I think I have something nasty on my notepad, I've scanned with MBAM and MSE also used TDSkiller but nothing had been found. The reason for why I think I have something is I have had an unknown Chinese language popping up trying to write to a protected registry. Also in the mbr when I bootrec /fixmbr it also has Chinese letters in stead of English. Ahh also I've had 2 blues screens with static not writing as I think you would normally see. Oh yeah and Google keeps telling me unusual traffic is coming from me....
Thanks in advance for your help.
OTL logs attached
Thank you
OTL logfile created on: 20/04/2013 22:53:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\N1cK\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.67% Memory free
3.98 Gb Paging File | 2.77 Gb Available in Paging File | 69.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 279.88 Gb Free Space | 93.92% Space Free | Partition Type: NTFS
Computer Name: N1CK-PC | User Name: N1cK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/04/20 22:52:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\N1cK\Desktop\OTL.exe
PRC - [2013/04/17 22:18:55 | 000,422,632 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/26 22:45:10 | 000,534,160 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe
PRC - [2013/02/23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2013/02/23 02:33:26 | 000,389,928 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2013/02/23 02:31:52 | 001,278,760 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2013/02/23 02:31:02 | 000,535,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\bin\FBW.exe
PRC - [2013/02/23 02:30:20 | 000,289,576 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\FBWMgr.exe
PRC - [2013/02/23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe
PRC - [2013/02/22 02:04:48 | 000,598,312 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpn.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/01/14 22:16:42 | 003,011,400 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2013/01/14 22:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/14 13:58:58 | 000,646,800 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files\Panda USB Vaccine\USBVaccine.exe
========== Modules (No Company Name) ==========
MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 09:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 09:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 09:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/02/23 02:30:20 | 000,289,576 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\FBWMgr.exe
MOD - [2012/12/10 02:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
========== Services (SafeList) ==========
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013/02/23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/02/23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe -- (HssSrv)
SRV - [2013/02/22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/14 22:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2012/06/15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\N1cK\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/20 22:29:12 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{735D6F0A-22BF-4C35-B351-2AF333CACFD5}\MpKsle21eeb85.sys -- (MpKsle21eeb85)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/26 22:40:56 | 000,209,304 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2013/02/22 02:50:36 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013/02/22 02:37:16 | 000,040,136 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/25 19:08:42 | 000,128,672 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/06 22:24:32 | 000,020,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/04/20 22:24:31 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Drive = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Ghostery = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Gmail = C:\Users\N1cK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/04/02 13:56:56 | 000,575,742 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 15610 more lines...
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A48A6C8-E7F0-4B4E-95B3-F612344C1BAB}: DhcpNameServer = 8.8.8.8 8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB225A73-43DD-41C8-9A05-5894067A34E5}: DhcpNameServer = 8.8.8.8 8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB225A73-43DD-41C8-9A05-5894067A34E5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1598BF4-76A3-4465-87AF-F1C16B98DDD3}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/20 22:52:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\N1cK\Desktop\OTL.exe
[2013/04/20 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Adobe
[2013/04/20 14:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2013/04/20 14:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2013/04/20 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2013/04/20 07:38:06 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\WinPatrol
[2013/04/20 07:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/04/20 07:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/20 07:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2013/04/20 07:25:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/20 07:23:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/19 23:30:21 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\N1cK\Documents\mbam-setup-1.75.0.1300.exe
[2013/04/19 22:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2013/04/19 22:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/04/19 22:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/04/19 22:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/19 22:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/04/19 22:45:55 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Google
[2013/04/19 22:43:28 | 000,905,928 | ---- | C] (BillP Studios) -- C:\Users\N1cK\Documents\wpsetup.exe
[2013/04/19 22:34:30 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\ElevatedDiagnostics
[2013/04/19 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Diagnostics
[2013/04/19 22:00:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/19 22:00:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/19 22:00:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/19 21:59:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/19 21:51:32 | 002,239,840 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\N1cK\Documents\tdsskiller.exe
[2013/04/19 17:15:57 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/04/19 16:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2013/04/19 16:47:54 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/04/19 16:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/04/19 16:47:42 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Notepad++
[2013/04/19 16:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2013/04/19 16:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
[2013/04/19 16:40:12 | 000,209,304 | ---- | C] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
[2013/04/19 16:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\KeyScrambler
[2013/04/19 16:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/19 16:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/04/19 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/04/19 16:34:00 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Privatefirewall
[2013/04/19 16:32:23 | 000,128,672 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\System32\drivers\pwipf6.sys
[2013/04/19 16:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
[2013/04/19 16:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Privacyware
[2013/04/19 16:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
[2013/04/19 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/04/19 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/04/19 16:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013/04/19 16:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2013/04/19 16:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2013/04/19 16:25:27 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2013/04/19 16:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/04/19 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine
[2013/04/19 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/04/19 16:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/04/19 16:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/04/19 16:14:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2013/04/19 16:14:38 | 000,000,000 | ---D | C] -- C:\Intel
[2013/04/19 16:09:55 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Malwarebytes
[2013/04/19 16:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/19 16:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/19 16:09:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/19 16:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/19 16:08:59 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Programs
[2013/04/19 15:29:51 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/19 15:29:51 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Searches
[2013/04/19 15:29:51 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/19 15:29:51 | 000,000,000 | -H-D | C] -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/19 15:29:43 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Roaming\Identities
[2013/04/19 15:29:41 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Contacts
[2013/04/19 15:29:32 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\VirtualStore
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\AppData\Local\Temporary Internet Files
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Templates
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Start Menu
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\SendTo
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Recent
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\PrintHood
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\NetHood
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Documents\My Videos
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Documents\My Pictures
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Documents\My Music
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\My Documents
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Local Settings
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\AppData\Local\History
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Cookies
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\Application Data
[2013/04/19 15:29:29 | 000,000,000 | -HSD | C] -- C:\Users\N1cK\AppData\Local\Application Data
[2013/04/19 15:29:28 | 000,000,000 | --SD | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Videos
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Saved Games
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Pictures
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Music
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Links
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Favorites
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Downloads
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Documents
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\Desktop
[2013/04/19 15:29:28 | 000,000,000 | R--D | C] -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/19 15:29:28 | 000,000,000 | -H-D | C] -- C:\Users\N1cK\AppData
[2013/04/19 15:29:28 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Temp
[2013/04/19 15:29:28 | 000,000,000 | ---D | C] -- C:\Users\N1cK\AppData\Local\Microsoft
[2013/04/19 15:29:10 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/04/19 15:24:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/19 15:22:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/04/19 15:21:10 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/04/19 07:20:27 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/04/19 07:19:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\OEM
========== Files - Modified Within 30 Days ==========
[2013/04/20 22:52:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\N1cK\Desktop\OTL.exe
[2013/04/20 22:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/20 22:51:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/20 22:31:07 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/20 22:31:07 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/20 22:24:54 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/20 22:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/20 22:24:32 | 1602,195,456 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/20 16:33:09 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/20 16:33:09 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/20 16:31:14 | 000,698,444 | ---- | M] () -- C:\Windows\System32\oem6.inf
[2013/04/20 16:25:48 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/20 14:09:37 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/04/20 07:06:33 | 000,001,411 | ---- | M] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/20 07:06:32 | 000,002,229 | ---- | M] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/19 23:30:56 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\N1cK\Documents\mbam-setup-1.75.0.1300.exe
[2013/04/19 23:27:58 | 044,492,509 | ---- | M] () -- C:\Users\N1cK\Desktop\complete-43.-chase-ready-.mp3
[2013/04/19 23:26:27 | 080,665,796 | ---- | M] () -- C:\Users\N1cK\Desktop\MU915.mp3
[2013/04/19 23:24:23 | 065,749,577 | ---- | M] () -- C:\Users\N1cK\Desktop\theunexplained-111.mp3
[2013/04/19 23:18:22 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/19 23:03:28 | 005,948,496 | ---- | M] () -- C:\Users\N1cK\Documents\HSS-2.88-install-zdnetcom-5-conduit.exe
[2013/04/19 22:48:31 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/19 22:43:53 | 000,905,928 | ---- | M] (BillP Studios) -- C:\Users\N1cK\Documents\wpsetup.exe
[2013/04/19 21:51:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/19 16:51:49 | 407,147,872 | ---- | M] () -- C:\Users\N1cK\Documents\security programs.zip
[2013/04/19 16:47:54 | 000,001,025 | ---- | M] () -- C:\Users\N1cK\Desktop\Notepad++.lnk
[2013/04/19 16:38:20 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/19 16:32:19 | 000,000,146 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/04/19 16:26:44 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/04/19 16:25:28 | 000,001,893 | ---- | M] () -- C:\Users\N1cK\Desktop\PeerBlock.lnk
[2013/04/19 16:24:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/19 16:18:54 | 000,014,048 | ---- | M] () -- C:\Windows\System32\results.xml
[2013/04/19 15:26:46 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf
[2013/04/10 01:09:02 | 002,239,840 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\N1cK\Documents\tdsskiller.exe
[2013/04/10 00:56:46 | 012,894,739 | ---- | M] () -- C:\Users\N1cK\Documents\mbar-1.01.0.1022.zip
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/02 13:56:56 | 000,575,742 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2013/03/26 22:40:56 | 000,209,304 | ---- | M] (QFX Software Corporation) -- C:\Windows\System32\drivers\keyscrambler.sys
========== Files Created - No Company Name ==========
[2013/04/20 22:24:36 | 000,257,736 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/20 16:31:29 | 000,698,444 | ---- | C] () -- C:\Windows\System32\oem6.inf
[2013/04/20 16:25:48 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/20 14:09:37 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2013/04/20 00:10:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/04/20 00:08:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/04/19 23:26:17 | 044,492,509 | ---- | C] () -- C:\Users\N1cK\Desktop\complete-43.-chase-ready-.mp3
[2013/04/19 23:24:33 | 080,665,796 | ---- | C] () -- C:\Users\N1cK\Desktop\MU915.mp3
[2013/04/19 23:22:39 | 065,749,577 | ---- | C] () -- C:\Users\N1cK\Desktop\theunexplained-111.mp3
[2013/04/19 23:01:21 | 005,948,496 | ---- | C] () -- C:\Users\N1cK\Documents\HSS-2.88-install-zdnetcom-5-conduit.exe
[2013/04/19 22:48:31 | 000,002,229 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/19 22:48:31 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/19 22:46:22 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 22:46:19 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/19 22:00:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/19 22:00:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/19 22:00:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/19 22:00:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/19 22:00:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/19 21:51:26 | 012,894,739 | ---- | C] () -- C:\Users\N1cK\Documents\mbar-1.01.0.1022.zip
[2013/04/19 21:51:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/04/19 16:51:15 | 407,147,872 | ---- | C] () -- C:\Users\N1cK\Documents\security programs.zip
[2013/04/19 16:47:54 | 000,001,025 | ---- | C] () -- C:\Users\N1cK\Desktop\Notepad++.lnk
[2013/04/19 16:38:20 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/04/19 16:32:19 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI
[2013/04/19 16:26:44 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/04/19 16:25:28 | 000,001,893 | ---- | C] () -- C:\Users\N1cK\Desktop\PeerBlock.lnk
[2013/04/19 16:24:16 | 000,001,411 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/19 16:24:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/19 16:23:39 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/04/19 16:18:54 | 000,014,048 | ---- | C] () -- C:\Windows\System32\results.xml
[2013/04/19 16:09:12 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/19 15:29:53 | 000,001,417 | ---- | C] () -- C:\Users\N1cK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/19 15:29:28 | 000,000,290 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/19 15:29:28 | 000,000,272 | ---- | C] () -- C:\Users\N1cK\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/19 15:21:10 | 1602,195,456 | -HS- | C] () -- C:\hiberfil.sys
========== ZeroAccess Check ==========
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/04/19 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\N1cK\AppData\Roaming\Notepad++
[2013/04/20 07:38:23 | 000,000,000 | ---D | M] -- C:\Users\N1cK\AppData\Roaming\WinPatrol
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Attached Files
Edited by N-R, 22 April 2013 - 04:54 AM.