0083.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057(0).JPG
[2029/01/01 05:09:38 | 000,771,357 | ---- | M] () -- C:\Users\BR\Documents\IMG_0042.JPG
[2029/01/01 05:08:18 | 000,941,950 | ---- | M] () -- C:\Users\BR\Documents\IMG_0040.JPG
[2013/03/23 19:44:02 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/23 19:44:02 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/23 19:44:02 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/23 19:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/23 19:39:41 | 1314,791,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/23 19:27:23 | 000,001,034 | ---- | M] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 19:09:07 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 18:42:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 17:43:33 | 000,002,074 | ---- | M] () -- C:\Users\Public\Desktop\TaxFreeway 2012.lnk
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/23 17:04:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 16:07:14 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\GenuTax Standard.lnk
[2013/03/23 15:46:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 15:46:44 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 08:48:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/22 07:59:05 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/22 07:57:21 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 09:13:26 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | M] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | M] () -- C:\Users\BR\Documents\SCAN0000.odt
[2013/03/05 08:51:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/05 04:01:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/03/23 19:27:23 | 000,001,034 | ---- | C] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:43:33 | 000,002,074 | ---- | C] () -- C:\Users\Public\Desktop\TaxFreeway 2012.lnk
[2013/03/23 17:35:02 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:33 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/23 16:07:14 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\GenuTax Standard.lnk
[2013/03/21 10:03:20 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/20 17:53:35 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/20 09:13:26 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | C] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2013/03/18 15:14:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | C] () -- C:\Users\BR\Documents\SCAN0000.odt
[2012/12/02 13:08:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/10/03 18:23:13 | 000,049,261 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.1
[2012/10/03 18:23:12 | 000,136,857 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.0
[2012/10/03 18:23:12 | 000,049,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
[2012/10/03 18:22:42 | 000,050,685 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.1
[2012/10/03 18:22:40 | 000,135,858 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.0
[2012/10/03 18:22:40 | 000,050,520 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
[2012/10/03 18:22:18 | 000,134,269 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.0
[2012/10/03 18:22:18 | 000,049,466 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
[2012/10/03 18:21:55 | 000,115,714 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.0
[2012/10/03 18:21:55 | 000,038,427 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
[2012/10/03 18:21:35 | 000,121,078 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.0
[2012/10/03 18:21:35 | 000,044,248 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
[2012/10/03 18:18:39 | 000,112,551 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.0
[2012/10/03 18:18:39 | 000,040,181 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
[2012/09/23 14:15:55 | 000,132,533 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
[2012/09/23 14:15:52 | 000,132,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
[2012/09/23 14:15:39 | 000,003,890 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
[2012/09/23 14:15:33 | 000,137,289 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
[2012/08/22 16:05:20 | 000,006,400 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
[2012/08/22 16:05:20 | 000,001,969 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
[2012/06/07 21:09:05 | 000,000,000 | ---- | C] () -- C:\Users\BR\AppData\Local\Temptable.xml
[2012/06/07 14:40:49 | 000,016,016 | ---- | C] () -- C:\Users\BR\carbon_steel.jpg
[2012/06/07 14:07:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/14 09:36:24 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008(0).JPG
[2012/03/14 09:36:24 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021(0).JPG
[2012/03/14 08:44:41 | 000,000,133 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 18:47:41 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2012/03/13 08:16:26 | 000,202,546 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/13 08:16:26 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/03/13 06:43:42 | 000,768,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 05:27:04 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008.JPG
[2012/03/13 05:27:04 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021.JPG
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/14 05:47:40 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/18 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2012/12/15 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\AnvSoft
[2012/08/20 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Canneverbe Limited
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DassaultSystemes
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DriverCure
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\EDrawings
[2013/03/18 10:48:22 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2012/11/14 08:42:35 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\funkitron
[2013/03/06 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/23 11:45:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2012/04/18 23:06:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TeamViewer
[2012/09/13 08:52:41 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TightVNC
[2013/03/18 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\WildTangent
[2012/04/02 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Windows Live Writer
[2012/03/13 05:30:05 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Avery
[2012/03/16 01:10:57 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Babylon
[2012/03/13 05:30:35 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/14 09:41:17 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Template
[2012/03/13 05:30:39 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\WildTangent
[2012/03/13 15:00:01 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/03/14 09:44:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2012/03/14 09:43:54 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
[2012/03/13 05:33:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2012/03/13 05:32:55 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
========== Alternate Data Streams ==========
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> C:\Users\BR\Documents\2008 BMW 335I Service History.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty
< End of report >
#4
Posted 23 March 2013 - 10:17 PM
I also did a SECURITY CHECK
Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 6 Update 37
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java 6 Update 37
Java version out of Date!
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
#5
Posted 23 March 2013 - 10:30 PM
JUST DID A ADW CLEANER , CAN ANYONE CAN TELL ME WHAT MY NEXT STEP IS
THANX
# AdwCleaner v2.115 - Logfile created 03/23/2013 at 21:23:44
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : BR - BRIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\BR\Downloads\adwcleaner(1).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\boost_interprocess
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Users\BRIAN\AppData\Roaming\Mozilla\Firefox\Profiles\rvkciqtl.default\prefs.js
[OK] File is clean.
File : C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [41089 octets] - [23/03/2013 21:04:11]
AdwCleaner[S1].txt - [41157 octets] - [23/03/2013 21:05:57]
AdwCleaner[S2].txt - [314 octets] - [23/03/2013 21:19:16]
AdwCleaner[S3].txt - [1013 octets] - [23/03/2013 21:23:44]
########## EOF - C:\AdwCleaner[S3].txt - [1073 octets] ##########
THANX
# AdwCleaner v2.115 - Logfile created 03/23/2013 at 21:23:44
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : BR - BRIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\BR\Downloads\adwcleaner(1).exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\boost_interprocess
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Users\BRIAN\AppData\Roaming\Mozilla\Firefox\Profiles\rvkciqtl.default\prefs.js
[OK] File is clean.
File : C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [41089 octets] - [23/03/2013 21:04:11]
AdwCleaner[S1].txt - [41157 octets] - [23/03/2013 21:05:57]
AdwCleaner[S2].txt - [314 octets] - [23/03/2013 21:19:16]
AdwCleaner[S3].txt - [1013 octets] - [23/03/2013 21:23:44]
########## EOF - C:\AdwCleaner[S3].txt - [1073 octets] ##########
#6
Posted 24 March 2013 - 04:49 AM
Let me know if this cures it
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylo....19&affID=16553 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21 IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylo....19&affID=16553 IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blek...q={searchTerms} IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{3F0BC86F-BC59-4463-8FA0-15C91CBF2E3E}: "URL" = http://websearch.ask...F3-BD78256C9859 IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms} IE - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6R8CBbqFsI&i=26 FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V8 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E4E288C9DD9E2BADAE2301514A181B21" FF - prefs.js..browser.search.selectedEngine: "SecureSearch" FF - prefs.js..keyword.URL: "http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=E4E288C9DD9E2BADAE2301514A181B21&q=" [2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/03/08 09:52:56 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/02/06 17:18:53 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro) O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\alothelper.dll (Vertro) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKU\S-1-5-21-998330651-303224156-1059126384-1004\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found. [2012/03/16 01:10:57 | 000,000,000 | ---D | M] -- C:\Users\BRIAN\AppData\Roaming\Babylon :Files C:\Program Files (x86)\Freeze.com C:\Program Files (x86)\alotappbar :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#7
Posted 24 March 2013 - 08:36 AM
Thank you very much for the help !!
Did the fix then the quick scan here are the results
OTL logfile created on: 24/03/2013 7:20:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
6.97 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 61.35% Memory free
13.93 Gb Paging File | 11.23 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.39 Gb Total Space | 785.62 Gb Free Space | 85.36% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.59 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Computer Name: BRIAN-PC | User Name: BR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/24 07:05:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BR\Downloads\OTL.exe
PRC - [2013/03/17 09:56:11 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/11 10:07:58 | 000,223,032 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
PRC - [2013/03/08 09:53:25 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/14 15:36:24 | 002,692,680 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
PRC - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2012/12/20 19:43:14 | 001,434,984 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
PRC - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/17 09:56:10 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/08 09:53:02 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
MOD - [2012/12/20 19:43:24 | 000,785,256 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2005/01/02 09:22:48 | 000,776,192 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/03/11 10:29:54 | 003,284,008 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/17 09:56:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 09:53:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe -- (AnviCsbSvc)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/11/09 21:23:19 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 14:15:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/12/08 18:23:10 | 000,136,568 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe -- (SQLANYs_SmpParts)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 14:40:14 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/11/09 21:23:20 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/07 00:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 00:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 00:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/27 07:05:08 | 000,063,528 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2011/04/21 10:31:46 | 000,024,408 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV:64bit: - [2011/04/21 10:31:40 | 000,018,776 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV:64bit: - [2011/04/21 10:31:32 | 000,017,240 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\spyemrg.sys -- (SpyEmrg)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/02 04:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "http://securesearch....2301514A181B21"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Users\BR\AppData\Local\Temp\..\application data\nptrademanager\nptrademanager.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\BR\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 08:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/20 13:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:52:57 | 000,000,000 | ---D | M]
[2012/04/05 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Extensions
[2013/03/22 07:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\extensions
[2013/03/18 11:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\sgtqri72.default-1363220796849\extensions
[2013/03/23 21:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/08 09:53:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/31 02:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2011/07/29 06:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
[2012/08/30 15:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:17:05 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2013/03/03 09:04:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/24 07:06:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [aliim] C:\Program Files (x86)\Trademanager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKCU..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/20 09:13:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 14:56:58 | 000,000,030 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 10:55:11 | 000,000,038 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell - "" = AutoRun
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- [2009/05/18 10:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/24 07:06:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/23 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{28586834-0E0C-4BAF-94CD-EB7EE4D40EE3}
[2013/03/23 21:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/03/23 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxFreeway 2012
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Entropy Technology Ltd
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entropy Technology Ltd
[2013/03/23 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Downloaded Installations
[2013/03/23 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\IsolatedStorage
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHOK IT Consulting
[2013/03/23 16:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenuTax Standard
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\Tax
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GenuSource Consulting
[2013/03/23 09:30:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FDE64A63-12FB-478C-A881-31F250C231E7}
[2013/03/22 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\VirtualStore
[2013/03/22 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{B15CD21A-C931-4EBD-B6B9-F11A78F638F2}
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2013/03/21 10:03:17 | 000,024,408 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_access.sys
[2013/03/21 10:03:16 | 000,018,776 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_guard.sys
[2013/03/21 10:03:16 | 000,017,240 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg.sys
[2013/03/21 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2013/03/21 10:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/03/21 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{5720FADB-0439-4A3C-92F6-49C216F7E845}
[2013/03/20 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6BB28D13-B0A4-427E-934B-82DABF37E077}
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\LavasoftStatistics
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/20 13:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/20 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/20 13:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/03/20 13:11:23 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 13:11:21 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/20 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{7EEF3235-4AAA-4214-B541-5099BEC6ED5B}
[2013/03/20 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{686040E4-2BCA-4B6A-8EB8-CA8F00A23152}
[2013/03/20 09:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/20 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\DriverCure
[2013/03/20 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/20 06:59:57 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\otcv0.1-1
[2013/03/19 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{8A48AC88-5FAB-4A44-9A77-9EEAA79E8AA2}
[2013/03/19 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{457A205A-105F-41F8-8C6B-FDB4D9BD842E}
[2013/03/19 08:14:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{F1A6CAD4-A881-4AA2-B78F-3B8049966393}
[2013/03/18 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1FF460EA-A122-4E99-A2A4-DE3D41F1A41E}
[2013/03/18 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/03/18 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2013/03/18 15:14:33 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2013/03/18 15:14:33 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2013/03/18 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/03/18 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/18 15:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/18 10:48:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2013/03/18 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2013/03/18 09:13:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C24A48EC-72E1-4659-81A7-657CE5918BC9}
[2013/03/17 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AB2E2B86-0618-41E9-BB2B-8F2A6BEBCE54}
[2013/03/17 09:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/17 09:41:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E0F37E2B-D804-4752-9F44-BEE5E0F2C247}
[2013/03/15 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{69BA8EC4-267E-47A1-845A-2F5C2CF0F593}
[2013/03/15 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1CAFF28E-5BC4-4D9F-AE04-9703B7794FDB}
[2013/03/14 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1A86E95F-6E1D-474D-82F7-1025EE470D50}
[2013/03/14 05:47:40 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/13 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{A0320918-88E8-47ED-8FEA-53DAF2FC7102}
[2013/03/13 17:43:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6B8FCCAB-2462-44C4-8EEC-EC15E7700542}
[2013/03/13 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data-1
[2013/03/13 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data
[2013/03/13 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{D54CC5D4-E19F-4AB9-ADE3-00DEAC954B92}
[2013/03/12 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{00DECF31-5884-4B67-B03D-1580276728E6}
[2013/03/12 07:56:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E80F5D57-6E86-4407-A8B8-8CC62B27AB50}
[2013/03/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C3192566-D6A6-424D-B506-DE097BA928E3}
[2013/03/11 06:07:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Malwarebytes
[2013/03/11 06:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/11 06:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/11 06:07:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Programs
[2013/03/10 17:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/10 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/10 11:02:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E7357FA0-BF4F-4397-9629-8AC6C4F02034}
[2013/03/10 10:33:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{3072DAFF-ED98-4C2D-974F-435621D95050}
[2013/03/09 08:31:51 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C5EDE53E-C589-4C85-85A2-309D7FAFB1D6}
[2013/03/08 09:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AFF13EDA-C28F-4DA3-992D-5756F360BDE6}
[2013/03/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{30669A07-3F85-4B40-8F55-04FFDEAD597F}
[2013/03/07 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FD9F0475-12C1-4230-890C-B24CB8F0AD26}
[2013/03/06 13:53:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/06 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1B563261-1295-4362-966E-ACF08E175584}
[2013/03/05 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{CBBDFFAB-9162-40C0-A222-E84C05EDEDEB}
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/05 08:49:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{32D33FEE-F28D-4A95-A417-83BB6D096E5B}
[2013/03/04 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{43BF15EF-E208-488C-9442-462397E7710A}
[2013/03/03 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{ABED4794-38BE-4EB0-92F0-4CBCE275B5D3}
[2013/03/03 09:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/03/02 21:03:31 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{2F61ED36-D6BE-4571-99FE-D00AFB81AD21}
========== Files - Modified Within 30 Days ==========
[2030/07/20 19:57:30 | 000,648,124 | ---- | M] () -- C:\Users\BR\Documents\IMG_0087.JPG
[2030/07/20 19:55:56 | 000,905,640 | ---- | M] () -- C:\Users\BR\Documents\IMG_0085.JPG
[2030/07/20 19:55:26 | 000,792,710 | ---- | M] () -- C:\Users\BR\Documents\IMG_0083.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057(0).JPG
[2029/01/01 05:09:38 | 000,771,357 | ---- | M] () -- C:\Users\BR\Documents\IMG_0042.JPG
[2029/01/01 05:08:18 | 000,941,950 | ---- | M] () -- C:\Users\BR\Documents\IMG_0040.JPG
[2013/03/24 07:23:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 07:23:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 07:23:22 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/24 07:23:22 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/24 07:23:22 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/24 07:16:55 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/24 07:16:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/24 07:16:21 | 1314,791,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/24 07:06:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/24 07:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/24 06:59:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 19:27:23 | 000,001,034 | ---- | M] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/22 08:48:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/22 07:59:05 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/22 07:57:21 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 09:13:26 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | M] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | M] () -- C:\Users\BR\Documents\SCAN0000.odt
[2013/03/05 08:51:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/05 04:01:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
========== Files Created - No Company Name ==========
[2013/03/23 19:27:23 | 000,001,034 | ---- | C] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:35:02 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:33 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/21 10:03:20 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/20 17:53:35 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/20 09:13:26 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | C] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2013/03/18 15:14:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | C] () -- C:\Users\BR\Documents\SCAN0000.odt
[2012/12/02 13:08:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/10/03 18:23:13 | 000,049,261 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.1
[2012/10/03 18:23:12 | 000,136,857 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.0
[2012/10/03 18:23:12 | 000,049,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
[2012/10/03 18:22:42 | 000,050,685 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.1
[2012/10/03 18:22:40 | 000,135,858 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.0
[2012/10/03 18:22:40 | 000,050,520 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
[2012/10/03 18:22:18 | 000,134,269 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.0
[2012/10/03 18:22:18 | 000,049,466 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
[2012/10/03 18:21:55 | 000,115,714 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.0
[2012/10/03 18:21:55 | 000,038,427 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
[2012/10/03 18:21:35 | 000,121,078 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.0
[2012/10/03 18:21:35 | 000,044,248 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
[2012/10/03 18:18:39 | 000,112,551 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.0
[2012/10/03 18:18:39 | 000,040,181 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
[2012/09/23 14:15:55 | 000,132,533 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
[2012/09/23 14:15:52 | 000,132,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
[2012/09/23 14:15:39 | 000,003,890 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
[2012/09/23 14:15:33 | 000,137,289 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
[2012/08/22 16:05:20 | 000,006,400 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
[2012/08/22 16:05:20 | 000,001,969 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
[2012/06/07 21:09:05 | 000,000,000 | ---- | C] () -- C:\Users\BR\AppData\Local\Temptable.xml
[2012/06/07 14:40:49 | 000,016,016 | ---- | C] () -- C:\Users\BR\carbon_steel.jpg
[2012/06/07 14:07:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/14 09:36:24 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008(0).JPG
[2012/03/14 09:36:24 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021(0).JPG
[2012/03/14 08:44:41 | 000,000,133 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 18:47:41 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2012/03/13 08:16:26 | 000,202,546 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/13 08:16:26 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/03/13 06:43:42 | 000,768,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 05:27:04 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008.JPG
[2012/03/13 05:27:04 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021.JPG
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/14 05:47:40 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/18 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2012/12/15 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\AnvSoft
[2012/08/20 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Canneverbe Limited
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DassaultSystemes
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DriverCure
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\EDrawings
[2013/03/18 10:48:22 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2012/11/14 08:42:35 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\funkitron
[2013/03/06 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/24 07:17:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2012/04/18 23:06:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TeamViewer
[2012/09/13 08:52:41 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TightVNC
[2013/03/18 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\WildTangent
[2012/04/02 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/03/14 09:44:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2012/03/14 09:43:54 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
[2012/03/13 05:33:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2012/03/13 05:32:55 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
========== Alternate Data Streams ==========
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> C:\Users\BR\Documents\2008 BMW 335I Service History.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty
< End of report >
Did the fix then the quick scan here are the results
OTL logfile created on: 24/03/2013 7:20:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BR\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
6.97 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 61.35% Memory free
13.93 Gb Paging File | 11.23 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.39 Gb Total Space | 785.62 Gb Free Space | 85.36% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.59 Gb Free Space | 14.44% Space Free | Partition Type: NTFS
Drive F: | 0.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 930.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Computer Name: BRIAN-PC | User Name: BR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/24 07:05:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BR\Downloads\OTL.exe
PRC - [2013/03/17 09:56:11 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/03/11 10:07:58 | 000,223,032 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
PRC - [2013/03/08 09:53:25 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/14 15:36:24 | 002,692,680 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
PRC - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2012/12/20 19:43:14 | 001,434,984 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
PRC - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/17 09:56:10 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/08 09:53:02 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/12/21 09:26:34 | 000,979,816 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
MOD - [2012/12/20 19:43:24 | 000,785,256 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2010/07/04 14:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 12:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2005/01/02 09:22:48 | 000,776,192 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/03/11 10:29:54 | 003,284,008 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/17 09:56:12 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/08 09:53:24 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/20 19:43:12 | 000,735,592 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/14 01:33:08 | 000,318,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe -- (AnviCsbSvc)
SRV - [2012/11/13 14:18:00 | 000,279,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (ADBlockerSrv)
SRV - [2012/11/09 21:23:19 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/07 14:15:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2010/12/08 18:23:10 | 000,136,568 | ---- | M] (iAnywhere Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\SQL Anywhere 10\win32\dbsrv10.exe -- (SQLANYs_SmpParts)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Users\BRIAN\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/06 14:40:14 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/11/09 21:23:20 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/07 00:16:18 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/11/07 00:16:16 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/11/07 00:16:16 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/05/27 07:05:08 | 000,063,528 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2011/04/21 10:31:46 | 000,024,408 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV:64bit: - [2011/04/21 10:31:40 | 000,018,776 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV:64bit: - [2011/04/21 10:31:32 | 000,017,240 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\spyemrg.sys -- (SpyEmrg)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/02 04:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2012/09/07 13:52:02 | 000,019,280 | ---- | M] () [File_System | System | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys -- (asdnet)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0336D126-A0DD-4CAC-8545-B6629D8F38E8}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{07C7C110-7846-4522-8DA7-7316F05F3171}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securesearch....E2301514A181B21
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/...=MSSEDF&pc=MSSE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaulturl: "http://securesearch....2301514A181B21"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Users\BR\AppData\Local\Temp\..\application data\nptrademanager\nptrademanager.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files (x86)\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\BR\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/13 08:20:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/20 13:13:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/08 09:52:57 | 000,000,000 | ---D | M]
[2012/04/05 09:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Extensions
[2013/03/22 07:47:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\acm539rf.default\extensions
[2013/03/18 11:00:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BR\AppData\Roaming\Mozilla\Firefox\Profiles\sgtqri72.default-1363220796849\extensions
[2013/03/23 21:06:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/08 09:52:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/03/08 09:53:25 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/05/31 02:16:36 | 000,108,576 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\nptrademanager.dll
[2011/07/29 06:33:40 | 000,108,480 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npwangwang.dll
[2012/08/30 15:14:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 08:17:05 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2013/03/03 09:04:11 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/24 07:06:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe ()
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [aliim] C:\Program Files (x86)\Trademanager\AliIM.exe (Alibaba (China) Co., Ltd.)
O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKCU..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{975E2597-4892-450D-9E49-5CA092C4B97F}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/20 09:13:26 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/12 14:56:58 | 000,000,030 | RH-- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/06/01 10:55:11 | 000,000,038 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell - "" = AutoRun
O33 - MountPoints2\{b85300d6-6d0c-11e1-b88a-e0cb4e7d728e}\Shell\AutoRun\command - "" = F:\HPLauncher.exe -- [2009/05/18 10:46:50 | 000,565,248 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/24 07:06:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/23 21:51:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{28586834-0E0C-4BAF-94CD-EB7EE4D40EE3}
[2013/03/23 21:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/03/23 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxFreeway 2012
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Entropy Technology Ltd
[2013/03/23 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Entropy Technology Ltd
[2013/03/23 17:42:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Downloaded Installations
[2013/03/23 17:08:17 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\IsolatedStorage
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioTax 2012
[2013/03/23 17:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BHOK IT Consulting
[2013/03/23 16:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GenuTax Standard
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\Tax
[2013/03/23 16:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GenuSource Consulting
[2013/03/23 09:30:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FDE64A63-12FB-478C-A881-31F250C231E7}
[2013/03/22 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\VirtualStore
[2013/03/22 07:24:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{B15CD21A-C931-4EBD-B6B9-F11A78F638F2}
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2013/03/21 10:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2013/03/21 10:03:17 | 000,024,408 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_access.sys
[2013/03/21 10:03:16 | 000,018,776 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_guard.sys
[2013/03/21 10:03:16 | 000,017,240 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg.sys
[2013/03/21 10:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2013/03/21 10:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/03/21 08:36:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{5720FADB-0439-4A3C-92F6-49C216F7E845}
[2013/03/20 13:20:03 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6BB28D13-B0A4-427E-934B-82DABF37E077}
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\LavasoftStatistics
[2013/03/20 13:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/03/20 13:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/03/20 13:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2013/03/20 13:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/03/20 13:11:23 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 13:11:21 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/20 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{7EEF3235-4AAA-4214-B541-5099BEC6ED5B}
[2013/03/20 09:31:46 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{686040E4-2BCA-4B6A-8EB8-CA8F00A23152}
[2013/03/20 09:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/03/20 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/20 09:10:02 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\DriverCure
[2013/03/20 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/03/20 06:59:57 | 000,000,000 | ---D | C] -- C:\Users\BR\Documents\otcv0.1-1
[2013/03/19 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{8A48AC88-5FAB-4A44-9A77-9EEAA79E8AA2}
[2013/03/19 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{457A205A-105F-41F8-8C6B-FDB4D9BD842E}
[2013/03/19 08:14:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{F1A6CAD4-A881-4AA2-B78F-3B8049966393}
[2013/03/18 21:48:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1FF460EA-A122-4E99-A2A4-DE3D41F1A41E}
[2013/03/18 15:42:18 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/03/18 15:14:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2013/03/18 15:14:33 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2013/03/18 15:14:33 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2013/03/18 15:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/03/18 15:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/03/18 15:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/03/18 10:48:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2013/03/18 10:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Converter
[2013/03/18 09:13:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C24A48EC-72E1-4659-81A7-657CE5918BC9}
[2013/03/17 12:27:24 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AB2E2B86-0618-41E9-BB2B-8F2A6BEBCE54}
[2013/03/17 09:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/17 09:41:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/16 11:46:39 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E0F37E2B-D804-4752-9F44-BEE5E0F2C247}
[2013/03/15 22:05:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{69BA8EC4-267E-47A1-845A-2F5C2CF0F593}
[2013/03/15 09:45:56 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1CAFF28E-5BC4-4D9F-AE04-9703B7794FDB}
[2013/03/14 17:15:45 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1A86E95F-6E1D-474D-82F7-1025EE470D50}
[2013/03/14 05:47:40 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/13 19:49:57 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{A0320918-88E8-47ED-8FEA-53DAF2FC7102}
[2013/03/13 17:43:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{6B8FCCAB-2462-44C4-8EEC-EC15E7700542}
[2013/03/13 17:26:42 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data-1
[2013/03/13 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\BR\Desktop\Old Firefox Data
[2013/03/13 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{D54CC5D4-E19F-4AB9-ADE3-00DEAC954B92}
[2013/03/12 21:34:27 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{00DECF31-5884-4B67-B03D-1580276728E6}
[2013/03/12 07:56:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E80F5D57-6E86-4407-A8B8-8CC62B27AB50}
[2013/03/11 08:51:22 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C3192566-D6A6-424D-B506-DE097BA928E3}
[2013/03/11 06:07:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\Malwarebytes
[2013/03/11 06:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/11 06:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/11 06:07:12 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\Programs
[2013/03/10 17:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/10 17:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/10 11:02:38 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{E7357FA0-BF4F-4397-9629-8AC6C4F02034}
[2013/03/10 10:33:28 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{3072DAFF-ED98-4C2D-974F-435621D95050}
[2013/03/09 08:31:51 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{C5EDE53E-C589-4C85-85A2-309D7FAFB1D6}
[2013/03/08 09:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/08 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{AFF13EDA-C28F-4DA3-992D-5756F360BDE6}
[2013/03/07 17:36:50 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{30669A07-3F85-4B40-8F55-04FFDEAD597F}
[2013/03/07 09:58:34 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{FD9F0475-12C1-4230-890C-B24CB8F0AD26}
[2013/03/06 13:53:49 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/06 07:21:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{1B563261-1295-4362-966E-ACF08E175584}
[2013/03/05 21:20:32 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{CBBDFFAB-9162-40C0-A222-E84C05EDEDEB}
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/05 08:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/05 08:49:10 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{32D33FEE-F28D-4A95-A417-83BB6D096E5B}
[2013/03/04 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{43BF15EF-E208-488C-9442-462397E7710A}
[2013/03/03 17:28:16 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{ABED4794-38BE-4EB0-92F0-4CBCE275B5D3}
[2013/03/03 09:04:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/03/02 21:03:31 | 000,000,000 | ---D | C] -- C:\Users\BR\AppData\Local\{2F61ED36-D6BE-4571-99FE-D00AFB81AD21}
========== Files - Modified Within 30 Days ==========
[2030/07/20 19:57:30 | 000,648,124 | ---- | M] () -- C:\Users\BR\Documents\IMG_0087.JPG
[2030/07/20 19:55:56 | 000,905,640 | ---- | M] () -- C:\Users\BR\Documents\IMG_0085.JPG
[2030/07/20 19:55:26 | 000,792,710 | ---- | M] () -- C:\Users\BR\Documents\IMG_0083.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057.JPG
[2029/07/17 17:13:42 | 000,695,103 | ---- | M] () -- C:\Users\BR\Documents\IMG_0057(0).JPG
[2029/01/01 05:09:38 | 000,771,357 | ---- | M] () -- C:\Users\BR\Documents\IMG_0042.JPG
[2029/01/01 05:08:18 | 000,941,950 | ---- | M] () -- C:\Users\BR\Documents\IMG_0040.JPG
[2013/03/24 07:23:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 07:23:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 07:23:22 | 000,782,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/24 07:23:22 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/24 07:23:22 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/24 07:16:55 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/24 07:16:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/24 07:16:21 | 1314,791,423 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/24 07:06:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/24 07:04:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/24 06:59:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 19:27:23 | 000,001,034 | ---- | M] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:40 | 000,041,984 | ---- | M] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/22 08:48:09 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/22 07:59:05 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/22 07:57:21 | 000,432,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/03/20 13:11:23 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/03/20 09:13:26 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | M] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | M] () -- C:\Users\BR\Documents\SCAN0000.odt
[2013/03/05 08:51:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/05 04:01:36 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
========== Files Created - No Company Name ==========
[2013/03/23 19:27:23 | 000,001,034 | ---- | C] () -- C:\Users\BR\Desktop\OTL - Shortcut.lnk
[2013/03/23 17:35:02 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t.backup
[2013/03/23 17:31:33 | 000,041,984 | ---- | C] () -- C:\Users\BR\Documents\GINARUSSENHOLT.12t
[2013/03/23 17:08:05 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\StudioTax 2012.lnk
[2013/03/21 10:03:20 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/03/20 17:53:35 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBR.job
[2013/03/20 09:13:26 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/03/18 15:42:18 | 000,001,256 | ---- | C] () -- C:\Users\BR\Desktop\Cloud System Booster.lnk
[2013/03/18 15:14:33 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2013/03/18 15:14:33 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/03/18 15:14:31 | 000,001,462 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/03/17 09:41:30 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/06 13:50:50 | 000,021,665 | ---- | C] () -- C:\Users\BR\Documents\SCAN0000.odt
[2012/12/02 13:08:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/10/03 18:23:13 | 000,049,261 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.1
[2012/10/03 18:23:12 | 000,136,857 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.0
[2012/10/03 18:23:12 | 000,049,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD6.JPG
[2012/10/03 18:22:42 | 000,050,685 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.1
[2012/10/03 18:22:40 | 000,135,858 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.0
[2012/10/03 18:22:40 | 000,050,520 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD5.JPG
[2012/10/03 18:22:18 | 000,134,269 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.0
[2012/10/03 18:22:18 | 000,049,466 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD4.JPG
[2012/10/03 18:21:55 | 000,115,714 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.0
[2012/10/03 18:21:55 | 000,038,427 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD3.JPG
[2012/10/03 18:21:35 | 000,121,078 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.0
[2012/10/03 18:21:35 | 000,044,248 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD1.JPG
[2012/10/03 18:18:39 | 000,112,551 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.0
[2012/10/03 18:18:39 | 000,040,181 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpNOMAD2.JPG
[2012/09/23 14:15:55 | 000,132,533 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.JPG
[2012/09/23 14:15:52 | 000,132,486 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.1
[2012/09/23 14:15:39 | 000,003,890 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001_navi.JPG
[2012/09/23 14:15:33 | 000,137,289 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpFM3 #2 001.0
[2012/08/22 16:05:20 | 000,006,400 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).0
[2012/08/22 16:05:20 | 000,001,969 | ---- | C] () -- C:\Users\BR\AppData\Local\tmpUNTITLED LOGO XX2_THUMBNAIL(0).JPG
[2012/06/07 21:09:05 | 000,000,000 | ---- | C] () -- C:\Users\BR\AppData\Local\Temptable.xml
[2012/06/07 14:40:49 | 000,016,016 | ---- | C] () -- C:\Users\BR\carbon_steel.jpg
[2012/06/07 14:07:28 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/03/14 09:36:24 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008(0).JPG
[2012/03/14 09:36:24 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021(0).JPG
[2012/03/14 08:44:41 | 000,000,133 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/13 18:47:41 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2012/03/13 08:16:26 | 000,202,546 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/13 08:16:26 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/03/13 06:43:42 | 000,768,454 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/13 05:27:04 | 000,682,208 | ---- | C] () -- C:\Users\BR\P9010008.JPG
[2012/03/13 05:27:04 | 000,670,313 | ---- | C] () -- C:\Users\BR\P9010021.JPG
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/21 09:16:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Ad-Aware Antivirus
[2013/03/14 05:47:40 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Alibaba
[2013/03/18 15:14:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Anvisoft
[2012/12/15 13:38:55 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\AnvSoft
[2012/08/20 19:16:29 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Canneverbe Limited
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DassaultSystemes
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\DriverCure
[2012/06/07 14:07:43 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\EDrawings
[2013/03/18 10:48:22 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Free-PDF-to-Word.com
[2012/11/14 08:42:35 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\funkitron
[2013/03/06 13:53:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\PDFCreator
[2013/03/20 09:10:02 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\SpeedyPC Software
[2013/03/24 07:17:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Spy Emergency
[2012/04/18 23:06:38 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TeamViewer
[2012/09/13 08:52:41 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\TightVNC
[2013/03/18 15:22:06 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\WildTangent
[2012/04/02 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\BR\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/03/14 09:44:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2012/03/14 09:43:54 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
[2012/03/13 05:33:01 | 001,133,304 | ---- | C] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2012/03/13 05:32:55 | 000,019,267 | ---- | C] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014.JPG) -- C:\Users\BR\Documents\扫描0014.JPG
[2009/05/27 18:49:52 | 001,133,304 | ---- | M] ()(C:\Users\BR\Documents\??0014(0).JPG) -- C:\Users\BR\Documents\扫描0014(0).JPG
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan.pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan.pdf
[2009/04/15 22:15:20 | 000,019,267 | ---- | M] ()(C:\Users\BR\Documents\SYC86 ?? internal fan(0).pdf) -- C:\Users\BR\Documents\SYC86 馬達 internal fan(0).pdf
========== Alternate Data Streams ==========
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com.eml:OECustomProperty
@Alternate Data Stream - 917 bytes -> C:\Users\BR\Documents\Re_ 1965 Chevrolet Corvette on UsedCorvettesOnline.com(0).eml:OECustomProperty
@Alternate Data Stream - 845 bytes -> C:\Users\BR\Documents\2008 BMW 335I Service History.eml:OECustomProperty
@Alternate Data Stream - 829 bytes -> C:\Users\BR\Documents\Aluminum Fabricated Tables.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\BR\Documents\P.O. For tumble weed(0).eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept.eml:OECustomProperty
@Alternate Data Stream - 613 bytes -> C:\Users\BR\Documents\reaper pic sept(0).eml:OECustomProperty
< End of report >
#8
Posted 24 March 2013 - 08:49 AM
Could you confirm that it has now gone ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
THEN
Please download Malwarebytes Anti-Malware to your desktop.
The log can also be found here:
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL [2013/03/23 21:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download Malwarebytes Anti-Malware to your desktop.
- Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan as shown below.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
The log can also be found here:
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
#9
Posted 24 March 2013 - 09:37 AM
Hi ESSEXBOY, THE CHITKA POPUP'S ARE NOT COMING UP ANYMORE!
DID THE SCAN SHOWED 1 PROBLEM SHOULD I GET THE MALEWARE TO REMOVE IT?
HERE ARE THE RESULTS
HEURISTICS,RES....
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.18.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
BR :: BRIAN-PC [administrator]
Protection: Enabled
24/03/2013 8:24:21 AM
MBAM-log-2013-03-24 (08-31-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278719
Time elapsed: 5 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\BR\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> No action taken.
(end)
DID THE SCAN SHOWED 1 PROBLEM SHOULD I GET THE MALEWARE TO REMOVE IT?
HERE ARE THE RESULTS
HEURISTICS,RES....
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.18.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
BR :: BRIAN-PC [administrator]
Protection: Enabled
24/03/2013 8:24:21 AM
MBAM-log-2013-03-24 (08-31-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278719
Time elapsed: 5 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\BR\AppData\Local\Temp\services.exe.mui (Heuristics.Reserved.Word.Exploit) -> No action taken.
(end)
#10
Posted 24 March 2013 - 09:41 AM
Aye delete that
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
#11
Posted 24 March 2013 - 10:46 AM
Thank you for all your help very much appreciated !
All popups seem to be gone now !!!
I do have 1 smaller problem now, my windows live mail has a window coming up now with
INITIALIZATION OF RSS FEED SUPPORT FAILED. RSS FEEDS COULD NOT BE UPDATED.
It does not seem to be stopping mail , can you tell me how to get rid of this?
All popups seem to be gone now !!!
I do have 1 smaller problem now, my windows live mail has a window coming up now with
INITIALIZATION OF RSS FEED SUPPORT FAILED. RSS FEEDS COULD NOT BE UPDATED.
It does not seem to be stopping mail , can you tell me how to get rid of this?
#12
Posted 24 March 2013 - 10:53 AM
Open live mail and select View tab
Click Quick View
Click feeds and ensure that all are unticked
[attachment=63935:Capture.JPG]
Click Quick View
Click feeds and ensure that all are unticked
[attachment=63935:Capture.JPG]
#13
Posted 24 March 2013 - 11:31 AM
unchecked all ,but still have the problem, tried rebooting no luck
#14
Posted 24 March 2013 - 11:45 AM
OK next trick delete the following folders
C:\Users\BR\AppData\Local\Microsoft\Windows Live Mail\Your Feeds
C:\Users\BR\AppData\Local\Microsoft\Feeds
C:\Users\BR\AppData\Local\Microsoft\Windows Live Mail\Your Feeds
C:\Users\BR\AppData\Local\Microsoft\Feeds
#15
Posted 24 March 2013 - 03:51 PM
thank you greatly that did it
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users