Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sweetpacks malware [Closed]

Started by dubrewski , Jun 07 2013 10:16 PM

  • This topic is locked This topic is locked

#1
dubrewski
Posted 07 June 2013 - 10:16 PM

dubrewski

    New Member

  • Member
  • Pip
  • 4 posts
Sorry if this problem has been posted a million times before but I a was hoping for a answer specific to my problem. Today I managed to acquire sweetpacks and sweetpacks updater. I started to try and remove the SweetPacks Updater Service using Revo Uninstaller but stopped when it informed me that there was 54 leftover registry items. It has all the left over items in bold but I do not know enough about the registry to feel confident in removing the items without asking for help. When looking at the items in the Registry they all occur after a the value "WNLT".

Thanks in advanced for any help or advice.

Edited by Dakeyras, 08 June 2013 - 03:08 AM.
Removed double post and changed TT to reflect malware etc.

  • 0

Advertisements

#2
Essexboy
Posted 08 June 2013 - 04:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets have a look see

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
dubrewski
Posted 08 June 2013 - 08:00 PM

dubrewski

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Last night before reading your post I tried following a removal guide using CCleaner and RegSeeker. SweetPacks no longer shows up under installed programs but no matter how many times I try to remove them there is always some registry items associated with SweetPacks or SweetIM. Also when I open a new tab in firefox it goes to the SweetPacks search page.

I downloaded and ran OTL but it only created the OTL.Txt file when it was done.



OTL logfile created on: 6/8/2013 5:56:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Default Users\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 325.04 Mb Available Physical Memory | 64.70% Memory free
1.20 Gb Paging File | 0.81 Gb Available in Paging File | 67.72% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 4.41 Gb Free Space | 6.34% Space Free | Partition Type: NTFS

Computer Name: E457FDF720CE414 | User Name: Default Users | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/08 17:46:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default Users\My Documents\Downloads\OTL.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/10/21 20:12:48 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2004/02/20 15:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/11/07 17:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/02/26 11:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/08 12:22:48 | 002,087,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13060801\algo.dll
MOD - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/03 08:28:36 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/13 17:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/24 21:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/17 18:44:10 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2004/11/02 16:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 10:35:34 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2004/06/16 04:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 13:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/03/08 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\NavNT\NAVAPEL.SYS -- (NAVAPEL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\NavNT\NAVAP.sys -- (NAVAP)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/07 14:12:05 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/05/09 01:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 01:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 01:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/18 11:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/18 11:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2006/11/28 16:40:02 | 000,002,397 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/11/03 19:15:00 | 002,301,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/10/29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/10/15 12:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/08 12:37:10 | 000,161,024 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/09/08 12:36:54 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/08 12:36:20 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/21 13:46:50 | 000,065,024 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2003/09/29 13:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 17:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 20:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...5-000E35E275CD}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...5-000E35E275CD}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...EIE8HP&PC=DI215
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32 File not found
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{882CA552-FBDF-4774-B8C8-A1C9475833E8}: "URL" = http://results.myway...r={searchTerms}
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{D215C591-6795-4BD4-96C9-77E4FF4A6A60}: "URL" = http://websearch.ask...B2-C06C7F1733AF
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://start.sweetpa...0E35E275CD}&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Default Users\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/21 17:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/21 17:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/02 22:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/03/21 17:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Default Users\Application Data\Mozilla\Extensions
[2013/06/08 00:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Default Users\Application Data\Mozilla\Firefox\Profiles\n3n7ppy5.default\extensions
[2013/06/07 14:54:10 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\Default Users\Application Data\Mozilla\Firefox\Profiles\n3n7ppy5.default\searchplugins\sweetim.xml
[2013/05/17 18:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 18:44:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/04/16 20:51:02 | 000,436,218 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15016 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {EEE6C35C-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - !{E30A55B9-F1B7-43a4-B3F6-EC90CDC4FE60} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (Reg Error: Value error.) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash...geUploader5.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BBB4E93-67AF-4161-8D1A-BADDE665C457}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A1BE9E7-E6C8-4B62-A3BC-3EF06FDD6002}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Default Users\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Default Users\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/20 18:21:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c6845d98-ce20-11e2-95ab-000e35e275cd}\Shell - "" = AutoRun
O33 - MountPoints2\{c6845d98-ce20-11e2-95ab-000e35e275cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6845d98-ce20-11e2-95ab-000e35e275cd}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/06/08 17:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\My Documents\New Unity Project
[2013/06/08 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\Application Data\Unity
[2013/06/08 16:02:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/08 15:21:46 | 000,000,000 | ---D | C] -- C:\98ce4793de9b974b5c
[2013/06/08 14:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Unity
[2013/06/08 01:49:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Default Users\Recent
[2013/06/07 19:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2013/06/07 18:49:52 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2013/06/07 18:48:13 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2013/06/07 18:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2013/06/07 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008
[2013/06/07 18:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/06/07 18:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Sync Framework
[2013/06/07 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/06/07 18:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/06/07 18:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/06/07 17:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2013/06/07 17:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2013/06/07 17:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2013/06/07 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2013/06/07 17:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\My Documents\Visual Studio 2008
[2013/06/07 17:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\My Documents\Visual Studio 2010
[2013/06/07 16:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2013/06/07 16:50:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2013/06/07 16:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2013/06/07 16:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2013/06/07 16:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2013/06/07 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2013/06/07 16:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2010
[2013/06/07 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013/06/07 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2013/06/07 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2013/06/07 14:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013/06/07 14:28:32 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/06/07 14:28:32 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/06/07 14:28:32 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/06/07 14:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\jmdp
[2013/06/07 14:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC
[2013/06/07 14:28:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/06/07 14:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2013/06/07 14:12:02 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/07 14:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\Application Data\DAEMON Tools Lite
[2013/06/07 14:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013/06/07 14:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/06/07 01:11:56 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013/06/06 03:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\Local Settings\Application Data\Unity
[2013/06/06 02:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Unity Projects
[2013/06/06 02:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unity
[2013/06/06 02:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2013/06/04 00:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/05/19 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/05/17 18:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/15 03:23:45 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2013/05/15 03:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2013/05/15 03:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2013/05/15 03:22:16 | 000,068,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/08 18:13:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/08 18:03:44 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE815815-3367-41E1-A775-A15093CB85A5}.job
[2013/06/08 16:28:08 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/08 16:18:30 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/08 16:18:08 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/08 16:14:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/08 16:13:19 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/08 16:13:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/08 16:12:57 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 14:14:41 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/07 18:49:54 | 000,591,210 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/07 18:49:54 | 000,119,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/07 16:01:27 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2013/06/07 15:33:14 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/07 14:12:05 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/07 01:12:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013/06/07 01:12:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/06/02 22:22:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/30 17:54:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/05/27 13:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/27 01:55:06 | 000,027,136 | ---- | M] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/05/20 02:12:58 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/20 02:12:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/15 21:40:41 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/08 14:04:36 | 000,531,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1100763268-3368181488-3496135395-1006-0.dat
[2013/06/08 14:04:14 | 000,350,950 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/08 02:26:43 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/08 01:24:02 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/07 16:01:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2013/06/07 14:28:31 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/06/07 01:12:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013/06/07 01:12:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/06/03 01:17:53 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/04/17 20:06:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/15 22:52:41 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/15 22:52:39 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/13 00:42:38 | 000,549,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/25 04:08:37 | 000,276,315 | ---- | C] () -- C:\Documents and Settings\Default Users\Super Mario World.zst
[2013/03/14 03:10:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2013/02/12 19:04:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/06 13:22:39 | 000,000,143 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/11/07 15:14:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/07 15:08:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/09/30 19:12:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Default Users\webct_upload_applet.properties
[2007/09/05 13:49:04 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Default Users\Application Data\$_hpcst$.hpc
[2006/11/22 15:38:22 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 13:29:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/11/20 19:25:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 15:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/17 14:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/04/10 16:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2E196
[2011/04/09 23:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\332DE
[2013/04/15 22:46:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2006/11/28 16:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2011/12/31 13:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2012/11/26 11:12:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/07 15:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/02/20 13:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2013/06/07 17:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2013/06/04 00:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/06/07 19:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2013/04/15 20:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/26 11:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/06/08 17:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Unity
[2011/08/07 13:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/01 00:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/21 14:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/23 18:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/11/26 11:12:58 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/04/22 21:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\ActiveState
[2013/06/07 19:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\BitTorrent
[2011/04/10 12:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\bsbandmltbpi
[2011/12/31 13:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\BSD
[2013/06/07 19:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\DAEMON Tools Lite
[2011/08/08 18:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\e-academy Inc
[2008/03/02 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\InterVideo
[2009/06/25 13:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\Leadertech
[2012/11/26 11:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\OpenCandy
[2013/04/12 18:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\OpenOffice.org
[2013/03/21 18:27:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default Users\Application Data\RPPrivate
[2006/11/30 11:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\Snapfish
[2013/04/15 21:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\Strongvault
[2010/10/22 14:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\SupportSoft
[2012/11/26 11:14:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\TuneUp Software
[2013/06/08 17:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\Unity
[2008/02/12 01:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\Viewpoint
[2009/06/23 16:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\Windows Desktop Search
[2009/06/26 11:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\Windows Search
[2012/11/26 11:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 17:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 17:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 17:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 06:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 17:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 17:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 10:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 17:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 17:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 17:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 17:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 17:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 17:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 17:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 17:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 09:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 06:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 17:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 17:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 17:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 17:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 17:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 17:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 22:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 17:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 17:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 17:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 17:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 17:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 16:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 17:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 17:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 17:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 17:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 17:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 17:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 17:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 23:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 05:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 03:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EX_ >
[2004/08/04 05:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 17:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.JSM >
[2013/03/20 17:35:56 | 000,003,775 | ---- | M] () MD5=FC2E198F4CBAD1A8F5D2068A757D5637 -- C:\Program Files\ActiveState Komodo Edit 8\lib\mozilla\modules\Services.jsm

< MD5 for: SERVICES.LNK >
[2013/04/16 01:35:08 | 000,001,602 | ---- | M] () MD5=A79C23664C21703BC7968653CC15E93B -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/04 05:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.RDB >
[2012/08/13 10:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 10:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 15:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/13 16:01:19 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=EA16F83B5E4964C100F6098CE9874927 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 104C-A229
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/15/2013 07:05 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/15/2013 07:05 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
05/15/2013 06:51 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
03/27/2013 04:32 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\WcfSvcHost
06/07/2013 05:20 PM <JUNCTION> v4.0_10.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
5 Dir(s) 4,686,577,664 bytes free

< End of report >
  • 0

#4
Essexboy
Posted 09 June 2013 - 03:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this can you let me know if it is gone

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...5-000E35E275CD}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...5-000E35E275CD}
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32 File not found
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{882CA552-FBDF-4774-B8C8-A1C9475833E8}: "URL" = http://results.myway...r={searchTerms}
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{D215C591-6795-4BD4-96C9-77E4FF4A6A60}: "URL" = http://websearch.ask...B2-C06C7F1733AF
FF - prefs.js..keyword.URL: "http://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10043&barid={174DBD2B-CFB9-11E2-95B5-000E35E275CD}&q="
[2013/06/07 14:54:10 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\Default Users\Application Data\Mozilla\Firefox\Profiles\n3n7ppy5.default\searchplugins\sweetim.xml
O2 - BHO: (no name) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {EEE6C35C-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - !{E30A55B9-F1B7-43a4-B3F6-EC90CDC4FE60} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {F25D0054-4CA2-49D5-A8B0-D79B7829D14E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\Toolbar\WebBrowser: (Reg Error: Value error.) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [] File not found
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash...geUploader5.cab (Reg Error: Key error.)
[2013/06/07 19:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2011/04/10 16:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2E196
[2011/04/09 23:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\332DE
[2013/06/07 19:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2012/11/26 11:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default Users\Application Data\OpenCandy

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN


Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#5
dubrewski
Posted 10 June 2013 - 03:36 PM

dubrewski

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ran the script and everything else you posted. Firefox is back to acting normal but when I run RegSeeker there is still a few registry values for SweetPacks and SweetIM that show up.

Here are the two logs, OTL is first:


OTL logfile created on: 6/9/2013 1:27:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Default Users\Desktop\stuff\comp tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.42 Mb Total Physical Memory | 110.60 Mb Available Physical Memory | 22.01% Memory free
1.20 Gb Paging File | 0.89 Gb Available in Paging File | 74.03% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 3.08 Gb Free Space | 4.42% Space Free | Partition Type: NTFS

Computer Name: E457FDF720CE414 | User Name: Default Users | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/08 17:46:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Default Users\Desktop\stuff\comp tools\OTL.exe
PRC - [2013/05/09 01:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/10/21 20:12:48 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2004/02/20 15:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2003/11/07 17:21:28 | 000,114,688 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2003/02/26 11:08:42 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/08 12:22:48 | 002,087,936 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13060801\algo.dll
MOD - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/03/24 21:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/17 18:44:10 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2004/11/02 16:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/10/25 10:35:34 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/10/25 10:35:32 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/10/25 10:35:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/10/25 10:35:30 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP)
SRV - [2004/06/22 12:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2004/06/16 04:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2004/06/16 04:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 13:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)
SRV - [2003/03/08 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\NavNT\NAVAPEL.SYS -- (NAVAPEL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\NavNT\NAVAP.sys -- (NAVAP)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/06/07 14:12:05 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2013/05/09 01:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 01:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 01:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/05/09 01:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/08/18 11:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/18 11:59:24 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2006/11/28 16:40:02 | 000,002,397 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/11/03 19:15:00 | 002,301,568 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2004/10/29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004/10/15 12:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/08 12:37:10 | 000,161,024 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2004/09/08 12:36:54 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/09/08 12:36:20 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/21 13:46:50 | 000,065,024 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2003/09/29 13:31:38 | 000,094,601 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 17:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 20:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...EIE8HP&PC=DI215
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Default Users\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/21 17:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/21 17:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/02 22:22:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/03/21 17:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Default Users\Application Data\Mozilla\Extensions
[2013/06/08 00:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Default Users\Application Data\Mozilla\Firefox\Profiles\n3n7ppy5.default\extensions
[2013/05/17 18:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 18:44:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2013/06/09 13:14:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1100763268-3368181488-3496135395-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BBB4E93-67AF-4161-8D1A-BADDE665C457}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A1BE9E7-E6C8-4B62-A3BC-3EF06FDD6002}: DhcpNameServer = 192.168.0.1 205.171.2.25
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Default Users\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Default Users\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/11/20 18:21:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{c6845d98-ce20-11e2-95ab-000e35e275cd}\Shell - "" = AutoRun
O33 - MountPoints2\{c6845d98-ce20-11e2-95ab-000e35e275cd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6845d98-ce20-11e2-95ab-000e35e275cd}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/09 13:14:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/09 03:37:36 | 000,000,000 | ---D | C] -- C:\8460a5083cca600fabc3b44b0d
[2013/06/09 00:39:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Default Users\Recent
[2013/06/08 17:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\My Documents\New Unity Project
[2013/06/08 17:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\Application Data\Unity
[2013/06/08 16:02:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/08 15:21:46 | 000,000,000 | ---D | C] -- C:\98ce4793de9b974b5c
[2013/06/08 14:31:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Unity
[2013/06/07 18:49:52 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2013/06/07 18:48:13 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2013/06/07 18:43:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RsFx
[2013/06/07 18:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SQL Server 2008
[2013/06/07 18:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/06/07 18:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Sync Framework
[2013/06/07 18:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/06/07 18:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/06/07 18:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/06/07 17:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2013/06/07 17:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2013/06/07 17:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ASP.NET
[2013/06/07 17:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2013/06/07 17:27:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\My Documents\Visual Studio 2008
[2013/06/07 17:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\My Documents\Visual Studio 2010
[2013/06/07 16:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2013/06/07 16:50:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols
[2013/06/07 16:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft F#
[2013/06/07 16:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\HTML Help Workshop
[2013/06/07 16:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2013/06/07 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2013/06/07 16:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2010
[2013/06/07 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013/06/07 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2013/06/07 16:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2013/06/07 14:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2013/06/07 14:28:32 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/06/07 14:28:32 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/06/07 14:28:32 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/06/07 14:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\jmdp
[2013/06/07 14:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC
[2013/06/07 14:28:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/06/07 14:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2013/06/07 14:12:02 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/07 14:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\Application Data\DAEMON Tools Lite
[2013/06/07 14:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2013/06/07 14:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/06/07 01:11:56 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013/06/06 03:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Default Users\Local Settings\Application Data\Unity
[2013/06/06 02:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Unity Projects
[2013/06/06 02:56:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Unity
[2013/06/06 02:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Unity
[2013/06/04 00:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/05/19 17:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/05/17 18:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/15 03:23:45 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2013/05/15 03:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Xbox 360 Accessories
[2013/05/15 03:22:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories
[2013/05/15 03:22:16 | 000,068,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll

========== Files - Modified Within 30 Days ==========

[2013/06/09 13:39:20 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AE815815-3367-41E1-A775-A15093CB85A5}.job
[2013/06/09 13:21:01 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/09 13:20:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/09 13:20:50 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/09 13:20:49 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/06/09 13:19:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/09 13:18:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/09 13:18:45 | 526,897,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/09 13:14:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/06/09 13:10:00 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\Default Users\Desktop\adwcleaner.exe
[2013/06/09 10:13:26 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/09 01:45:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/07 18:49:54 | 000,591,210 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/06/07 18:49:54 | 000,119,712 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/06/07 16:01:27 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2013/06/07 15:33:14 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/07 14:12:05 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2013/06/07 01:12:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013/06/07 01:12:25 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/06/02 22:22:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/05/30 17:54:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/05/27 13:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/27 01:55:06 | 000,027,136 | ---- | M] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/05/20 02:12:58 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/20 02:12:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/15 21:40:41 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/09 13:09:34 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\Default Users\Desktop\adwcleaner.exe
[2013/06/08 14:04:36 | 000,531,760 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1100763268-3368181488-3496135395-1006-0.dat
[2013/06/08 14:04:14 | 000,350,950 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/08 02:26:43 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/06/08 01:24:02 | 526,897,152 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/07 16:01:27 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2013/06/07 14:28:31 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\ImHttpComm.dll
[2013/06/07 01:12:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01007.Wdf
[2013/06/07 01:12:25 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/06/03 01:17:53 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1100763268-3368181488-3496135395-1006.job
[2013/04/17 20:06:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/15 22:52:41 | 000,174,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/04/15 22:52:39 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/04/13 00:42:38 | 000,549,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/25 04:08:37 | 000,276,315 | ---- | C] () -- C:\Documents and Settings\Default Users\Super Mario World.zst
[2013/03/14 03:10:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2013/02/12 19:04:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/06 13:22:39 | 000,000,143 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/11/07 15:14:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/11/07 15:08:26 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/09/30 19:12:18 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Default Users\webct_upload_applet.properties
[2007/09/05 13:49:04 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Default Users\Application Data\$_hpcst$.hpc
[2006/11/22 15:38:22 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 13:29:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Default Users\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/11/20 19:25:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 15:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


Here is the second log:



All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\SearchScopes\{882CA552-FBDF-4774-B8C8-A1C9475833E8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882CA552-FBDF-4774-B8C8-A1C9475833E8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\SearchScopes\{D215C591-6795-4BD4-96C9-77E4FF4A6A60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D215C591-6795-4BD4-96C9-77E4FF4A6A60}\ not found.
Prefs.js: "http://start.sweetpa...0E35E275CD}&q=" removed from keyword.URL
C:\Documents and Settings\Default Users\Application Data\Mozilla\Firefox\Profiles\n3n7ppy5.default\searchplugins\sweetim.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{E30A55B9-F1B7-43a4-B3F6-EC90CDC4FE60} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F25D0054-4CA2-49D5-A8B0-D79B7829D14E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F25D0054-4CA2-49D5-A8B0-D79B7829D14E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1100763268-3368181488-3496135395-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}\ not found.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SweetIM folder moved successfully.
C:\Documents and Settings\All Users\Application Data\2E196 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\332DE folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\SweetIM\ not found.
C:\Documents and Settings\Default Users\Application Data\OpenCandy\0CBD758682F044CC92ED634BB3D2C89E folder moved successfully.
C:\Documents and Settings\Default Users\Application Data\OpenCandy folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 21624 bytes
->Temporary Internet Files folder emptied: 130045 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default Users
->Temp folder emptied: 103401683 bytes
->Temporary Internet Files folder emptied: 6230132 bytes
->Java cache emptied: 81916691 bytes
->FireFox cache emptied: 23092411 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 12108154 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 115458 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1708244 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132311384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 245433574 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 390 bytes

Total Files Cleaned = 579.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06092013_131411

Files\Folders moved on Reboot...
C:\WINDOWS\temp\_avast_\Webshlock.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
Essexboy
Posted 11 June 2013 - 06:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
AdwCleaner should remove the last of those, could you post the log that it produced
  • 0

#7
Essexboy
Posted 18 June 2013 - 07:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP