New to OTL. Help with Scan results please. [Closed]

I am new to GeekstoGo and OTL. For years i have used HijackThis! with great success.
Until recently I have been able to detect, and Impede viruses before its too late.
Unfortunitly I have an undetectable thats altering; not only my registry, but preventing Vista from preforming correctly outside of Safe mode.

It all started when I noticed that the second user account I made for my son would not uninstall.

I deleted most of the registry entries. I still cannot disable the user account fully. I also noticed I had two "desktop" shortcuts in my start menu?
Caught the FBI extortion-ware virus; fixed that.
Then most recently my PC would not shut down properly. Taking hours..sometimes never to shut down. So the other day I update via Microsoft and again it took three hours to shut down. Being impatient I held power for 10 seconds. (I know, a big no-no! I thought it was freezing..)

So then upon logging in, my keyboard decides to not work anymore. After many tests Ive determined that the memory is 100% and the HDD is normal except out of Safe mode!

So here I am with an error I originally found in HijackThis!
I found a link
http://www.geekstogo...in-winsock-lsp/
I followed up to the results of the OTL Scan.
I noticed my net traffic might be redirected et cetra.
here are my logs. Any help would be GREATLY appreciated.

OTL logfile created on: 5/23/2013 9:34:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jeremy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.58% Memory free
6.68 Gb Paging File | 6.21 Gb Available in Paging File | 92.92% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 127.11 Gb Free Space | 44.13% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.85 Gb Free Space | 58.45% Space Free | Partition Type: NTFS
Drive F: | 2.84 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JEREMYS-PC | User Name: jeremy | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 21:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jeremy\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/05/23 18:59:07 | 000,371,584 | ---- | M] (Sysinternals - www.sysinternals.com) [Disabled | Stopped] -- C:\Users\jeremy\AppData\Local\Temp\KWRLQCYQY.exe -- (KWRLQCYQY)
SRV - [2013/05/23 18:58:41 | 000,334,720 | ---- | M] (Sysinternals - www.sysinternals.com) [Disabled | Stopped] -- C:\Users\jeremy\AppData\Local\Temp\VOLYMPZPKTLM.exe -- (VOLYMPZPKTLM)
SRV - [2013/05/23 18:58:28 | 000,592,768 | ---- | M] (Sysinternals - www.sysinternals.com) [Disabled | Stopped] -- C:\Users\jeremy\AppData\Local\Temp\JQ.exe -- (JQ)
SRV - [2013/05/15 11:06:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Disabled | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/12 10:43:56 | 000,093,072 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/09/27 21:38:02 | 000,217,600 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/06/01 12:42:28 | 000,014,088 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 17:10:32 | 000,025,824 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 07:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/03/06 17:55:24 | 000,105,248 | ---- | M] (Labtec Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva158.sys -- (XDva158)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva134.sys -- (XDva134)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\VClone.sys -- (VClone)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\jeremy\Downloads\HWiNFO32.SYS -- (HWiNFO32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 04:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/28 16:58:59 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/09/27 22:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012/09/27 22:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/09/27 21:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/04/10 10:26:49 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012/04/10 10:26:48 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2012/02/23 08:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2012/02/16 00:24:36 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/02/16 00:24:36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/11/08 17:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 17:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 04:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/26 22:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 22:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/04/26 22:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/04/26 22:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/06/24 00:54:16 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/12/04 23:55:40 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbgps.sys -- (UsbGps)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/07/10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/03/06 17:52:46 | 002,261,792 | ---- | M] (Labtec Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/03/06 17:50:30 | 001,669,664 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/10/18 14:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/04 20:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/07/13 12:08:20 | 000,033,890 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/05/13 09:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/05/13 07:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003/12/01 11:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003/09/06 08:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...B&cr=2092127589

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 21 9E CC 02 E4 B8 21 49 A6 AD 9D 87 44 CA 5B 95 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 21 9E CC 02 E4 B8 21 49 A6 AD 9D 87 44 CA 5B 95 [binary data]

IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\jeremy\Desktop
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 21 9E CC 02 E4 B8 21 49 A6 AD 9D 87 44 CA 5B 95 [binary data]
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7DKUS_en
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...B&cr=2092127589
IE - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

[2012/06/30 09:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Extensions
[2012/06/30 09:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/09/11 00:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/21 01:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/12/21 01:26:52 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]
[2012/12/21 01:26:44 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2013/01/17 04:36:58 | 000,432,897 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14905 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79C4CBDD-6033-493F-924E-5B11E030356D}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jeremy\Desktop\Wallpapers\Rock_Music_by_farshadfgd.jpg
O24 - Desktop BackupWallPaper: C:\Users\jeremy\Desktop\Wallpapers\Rock_Music_by_farshadfgd.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/11/02 16:00:00 | 000,000,043 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0a25c5d1-324e-11dd-bb2a-001d098a4652}\Shell - "" = AutoRun
O33 - MountPoints2\{2a5cad60-1b0d-11dd-bd8b-001d098a4652}\Shell - "" = AutoRun
O33 - MountPoints2\{3eae3353-6d63-11e0-8aa1-00219b06e484}\Shell - "" = AutoRun
O33 - MountPoints2\{3eae3353-6d63-11e0-8aa1-00219b06e484}\Shell\AutoRun\command - "" = H:\TL_Bootstrap.exe
O33 - MountPoints2\{6e4b0b88-c18b-11de-961b-806e6f6e6963}\Shell\Option1\Command - "" = F:\HBCD\HBCDMenu.exe
O33 - MountPoints2\{8d4af5c6-1e71-11e0-bd7e-00219b06e484}\Shell - "" = AutoRun
O33 - MountPoints2\{8d4af5c6-1e71-11e0-bd7e-00219b06e484}\Shell\AutoRun\command - "" = I:\TLBootstrap_WPP.exe
O33 - MountPoints2\{a9a7cdab-1cc5-11e0-bae1-00219b06e484}\Shell - "" = AutoRun
O33 - MountPoints2\{a9a7cdab-1cc5-11e0-bae1-00219b06e484}\Shell\AutoRun\command - "" = H:\TL_Bootstrap.exe
O33 - MountPoints2\{f4bbb3be-1a7b-11dd-b836-001d098a4652}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE -- [2006/11/02 16:00:00 | 000,109,160 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sasnative32)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-1460324579-3921442231-1198856337-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 21:22:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jeremy\Desktop\OTL.exe
[2013/05/23 19:40:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/23 19:01:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/23 19:00:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/23 19:00:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/05/23 18:25:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/23 18:13:10 | 000,000,000 | ---D | C] -- C:\Quarantine
[2013/05/23 10:19:18 | 000,000,000 | ---D | C] -- C:\Users\jeremy\AppData\Local\Deployment
[2013/05/12 19:49:00 | 000,000,000 | ---D | C] -- C:\Users\jeremy\Desktop\BitTorrents
[2013/05/12 00:05:17 | 000,000,000 | ---D | C] -- C:\Users\jeremy\AppData\Roaming\KVIrc4
[2013/05/12 00:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KVIrc
[2013/05/12 00:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\KVIrc
[2013/05/07 02:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/07 02:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/05/03 23:58:16 | 000,000,000 | ---D | C] -- C:\Users\jeremy\Desktop\apps
[2013/04/30 10:07:46 | 000,000,000 | ---D | C] -- C:\Users\jeremy\Desktop\images
[2013/04/30 10:07:45 | 000,000,000 | ---D | C] -- C:\Users\jeremy\Desktop\language
[2013/04/26 22:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimCleaner
[2008/08/28 14:17:12 | 158,399,432 | ---- | C] (Nero AG ) -- C:\Users\jeremy\Templates_Plus_DVD.exe
[2008/07/27 04:18:51 | 001,821,192 | ---- | C] (Microsoft Corporation) -- C:\Users\jeremy\vcredist_x86.exe
[2008/05/11 00:36:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jeremy\AppData\Roaming\pcouffin.sys
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\jeremy\*.tmp files -> C:\Users\jeremy\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/23 21:22:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jeremy\Desktop\OTL.exe
[2013/05/23 21:15:46 | 000,784,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/23 21:15:46 | 000,170,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/23 21:11:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 21:06:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/23 20:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 20:42:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/23 20:41:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 20:41:11 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/23 20:08:04 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/05/23 20:08:03 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/05/23 19:27:31 | 000,002,032 | ---- | M] () -- C:\Users\jeremy\AppData\Local\d3d9caps.dat
[2013/05/23 03:38:03 | 135,507,981 | ---- | M] () -- C:\Users\jeremy\Desktop\Windows6.0-KB947821-v26-x86.msu
[2013/05/23 03:22:28 | 000,312,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/22 14:54:20 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/05/13 19:10:24 | 000,021,056 | ---- | M] () -- C:\Users\jeremy\Desktop\zsnesw.cfg
[2013/05/13 19:10:24 | 000,003,814 | ---- | M] () -- C:\Users\jeremy\Desktop\zinput.cfg
[2013/05/13 19:10:06 | 000,002,480 | ---- | M] () -- C:\Users\jeremy\Desktop\zmovie.cfg
[2013/05/13 18:30:33 | 000,069,489 | ---- | M] () -- C:\Users\jeremy\Desktop\ROMCodes!.rtf
[2013/05/13 16:47:42 | 000,000,539 | ---- | M] () -- C:\Users\jeremy\Desktop\settings.ini
[2013/05/12 03:08:47 | 000,009,808 | ---- | M] () -- C:\Users\jeremy\Desktop\Untitled Project.0002.nvc
[2013/05/12 00:05:17 | 000,000,116 | ---- | M] () -- C:\Users\jeremy\kvirc4.ini
[2013/05/12 00:02:53 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\KVIrc.lnk
[2013/05/11 22:41:10 | 000,010,925 | ---- | M] () -- C:\Users\jeremy\Desktop\Cover Letter (2).rtf
[2013/05/09 04:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/05/09 04:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/05/09 04:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/05/09 04:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/05/09 04:59:09 | 000,049,760 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/05/09 04:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/05/09 04:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/05/02 19:25:59 | 000,125,990 | ---- | M] () -- C:\Users\jeremy\Documents\Dual30RC_OwnersManual_DEC2005.pdf
[2013/04/26 22:57:52 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\SlimCleaner.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\jeremy\*.tmp files -> C:\Users\jeremy\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/23 03:34:09 | 135,507,981 | ---- | C] () -- C:\Users\jeremy\Desktop\Windows6.0-KB947821-v26-x86.msu
[2013/05/17 11:09:50 | 000,312,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/12 03:08:47 | 000,009,808 | ---- | C] () -- C:\Users\jeremy\Desktop\Untitled Project.0002.nvc
[2013/05/12 00:05:17 | 000,000,116 | ---- | C] () -- C:\Users\jeremy\kvirc4.ini
[2013/05/12 00:02:53 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\KVIrc.lnk
[2013/05/11 22:41:17 | 000,010,925 | ---- | C] () -- C:\Users\jeremy\Desktop\Cover Letter (2).rtf
[2013/05/02 19:25:59 | 000,125,990 | ---- | C] () -- C:\Users\jeremy\Documents\Dual30RC_OwnersManual_DEC2005.pdf
[2013/03/13 19:38:48 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/13 19:38:48 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/12 18:36:32 | 000,001,517 | ---- | C] () -- C:\Users\jeremy\.recently-used.xbel
[2013/02/05 19:36:15 | 000,165,376 | ---- | C] () -- C:\Users\jeremy\5538543.exe
[2013/01/04 22:30:21 | 000,001,204 | ---- | C] () -- C:\Windows\AWSHKWV.INI
[2012/11/25 13:15:38 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/10/18 08:58:54 | 083,023,306 | ---- | C] () -- C:\ProgramData\taborca.pad
[2012/09/28 16:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/04/15 01:58:38 | 000,000,552 | ---- | C] () -- C:\Users\jeremy\AppData\Local\d3d8caps.dat
[2012/04/12 00:22:19 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/04/10 10:26:49 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012/04/10 10:26:48 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012/03/31 13:29:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/07 11:19:20 | 000,000,448 | ---- | C] () -- C:\ProgramData\th5Ed14hA4YBG5
[2011/12/28 22:28:08 | 000,008,634 | -HS- | C] () -- C:\Users\jeremy\AppData\Local\6r11857481lxp736
[2011/12/28 22:28:08 | 000,008,634 | -HS- | C] () -- C:\ProgramData\6r11857481lxp736
[2011/12/18 15:14:55 | 000,008,062 | -HS- | C] () -- C:\Users\jeremy\AppData\Local\xooqjo2m7veh2bhy1gge8u711o6g
[2011/12/18 15:14:55 | 000,008,062 | -HS- | C] () -- C:\ProgramData\xooqjo2m7veh2bhy1gge8u711o6g
[2011/12/13 21:02:15 | 000,011,460 | -HS- | C] () -- C:\Users\jeremy\AppData\Local\b7ck80m8ec8vkd
[2011/12/13 21:02:15 | 000,011,460 | -HS- | C] () -- C:\ProgramData\b7ck80m8ec8vkd
[2011/12/12 22:06:14 | 000,010,396 | -HS- | C] () -- C:\Users\jeremy\AppData\Local\a87d5rd783s2gd45284xcwd08uom763nh0m2
[2011/12/12 22:06:14 | 000,010,396 | -HS- | C] () -- C:\ProgramData\a87d5rd783s2gd45284xcwd08uom763nh0m2
[2011/11/10 02:11:08 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/10/15 16:20:59 | 000,001,664 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011/10/08 22:13:10 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/10/08 22:13:10 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/15 17:52:45 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/11 18:13:08 | 000,000,600 | ---- | C] () -- C:\Users\jeremy\AppData\Roaming\winscp.rnd
[2011/08/09 19:55:02 | 000,000,632 | RHS- | C] () -- C:\Users\jeremy\ntuser.pol
[2011/06/20 22:28:25 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/07/10 11:17:07 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/10 11:17:07 | 000,000,088 | RHS- | C] () -- C:\ProgramData\E4B8686A78.sys
[2010/06/29 19:15:57 | 000,002,032 | ---- | C] () -- C:\Users\jeremy\AppData\Local\d3d9caps.dat
[2008/11/30 18:23:49 | 000,000,033 | ---- | C] () -- C:\Users\jeremy\.gtk-bookmarks
[2008/11/05 17:24:02 | 000,000,094 | ---- | C] () -- C:\Users\jeremy\AppData\Local\fusioncache.dat
[2008/10/08 16:25:53 | 000,001,064 | ---- | C] () -- C:\Users\jeremy\AppData\Roaming\wklnhst.dat
[2008/09/26 22:33:16 | 001,065,472 | -HS- | C] () -- C:\Users\jeremy\ehthumbs_vista.db
[2008/05/30 15:30:23 | 000,000,374 | ---- | C] () -- C:\Users\jeremy\Documents.lnk
[2008/05/30 14:00:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/16 09:57:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/05/11 00:42:49 | 000,000,668 | ---- | C] () -- C:\Users\jeremy\AppData\Roaming\vso_ts_preview.xml
[2008/05/11 00:36:26 | 000,087,608 | ---- | C] () -- C:\Users\jeremy\AppData\Roaming\inst.exe
[2008/05/11 00:36:26 | 000,007,887 | ---- | C] () -- C:\Users\jeremy\AppData\Roaming\pcouffin.cat
[2008/05/11 00:36:26 | 000,001,144 | ---- | C] () -- C:\Users\jeremy\AppData\Roaming\pcouffin.inf
[2008/05/10 19:10:51 | 000,001,024 | ---- | C] () -- C:\Users\jeremy\.rnd
[2008/04/25 02:39:52 | 001,427,520 | ---- | C] () -- C:\Users\jeremy\Silverlight.exe
[2008/04/25 01:09:27 | 000,065,536 | ---- | C] () -- C:\Users\jeremy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/13 21:11:36 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\.minecraft
[2011/09/12 18:37:09 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\AnvSoft
[2008/07/07 22:38:34 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Blender Foundation
[2013/03/23 19:34:08 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\com.jakks.spynet
[2012/01/08 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\DAEMON Tools
[2012/04/10 12:17:18 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\DAEMON Tools Lite
[2013/02/28 20:13:54 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\DAEMON Tools Pro
[2013/04/25 12:06:26 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Dropbox
[2010/12/04 22:50:05 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\DVDFab
[2009/01/23 12:07:01 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\FALCOM
[2009/03/13 06:30:38 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\fltk.org
[2009/11/26 20:59:37 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\fretsonfire
[2011/07/09 13:39:36 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\FrostWire
[2012/04/12 23:07:16 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\GetRightToGo
[2012/01/08 15:57:57 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Godlike
[2013/03/12 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\gtk-2.0
[2012/04/11 23:48:39 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Hardware Helper
[2011/10/30 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Inkscape
[2013/05/12 00:05:19 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\KVIrc4
[2009/04/12 04:38:13 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Leadertech
[2012/11/24 11:19:01 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Memeo
[2011/12/09 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\MoveFab
[2013/01/28 13:09:13 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\OpenOffice.org
[2011/08/10 22:41:04 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\redsn0w
[2012/11/24 02:16:44 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Seagate
[2012/01/08 15:58:00 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\SuperNZB
[2012/11/24 21:45:46 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\SystemRequirementsLab
[2011/10/18 22:29:43 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Systweak
[2011/08/13 20:27:17 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\TeamViewer
[2008/04/27 01:01:32 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Template
[2012/06/30 09:08:21 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\TomTom
[2013/05/22 14:49:06 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\uTorrent
[2012/04/03 20:22:47 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\Vso
[2012/02/12 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\jeremy\AppData\Roaming\WiiQt
[2012/07/14 11:14:35 | 000,000,000 | ---D | M] -- C:\Users\TYLER\AppData\Roaming\.minecraft

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/03/05 23:11:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/05 23:11:32 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 849 bytes -> C:\Users\jeremy\Desktop\FW Scan from a Xerox WorkCentre.eml:OECustomProperty

< End of report >

Attached Files

OTL.Txt 92.41KB 51 downloads
Extras.Txt 66.14KB 69 downloads

New to OTL. Help with Scan results please. [Closed]

#1
Mirthless79

Posted 23 May 2013 - 08:16 PM

Attached Files

Advertisements

#2
Essexboy

Posted 24 May 2013 - 11:30 AM

#3
Essexboy

Posted 01 June 2013 - 06:06 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

New to OTL. Help with Scan results please. [Closed]

#1 Mirthless79 Posted 23 May 2013 - 08:16 PM

Attached Files

Advertisements

#2 Essexboy Posted 24 May 2013 - 11:30 AM

#3 Essexboy Posted 01 June 2013 - 06:06 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
Mirthless79

Posted 23 May 2013 - 08:16 PM

#2
Essexboy

Posted 24 May 2013 - 11:30 AM

#3
Essexboy

Posted 01 June 2013 - 06:06 AM