[Denisejm]

OTL logfile created on: 4/30/2013 10:17:01 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.20 Gb Available Physical Memory | 80.14% Memory free
5.75 Gb Paging File | 5.30 Gb Available in Paging File | 92.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 14.14 Gb Free Space | 41.36% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 264.19 Gb Free Space | 29.44% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 604.39 Gb Free Space | 32.44% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 364.61 Gb Free Space | 52.19% Space Free | Partition Type: NTFS

Computer Name: MYGIG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/23 12:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Avast5\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Avast5\AvastSvc.exe
PRC - [2008/03/24 18:48:52 | 003,310,928 | ---- | M] (Webshots.com) -- C:\Program Files (x86)\WebShots\Webshots.scr


========== Modules (No Company Name) ==========

MOD - [2013/04/30 08:09:57 | 002,087,424 | ---- | M] () -- C:\Program Files\Avast5\defs\13043000\algo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/09/10 12:14:54 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2013/04/10 02:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/13 14:48:49 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 08:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2007/02/18 08:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2010/05/05 15:35:01 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/07/12 02:41:17 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\npf.sys -- (NPF)
DRV - [2007/02/18 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2002/07/16 21:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = Yahoo!
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}: "URL" = http://bing.zugo.com...cfg=2-80-0-Aqd3
IE - HKCU\..\SearchScopes\{396BB7C9-5011-4147-B1FA-E09617996123}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{928A65F1-E196-4684-A72F-468EF5214A24}: "URL" = http://www.tripadvis...q={searchTerms}
IE - HKCU\..\SearchScopes\{9ED67100-59C2-4EA1-B00A-5B3F66050152}: "URL" = http://query.nytimes...s}&opensearch=1
IE - HKCU\..\SearchScopes\{C92C89DF-3EF7-4640-B646-34D65835741D}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D01EF2D8-BE7A-4C3B-8053-B7959714AD54}: "URL" = http://www.fastbrows...E-0EE4AAF8FE4A}
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = http://search.yahoo....-8&fr=chr-iobit
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java jre-7u21-windows-x64\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VLC Media Player 2.0.5\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Avast5\WebRep\FF [2013/03/14 12:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/04/12 10:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/27 13:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/27 13:55:59 | 000,000,000 | ---D | M]

[2013/04/26 11:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/04/30 13:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/30 13:46:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013/04/27 13:56:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 14:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/12/30 06:47:50 | 000,002,037 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
[2013/02/19 13:54:02 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java jre-7u21-windows-x64\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java jre-7u21-windows-x64\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install File not found
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\WebShots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: flickr.com ([www] http in Trusted sites)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1321508482812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1321508432468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DDC0173-88C1-41DE-B25C-585A91DC2F21}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CB7CFF-5BDF-4D03-B675-2F9E29EE4A2A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C3728E0-79F6-4148-A857-00965E95E10C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53EA468D-C928-4662-996B-38CD8D27EBD6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDEF09F-B6A1-4B5B-B62B-88BEB3A875C0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Searchqu Toolbar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Searchqu Toolbar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 06:56:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/30 13:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java jre-7u21-windows-x64
[2013/04/30 13:46:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/04/30 13:33:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/30 13:26:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2013/04/30 13:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JavaRa-2.1
[2013/04/30 13:16:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/29 10:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/27 19:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2013/04/27 16:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MGI
[2013/04/27 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/26 16:52:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/26 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/26 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2013/04/26 11:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
[2013/04/26 11:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/04/26 11:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/04/26 11:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/04/26 10:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/04/26 10:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2013/04/26 10:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/04/26 10:33:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/26 10:33:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/26 10:13:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/04/24 10:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/23 13:00:04 | 000,000,000 | ---D | C] -- C:\Geeks to Go rootkit and malware removal programs
[2013/04/22 13:10:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2013/04/19 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/18 14:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Flashplayer 11x32 axau_mssd_aih
[2013/04/17 10:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MGI PhotoSuite 4
[2013/04/17 10:42:20 | 001,130,496 | ---- | C] (MGI Software Corp.) -- C:\WINDOWS\SysWow64\MGIIpl4PX.dll
[2013/04/17 10:42:20 | 000,098,304 | ---- | C] (MGI Software Corp.) -- C:\WINDOWS\SysWow64\MGI Album Screen Saver.scr
[2013/04/17 10:42:20 | 000,061,440 | ---- | C] (MGI Software Inc.) -- C:\WINDOWS\SysWow64\MGI Panorama Screen Saver.scr
[2013/04/17 10:42:20 | 000,024,576 | ---- | C] (MGI Software Corp.) -- C:\WINDOWS\SysWow64\MGIIpl4.dll
[2013/04/17 10:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MGI PhotoSuite 4
[2013/04/17 10:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Live Picture
[2013/04/16 19:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Corel User Files
[2013/04/16 19:03:31 | 000,000,000 | ---D | C] -- C:\MyFiles
[2013/04/16 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel WordPerfect
[2013/04/15 10:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MGI
[2013/04/13 16:04:24 | 000,000,000 | ---D | C] -- C:\motherboard_driver_sata_gb_sata2raid_ep45 v1.17.50.02
[2013/04/12 10:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 2.0.1
[2013/04/11 10:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/04/11 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Pro Edition
[2013/04/11 01:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Genius Pro.v8.0.Incl.Keymaker-CORE
[2013/04/11 00:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DriverGenius
[2013/04/11 00:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JMicron Technology Corp
[2013/04/11 00:10:12 | 000,000,000 | ---D | C] -- C:\Drivers downloaded by Driver Genius 041013

========== Files - Modified Within 30 Days ==========

[2013/04/30 22:11:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/30 21:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/30 15:20:39 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/30 15:20:30 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/30 15:20:30 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
[2013/04/30 15:20:30 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1560305870-1003223559-3566357663-500.job
[2013/04/30 15:20:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/30 12:58:03 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
[2013/04/30 12:43:45 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/29 23:52:44 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Desktop\05 May.lnk
[2013/04/29 23:44:17 | 000,087,799 | ---- | M] () -- C:\SuperAntiSpyware.jpg
[2013/04/29 23:22:19 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ 5 Power Defragmenter GUI 2.0.lnk
[2013/04/29 20:31:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/04/29 11:36:12 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Drive Index 042013.lnk
[2013/04/28 10:12:12 | 000,000,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\- New 042013.lnk
[2013/04/27 23:38:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1560305870-1003223559-3566357663-500.job
[2013/04/27 17:19:27 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Solitaire.lnk
[2013/04/27 16:53:45 | 001,407,054 | ---- | M] () -- C:\My Computer Screenshot 042713.bmp
[2013/04/27 16:51:19 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2013/04/27 14:40:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\showdesktop.scf.scf
[2013/04/27 13:43:55 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\&Search.lnk
[2013/04/27 13:38:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MIX DL.lnk
[2013/04/27 12:54:48 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2013/04/27 12:50:56 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2013/04/27 12:50:54 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2013/04/27 12:49:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2013/04/27 12:48:01 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Programs.lnk
[2013/04/26 15:55:20 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2013/04/26 11:56:09 | 000,000,222 | ---- | M] () -- C:\boot.ini
[2013/04/26 10:01:55 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Administrator\Webshots Wallpaper.bmp
[2013/04/24 09:54:25 | 000,041,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\icr2c.jpg
[2013/04/23 12:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2013/04/20 03:04:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2013/04/19 11:10:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/17 10:43:06 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MGI PhotoSuite 4.lnk
[2013/04/16 19:04:29 | 000,000,509 | ---- | M] () -- C:\WINDOWS\SysWow64\mapisvc.inf
[2013/04/16 11:42:13 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Desktop\04 April.lnk
[2013/04/08 11:59:38 | 000,042,078 | ---- | M] () -- C:\WINDOWS\PFP80JPR.{PB
[2013/04/08 11:59:38 | 000,008,438 | ---- | M] () -- C:\WINDOWS\PFP80JCM.{PB
[2013/04/04 05:36:01 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll
[2013/04/04 05:35:52 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll

========== Files Created - No Company Name ==========

[2013/04/29 23:52:44 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Desktop\05 May.lnk
[2013/04/29 23:44:16 | 000,087,799 | ---- | C] () -- C:\SuperAntiSpyware.jpg
[2013/04/29 23:22:19 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ 5 Power Defragmenter GUI 2.0.lnk
[2013/04/27 16:52:09 | 001,407,054 | ---- | C] () -- C:\My Computer Screenshot 042713.bmp
[2013/04/27 14:40:49 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\showdesktop.scf.scf
[2013/04/27 13:43:55 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\&Search.lnk
[2013/04/27 13:38:36 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MIX DL.lnk
[2013/04/27 12:53:58 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2013/04/27 12:50:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2013/04/27 12:50:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2013/04/27 12:50:10 | 000,001,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Solitaire.lnk
[2013/04/27 12:49:52 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2013/04/27 12:49:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2013/04/27 12:48:09 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\- New 042013.lnk
[2013/04/27 12:48:01 | 000,000,461 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Programs.lnk
[2013/04/27 12:47:43 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Drive Index 042013.lnk
[2013/04/26 15:55:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2013/04/26 12:25:17 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
[2013/04/26 10:01:54 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Webshots Wallpaper.bmp
[2013/04/24 09:53:49 | 000,041,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\icr2c.jpg
[2013/04/17 10:43:06 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MGI PhotoSuite 4.lnk
[2013/04/17 10:42:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2013/04/17 10:42:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\SysWow64\Fpl.dll
[2013/04/17 10:42:20 | 000,041,220 | ---- | C] () -- C:\WINDOWS\SysWow64\MGIScreenSaver.chm
[2013/04/16 11:42:13 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Desktop\04 April.lnk
[2013/04/12 10:28:35 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 11:59:38 | 000,042,078 | ---- | C] () -- C:\WINDOWS\PFP80JPR.{PB
[2013/04/08 11:59:38 | 000,008,438 | ---- | C] () -- C:\WINDOWS\PFP80JCM.{PB
[2013/02/20 00:25:57 | 000,307,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/02 13:37:38 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
[2012/09/16 12:12:44 | 000,037,376 | ---- | C] () -- C:\WINDOWS\SysWow64\VbVfw.dll
[2012/09/15 17:51:21 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Tool - VobEdit.INI
[2012/09/13 12:05:23 | 000,074,703 | ---- | C] () -- C:\WINDOWS\SysWow64\mfc45.dat
[2012/03/02 17:14:00 | 000,000,098 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011/08/05 22:25:10 | 000,000,031 | ---- | C] () -- C:\WINDOWS\SysWow64\mkvtoa4gfosini.dll
[2011/06/08 08:34:14 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2009/05/29 07:10:21 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/05/29 07:21:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 08:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2007/02/18 08:00:00 | 000,482,816 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D

< End of report >

[Advertisements]

Sorry . . . I ran the full scan :|

[Denisejm]

Sorry . . . I ran the full scan :|

[tom982]

Hi Denise,

Not to worry, there's not all that much difference between the two

You're all clean now Time for a little housekeeping:

OTL Fix

• Run OTL.
• Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
  
  
  

  :OTL
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
  O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
  O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
  O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Searchqu Toolbar\Datamngr\x64\datamngr.dll) - File not found
  O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Searchqu Toolbar\Datamngr\x64\IEBHO.dll) - File not found
  
  :Commands
  [EMPTYTEMP]

  
  
• Click the Run Fix button. This will reboot your computer on completion of the fix.

OTL CleanUp

• Open OTL
• Click CleanUp

This will remove all of the tools that we have used (and their subsequent logs) from your system, leaving you as good as new. If anything is left over, you can safely delete these yourself.


WOT Link Scanning

• Install WOT (Web Of Trust) from here Safe Browsing Tool - WOT
• This program provides information about the safety of websites and links that you visit.
• The ratings can be found below:
  
  Green - Website is highly rated
  Yellow - Website should be used with caution
  Red - Website should be avoided
  
• A complete list of the symbols can be found here

WOT provides colour coded link scanning for websites and allows you to see whether a link you are about to click on is bad - e.g. malicious.

MVPs HOSTS File

• Download the MVPs HOSTS File to your desktop
• Extract the files from the .zip folder
• Right click on mvps.bat and select Run As Administrator
• This should open up a command window, follow the on screen instructions
  
• Open your start menu, and type cmd
• Right click on cmd and select Run As Administrator
• When it opens, type the following:

ipconfig /flushdns

Tom

[Denisejm]

I'm not getting the results to continue after I downloaded the programs and unzipped/right clicked on the files. Hosts doesn't give me the option to Run. The WOT website doesn't have anything for me to scan or an icon on my desktop for me to anything. I attached a few screenshots of what happened.

Attached Thumbnails

• 
• 
• 

[tom982]

Hi Denise,

Sorry for the confusion, I forgot to remove one part of the instructions to make it suitable for XP. Make sure you have the HOSTS file and mvps.bat in the same folder, then double click on mvps.bat to run it.

WOT is a browser extension to tell you how safe websites are, if you look to the left of the web address you are currently visiting, you will see a coloured circle which informs you whether the site you are visiting is safe or not. As you can see in the screenshot you provided, WOT is saying that mywot.com is safe:



It's entirely in the browser and doesn't have any Desktop icons or start menu folders

Tom

[Denisejm]

Make sure you have the HOSTS file and mvps.bat in the same folder, then double click on mvps.bat to run it.

I can't cut mvps.bat from the unzipped file into another folder. When I double click on it, the dos windows opens but I can't do anything with it. When I press a key, the window closes.

WOT is a browser extension to tell you how safe websites are, if you look to the left of the web address you are currently visiting, you will see a coloured circle which informs you whether the site you are visiting is safe or not.

"I see" said the blind man, and saw!

Attached Thumbnails

• 

Edited by Denisejm, 01 May 2013 - 06:23 PM.

[tom982]

Hi Denise,

In WinZip, select all of the files and click Extract then extract these to your Desktop. From here, you can double click on mvps.bat to install the HOSTS file In short, the files must be extracted before you run them!

Tom

[Denisejm]

Double click on mvps.bat file didn't work again. I got this window. When I tap a key, the window closes.

Attached Thumbnails

• 

[tom982]

Hi Denise,

That's all you need to do Job done! Note the "THE MVPS HOSTS FILE IS NOW UPDATED".

Tom

[Denisejm]

Oh, okay. I thought I had to do more than that. Can I delete the files from my desktop?


Do you know if Firefox add-ons could have caused iCrossRider to be placed in my pc. I only remember adding the bookmark bar and an icon add-on which made my icons in my bookmark bar to be enlarged. I may have added a couple more but I don't remember if I do or which ones they were. They were all from Firefox though.

[tom982]

Hi Denise,

Nope that's it, nice and simple You're safe to delete those files now.

Where did you get the addons from? If they were from the Mozilla website then it's unlikely, but still possible, that iCrossRider came from there as the addons are all vetted by Mozilla. If the addons were downloaded from elsewhere then there's a very good chance this is how you were infected. It's impossible to know for sure though, we can only speculate.

https://addons.mozil.../en-US/firefox/

Tom

[Denisejm]

I got them from Mozilla. I'll add them back someday soon and I'll let you know if iCrossRider comes back. I got iCrossRider each time I was on Mozilla Firefox but not from being on IE.


I very much appreciate all your help. It was wonderful! My pc moves faster now, like when I first installed Windows.


Hugs!


Denise

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.