Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

help, malware problem again [Solved]

Started by rigs , Aug 11 2013 02:38 PM

This topic is locked

#31
Jasmyne

Posted 23 August 2013 - 11:31 AM

Trusted Helper

Malware Removal
2,010 posts

ok, I had to change directories manually, as administrator. do you need the log? I found a log on the second link provided in the result. here it is....

"Windows Resource Protection found corrupt files and successfully repaired
them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
example C:\Windows\Logs\CBS\CBS.log"

Since it says it was successfully repaired, that is the information I needed to know

Now, I'd like you to check something in the Device Manager to see if it will fix your internet issue.

Click on the Start Orb.
In the Search Box type Device Manager
Open Device Manager
Under Network Adapters click on the one named Realtek
Under the Action click Enable
Let me know if you are still having connection issues.

#32
rigs

Posted 23 August 2013 - 07:24 PM

Member

Topic Starter
Member
331 posts

ok, I tried it and still no internet.......

#33
Jasmyne

Posted 23 August 2013 - 07:27 PM

Trusted Helper

Malware Removal
2,010 posts

That's okay, we still have a lot of other options to try, that was just the easiest to check first. I'll post to my instructor this evening and will post back once the next set of instructions has been approved.

Jasmyne

#34
rigs

Posted 23 August 2013 - 09:13 PM

Member

Topic Starter
Member
331 posts

does this mean that we're done with malware scanning and removal? if so, can I remove all the programs and logs used to clean my pc?

thank you

#35
Jasmyne

Posted 23 August 2013 - 10:48 PM

Trusted Helper

Malware Removal
2,010 posts

No, we aren't quite there yet, we still have a few scans that we will do to make sure all is gone. One of those is an online scan, which is why we troubleshoot the Internet issue first. Once we are completely finished I will post removal instructions for the tools we have used.

#36
Jasmyne

Posted 24 August 2013 - 09:12 AM

Trusted Helper

Malware Removal
2,010 posts

Download Complete Internet Repair to your desktop.

Unzip all the files to their own folder on the desktop
Within the folder double click CIntRep
The program will then run
Select the following items
- Reset Internet Protocol (TCP/IP)
- Repair Winsock (Reset Catalog)
- Renew Internet Connections
- Flush DNS Resolver Cache
- Clear Windows Update History
- Repair Windows / Automatic Updates
- Repair SSL / HTTPS / Cryptography
- Reset Windows Firewall Configuration
Press go
Let me know if it is able to conduct the repair
To Access the log please go to the File Menu, Choose Logging, Then Select Open[ClntRep.log]
Copy/Paste the log in your next post.

#37
rigs

Posted 24 August 2013 - 07:52 PM

Member

Topic Starter
Member
331 posts

ok, I ran CIR and half way thru a window popped with this message, "windows cannot find 'wuaucl' make sure you typed the name correctly and then try again" I clickeed ok and the program kept scanning. here's the log............

./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[24/08/2013 20:11:09] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] TCP/IP interfaces reset successful.
[24/08/2013 20:11:10] TCP/IP v6 interfaces reset successful.
[24/08/2013 20:11:10] You may need to restart your computer for the settings to take effect.
[24/08/2013 20:11:10] Finished resetting the Internet Protocol (TCP/IP).

-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] Successfully reset the Winsock Catalog.
[24/08/2013 20:11:10] Finished repairing Winsock

-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] Successfully released TCP/IP connections.

-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] Successfully renewed TCP/IP adapters.

-----------------------------------------------------------------------------------------
[24/08/2013 20:11:10] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:11:11] Windows Event Log Service Configured.
[24/08/2013 20:11:11] Starting the Windows Event Log Service.....
[24/08/2013 20:11:11] Windows Event Log Service Started Successfully.

-----------------------------------------------------------------------------------------
[24/08/2013 20:11:11] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:11:11] Successfully flushed DNS Resolver Cache.
[24/08/2013 20:11:11] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[24/08/2013 20:11:14] Registration of the DNS resource records has been initiated.
[24/08/2013 20:11:14] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[24/08/2013 20:11:14] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.

-----------------------------------------------------------------------------------------
[24/08/2013 20:11:14] Repairing Windows Update / Automatic Updates, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:11:14] Stopping the BITS Service.....
[24/08/2013 20:11:14] BITS was not started in the first place.
[24/08/2013 20:11:14] Stopping the Automatic Updates (wuauserv) Service.....
[24/08/2013 20:11:14] Automatic Updates (wuauserv) Service Stopped Successfully.
[24/08/2013 20:11:14] Clearing File Stores (Update History).....
[24/08/2013 20:11:15] Clearing [C:\Windows\SoftwareDistribution\Download].....
[24/08/2013 20:11:16] [C:\Windows\SoftwareDistribution\Download] Cleared.
[24/08/2013 20:11:16] Clearing [C:\Windows\SoftwareDistribution\DataStore].....
[24/08/2013 20:11:16] [C:\Windows\SoftwareDistribution\DataStore] Cleared.
[24/08/2013 20:11:16] Clearing [C:\Windows\SysWOW64\CatRoot2].....
[24/08/2013 20:11:16] [C:\Windows\SysWOW64\CatRoot2] Cleared.
[24/08/2013 20:11:16] Setting BITS Security Descriptor.....
[24/08/2013 20:11:16] BITS Security Descriptor Set.
[24/08/2013 20:11:16] Setting Automatic Updates (wuauserv) Service Security Descriptor.....
[24/08/2013 20:11:17] Automatic Updates (wuauserv) Security Descriptor Set.
[24/08/2013 20:11:17] Configuring the Automatic Updates (wuauserv) Service.....
[24/08/2013 20:11:17] Automatic Updates (wuauserv) Service Configured.
[24/08/2013 20:11:17] Configuring BITS.....
[24/08/2013 20:11:17] BITS Configured.
[24/08/2013 20:11:17] Registering WUAU DLLs.....
[24/08/2013 20:11:18] RegSvr32.exe: 'actxprxy.dll' registration succeeded.
[24/08/2013 20:11:18] RegSvr32.exe: 'atl.dll' registration succeeded.
[24/08/2013 20:11:18] RegSvr32.exe: 'browseui.dll' Module loaded but entry-point DllRegisterServer was not found.
[24/08/2013 20:11:18] RegSvr32.exe: 'corpol.dll' Specified module not found
[24/08/2013 20:11:18] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[24/08/2013 20:11:18] RegSvr32.exe: 'dispex.dll' registration succeeded.
[24/08/2013 20:11:18] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[24/08/2013 20:11:18] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[24/08/2013 20:11:18] RegSvr32.exe: 'initpki.dll' Specified module not found
[24/08/2013 20:11:18] RegSvr32.exe: 'jscript.dll' registration succeeded.
[24/08/2013 20:11:18] RegSvr32.exe: 'mshtml.dll' Module loaded but entry-point DllRegisterServer was not found.
[24/08/2013 20:11:18] RegSvr32.exe: 'msscript.ocx' registration succeeded.
[24/08/2013 20:11:18] RegSvr32.exe: 'msxml.dll' Specified module not found
[24/08/2013 20:11:19] RegSvr32.exe: 'msxml2.dll' registration succeeded.
[24/08/2013 20:11:19] RegSvr32.exe: 'msxml3.dll' registration succeeded.
[24/08/2013 20:11:19] RegSvr32.exe: 'msxml4.dll' registration succeeded.
[24/08/2013 20:11:19] RegSvr32.exe: 'msxml6.dll' registration succeeded.
[24/08/2013 20:11:19] RegSvr32.exe: 'muweb.dll' Specified module not found
[24/08/2013 20:11:19] RegSvr32.exe: 'ole.dll' Specified module not found
[24/08/2013 20:11:19] RegSvr32.exe: 'ole32.dll' registration succeeded.
[24/08/2013 20:11:19] RegSvr32.exe: 'oleaut.dll' Specified module not found
[24/08/2013 20:11:20] RegSvr32.exe: 'oleaut32.dll' registration succeeded.
[24/08/2013 20:11:20] RegSvr32.exe: 'qmgr.dll' Specified module not found
[24/08/2013 20:11:20] RegSvr32.exe: 'qmgrprxy.dll' registration succeeded.
[24/08/2013 20:11:20] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[24/08/2013 20:11:20] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[24/08/2013 20:11:20] RegSvr32.exe: 'sccbase.dll' Specified module not found
[24/08/2013 20:11:20] RegSvr32.exe: 'scrobj.dll' registration succeeded.
[24/08/2013 20:11:20] RegSvr32.exe: 'scrrun.dll' registration succeeded.
[24/08/2013 20:11:20] RegSvr32.exe: 'shdocvw.dll' Module loaded but entry-point DllRegisterServer was not found.
[24/08/2013 20:11:20] RegSvr32.exe: 'shell.dll' Specified module not found
[24/08/2013 20:11:20] RegSvr32.exe: 'shell32.dll' registration succeeded.
[24/08/2013 20:11:20] RegSvr32.exe: 'slbcsp.dll' Specified module not found
[24/08/2013 20:11:21] RegSvr32.exe: 'softpub.dll' registration succeeded.
[24/08/2013 20:11:21] RegSvr32.exe: 'urlmon.dll' registration succeeded.
[24/08/2013 20:11:21] RegSvr32.exe: 'vbscript.dll' registration succeeded.
[24/08/2013 20:11:21] RegSvr32.exe: 'winhttp.dll' Module loaded but entry-point DllRegisterServer was not found.
[24/08/2013 20:11:21] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[24/08/2013 20:11:21] RegSvr32.exe: 'wshext.dll' Error number: 0x80070005
[24/08/2013 20:11:21] RegSvr32.exe: 'wuapi.dll' registration succeeded.
[24/08/2013 20:11:21] RegSvr32.exe: 'wuaueng.dll' Specified module not found
[24/08/2013 20:11:21] RegSvr32.exe: 'wuaueng1.dll' Specified module not found
[24/08/2013 20:11:21] RegSvr32.exe: 'wucltui.dll' Specified module not found
[24/08/2013 20:11:21] RegSvr32.exe: 'wucltux.dll' Specified module not found
[24/08/2013 20:11:21] RegSvr32.exe: 'wups.dll' registration succeeded.
[24/08/2013 20:11:21] RegSvr32.exe: 'wups2.dll' Specified module not found
[24/08/2013 20:11:21] RegSvr32.exe: 'wuweb.dll' Specified module not found
[24/08/2013 20:11:21] RegSvr32.exe: 'wuwebv.dll' registration succeeded.
[24/08/2013 20:11:21] WUAU DLLs Reregistered.
[24/08/2013 20:11:21] Resetting proxy settings.....
[24/08/2013 20:11:22] Proxy settings reset successfully.
[24/08/2013 20:11:22] Restarting the Automatic Updates (wuauserv) Service.....
[24/08/2013 20:11:22] Automatic Updates (wuauserv) Service Restarted.
[24/08/2013 20:11:22] Restarting the BITS Service.....
[24/08/2013 20:11:22] BITS Service Restarted.
[24/08/2013 20:11:22] Clearing the BITS queue.....
[24/08/2013 20:11:23] BITS queue cleared.
[24/08/2013 20:11:23] Initiating Windows Updates detection right away.....
[24/08/2013 20:18:05] Finished repairing Windows Update / Automatic Updates.

-----------------------------------------------------------------------------------------
[24/08/2013 20:18:05] Repairing SSL / HTTPS / Cryptography service, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:18:05] Configuring the Cryptographic Service.....
[24/08/2013 20:18:05] Cryptographic Service Configured.
[24/08/2013 20:18:05] Stopping the Cryptographic Service.....
[24/08/2013 20:18:05] Cryptographic service Stopped Successfully.
[24/08/2013 20:18:05] Clearing [C:\Windows\system32\CatRoot].....
[24/08/2013 20:18:05] [C:\Windows\system32\CatRoot] cleared.
[24/08/2013 20:18:05] Re-registering SSL / HTTPS / Cryptography DLLs.....
[24/08/2013 20:18:05] RegSvr32.exe: 'cryptdlg.dll' registration succeeded.
[24/08/2013 20:18:05] RegSvr32.exe: 'cryptext.dll' registration succeeded.
[24/08/2013 20:18:05] RegSvr32.exe: 'cryptui.dll' registration succeeded.
[24/08/2013 20:18:05] RegSvr32.exe: 'dssenh.dll' registration succeeded.
[24/08/2013 20:18:06] RegSvr32.exe: 'gpkcsp.dll' Specified module not found
[24/08/2013 20:18:06] RegSvr32.exe: 'initpki.dll' Specified module not found
[24/08/2013 20:18:06] RegSvr32.exe: 'licdll.dll' Specified module not found
[24/08/2013 20:18:06] RegSvr32.exe: 'mssign32.dll' registration succeeded.
[24/08/2013 20:18:06] RegSvr32.exe: 'mssip32.dll' registration succeeded.
[24/08/2013 20:18:06] RegSvr32.exe: 'regwizc.dll' Specified module not found
[24/08/2013 20:18:06] RegSvr32.exe: 'rsaenh.dll' registration succeeded.
[24/08/2013 20:18:06] RegSvr32.exe: 'scardssp.dll' Specified module not found
[24/08/2013 20:18:06] RegSvr32.exe: 'sccbase.dll' Specified module not found
[24/08/2013 20:18:06] RegSvr32.exe: 'scecli.dll' registration succeeded.
[24/08/2013 20:18:07] RegSvr32.exe: 'slbcsp.dll' Specified module not found
[24/08/2013 20:18:07] RegSvr32.exe: 'softpub.dll' registration succeeded.
[24/08/2013 20:18:07] RegSvr32.exe: 'winhttp.dll' Module loaded but entry-point DllRegisterServer was not found.
[24/08/2013 20:18:07] RegSvr32.exe: 'wintrust.dll' registration succeeded.
[24/08/2013 20:18:07] SSL / HTTPS / Cryptography DLLs re-registered.
[24/08/2013 20:18:07] Restarting the Cryptographic Service.....
[24/08/2013 20:18:07] Cryptographic Service restarted.
[24/08/2013 20:18:07] Finished repairing SSL / HTTPS / Cryptography service.

-----------------------------------------------------------------------------------------
[24/08/2013 20:18:07] Resetting the Windows Firewall configuraton, Please wait.....
-----------------------------------------------------------------------------------------
[24/08/2013 20:18:08] Windows Firewall configuration reset successful.
[24/08/2013 20:18:08] Finished resetting the Windows Firewall configuraton.

-----------------------------------------------------------------------------------------
[24/08/2013 20:18:08] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[24/08/2013 20:19:08] Your computer is restarting now.....

-----------------------------------------------------------------------------------------

#38
Jasmyne

Posted 25 August 2013 - 09:05 AM

Trusted Helper

Malware Removal
2,010 posts

Let's try letting Windows re-install the driver for your network.

Open Device Manager as you did previously.
Under the Network Drivers right-click the Realtek Wireless Driver
Choose Uninstall
Restart your computer and allow windows to find the new driver

Let me know if you are able to connect to the internet now.

#39
rigs

Posted 25 August 2013 - 12:37 PM

Member

Topic Starter
Member
331 posts

yes!! I do have internet, again:)The only realtek was in network adapters. there was no network drive directory. anyway, my internet is back but now L'm afraid to turn my pc off.... :lol:

Edited by rigs, 25 August 2013 - 12:39 PM.

#40
Jasmyne

Posted 25 August 2013 - 12:46 PM

Trusted Helper

Malware Removal
2,010 posts

Yay!! I'll get the next set of scan submitted to my instructor.

#41
Jasmyne

Posted 25 August 2013 - 02:23 PM

Trusted Helper

Malware Removal
2,010 posts

A few more scans to make sure everything is gone.

Step 1 - MalwareBytes Scan

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
Proceed through the setup
- Choose your language
- Accept the License Agreement
- Select Destination Location
- Select Start Menu Folder
- Select Addtional Tasks
- Click Install
- In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
  - Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
  - Keep the check mark beside Update Malwarebytes' Anti-Malware
  - Keep the check mark beside Launch Malwarebytes' Anti-Malware
- Click Finish.
- If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan
Click Scan. The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Step 2 - ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan

Step 3 - OTL Quick Scan

Please re-open OTL by double-clicking on the icon. If your computer is Windows Vista, 7 or 8, please right-click the icon and choose Run as administrator.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan shouldn't take long.
When the scan completes, it will open one notepad file, OTL.Txt. It will be saved in the same location as OTL.
Please copy and paste the contents of this file, and post it in your next reply.

Step 4 - Security Check

Download Security Check from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~

MalwareBytes Log
ESET Online Scan Log
OTL Quick Scan Log
Security Check Log (checkup.txt)
How is your computer running?

#42
rigs

Posted 25 August 2013 - 09:24 PM

Member

Topic Starter
Member
331 posts

ok, as far as I can tell, everything went well. my pc ie running well but it still won't let me install windows security essentials. here are the logs........

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
RIGO :: PC [administrator]

8/25/2013 6:32:32 PM
mbam-log-2013-08-25 (18-32-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267726
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\InstallMate\OptimizerPro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

Files Detected: 6
C:\ProgramData\InstallMate\OptimizerPro\Custom.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Readme.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\Setup.ico (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\TsuDll.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\OptimizerPro\_Setup.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=40496e1766c8d14cbfa9e22b03e00bd9
# engine=14899
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-26 01:56:19
# local_time=2013-08-25 08:56:19 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 31203115 31203115 0 0
# compatibility_mode=5893 16776574 100 94 2953958 129025629 0 0
# scanned=224428
# found=19
# cleaned=19
# scan_time=6970
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js"
sh=5084A35F359B1D9DEE0FC57096A9BA9C91D93FEC ft=1 fh=1ed8da01f41ba63a vn="Win32/UltraReach.AF application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Desktop\u1301.exe"
sh=6E6561D0B229BFB16E8387E29A9CC57FA4B9F6DF ft=1 fh=b419f90fcc1080f7 vn="Win32/InstalleRex.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\Barely_Legal 04_2010_downmagaz.com.pdf.exe"
sh=DF5019B4B4924376CA516089B75F414DD48453DA ft=1 fh=12e7a6e367cdf50a vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\cbsidlm-tr1_12-Ashampoo_WinOptimizer_2013-ORG-75021499.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\cbsidlm-tr1_13-Expstudio_Audio_Editor_Free-ORG-10444774.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\cbsidlm-tr1_13-Free_Audio_Editor_2012-ORG-10809742.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\cbsidlm-tr1_13-Note_Mania_QT-BP-10915148.exe"
sh=713EF952AC6A358C8ABFA39550AA98592EC79D47 ft=1 fh=77e3e4d500a73749 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\cbsidlm-tr1_14-Daum_Potplayer-SEO-75587055.exe"
sh=5BAFD51453714E4815F80C01DA03F9DEF0CDE8C9 ft=1 fh=5b92e1356f69874e vn="Win32/DownloadAdmin.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\cbsidlm-tr1_8-DiskMax-BP2-10912587.exe"
sh=600A0295369F89C300038D770E5E114F2E25A3AF ft=1 fh=df0838ff15738a3a vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\cbsidlm-tr1_9-Tenorshare_Data_Wipe-BP2-75792366.exe"
sh=5705395207194B8B4D912403DCF973CD2A7BA943 ft=1 fh=b1c7696188a5bbce vn="a variant of Win32/OpenInstall application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\desktop_clock-7_installer.exe"
sh=20B9848AF2BC124D2E1ED49642D320F2023DD563 ft=1 fh=5d65bcc7ab8a853b vn="Win32/InstalleRex.I application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\downmagaz.com_Private_216.rar.exe"
sh=46550B96B0D9340209A50A4126D87175891624B3 ft=1 fh=cb630ffd00963ae2 vn="a variant of Win32/InstallCore.BY application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\FlvPlayerSetup.exe"
sh=2FFC325146112B32F49AEBB2E65C6E0A3FA82FB3 ft=1 fh=ab600cfe006fa181 vn="Win32/Adware.RK.AO.Gen application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\FreeEasyAudioRecorder.exe"
sh=3BDE8F7AF57F57BADEF4F34F883F90E88074FA8D ft=1 fh=fe82f9c0f1ea749f vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\GetGoDMSetup.exe"
sh=620C4A7C7CEC2A60301E60DDB1BCEDEC02E7CA09 ft=1 fh=61bbaf39c630a7df vn="a variant of Win32/AirAdInstaller.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\setup(2).exe"
sh=9D6AE551D260944B25DDBA1D117876D343FD4006 ft=1 fh=835a1228a0e47463 vn="a variant of Win32/Bunndle application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\spotflux-latestPC.exe"
sh=79D3773B2E9AD9EC6E2DF7645105F5A254219A69 ft=0 fh=0000000000000000 vn="Win32/UltraReach.AF application (deleted - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\u.zip"
sh=5084A35F359B1D9DEE0FC57096A9BA9C91D93FEC ft=1 fh=1ed8da01f41ba63a vn="Win32/UltraReach.AF application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\RIGO\Downloads\u\u1301.exe"

OTL logfile created on: 8/25/2013 9:03:51 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RIGO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 51.05% Memory free
7.98 Gb Paging File | 6.15 Gb Available in Paging File | 77.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 177.53 Gb Free Space | 62.64% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.15 Gb Free Space | 48.84% Space Free | Partition Type: NTFS
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 7.40 Gb Total Space | 7.35 Gb Free Space | 99.38% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: RIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
PRC - [2013/07/22 10:35:19 | 017,289,640 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe
PRC - [2013/07/04 18:08:31 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/19 16:55:32 | 008,136,504 | ---- | M] (Lamantine Software a.s.) -- C:\Program Files (x86)\Sticky Password\stpass.exe
PRC - [2013/04/16 14:47:42 | 001,799,680 | ---- | M] (xwidget.com) -- C:\Program Files (x86)\XWidget\xwidget.exe
PRC - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/09 14:44:10 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2012/11/09 14:44:10 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2010/10/29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/10 13:35:09 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/07/04 18:08:20 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/11/29 21:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/09 14:44:14 | 000,108,448 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2012/11/09 14:44:14 | 000,071,664 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/11/09 14:44:12 | 000,268,272 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/11/09 14:44:11 | 000,133,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/11/09 14:44:11 | 000,079,856 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2012/11/09 14:44:11 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
MOD - [2009/08/12 12:09:14 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\XWidget\Res\Lib\lib.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 07:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/25 18:45:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/08 15:12:10 | 000,028,160 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe -- (SpotfluxUpdateService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/22 14:51:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/08 05:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/05/28 18:12:28 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013/04/07 12:51:18 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 01:59:16 | 000,694,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/03 09:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/09 19:05:24 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{79381CE2-7FB3-4DA9-A3DC-8EC4450E03CF}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{29CB62DF-BBC4-470B-8CBF-2B9FB07C4EC0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F01B81B9-BD9D-4301-938E-5E8B2B354E2A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\3B4DB950577045D68081C69BD7B8D762: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@stickypassword.com/Sticky Password: C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 14:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 14:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/17 20:55:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E9FD0003BF13CEA4EC7DE7926C3C4D5AE
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\RIGO\AppData\Roaming\Move Networks [2010/01/02 21:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\RIGO\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2013/07/23 22:43:11 | 000,000,000 | ---D | M]

[2009/11/14 15:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Extensions
[2013/08/16 19:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions
[2013/01/22 19:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/08/17 20:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions
[2013/08/17 20:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions
[2013/08/17 20:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions
[2013/08/17 20:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions
[2013/08/16 19:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions
[2013/08/16 19:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/25 19:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions
[2013/04/20 20:37:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/05/03 22:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/07/19 22:24:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2013/07/04 13:23:59 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/07/12 00:13:35 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/13 14:34:13 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/17 20:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions
[2013/01/22 18:55:02 | 000,066,364 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/01/22 18:54:39 | 002,284,120 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 000,087,601 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 000,068,740 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 002,478,880 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 001,414,197 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/07 20:01:50 | 000,109,379 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/27 22:09:46 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,052,187 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/23 21:43:12 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/25 19:59:04 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 12:39:27 | 000,113,140 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 00:00:10 | 000,088,434 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/04/18 22:15:16 | 000,094,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\NoiaButtons@ArisT2_Noia4dev.xpi
[2013/07/04 21:45:56 | 000,152,889 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/04 22:01:12 | 000,004,905 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/22 22:20:36 | 000,353,425 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/05 16:39:24 | 000,240,755 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/04 22:28:33 | 000,004,539 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 13:46:43 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/06/13 22:20:31 | 000,017,757 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/25 22:04:40 | 000,023,087 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
[2013/08/07 20:01:50 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/04 17:38:56 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
[2013/06/11 14:19:15 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/08/07 00:00:10 | 001,449,063 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/17 20:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/15 21:50:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 12:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/04 18:08:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/25 20:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/08/25 20:36:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/25 20:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/08/25 20:36:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2013/08/22 13:13:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Sticker] C:\Program Files (x86)\Sticker\Sticker.exe (trion)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [StickyPassword] C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s.)
O4 - HKCU..\Run: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exe (xwidget.com)
O4 - Startup: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{833B7B77-AE2F-429E-AE62-A586F8191956}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9923BBB-1C84-47A4-9268-68EEA43C0CF1}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files (x86)\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/25 18:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/08/25 18:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/25 18:31:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/25 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/25 18:30:34 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\RIGO\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/22 13:56:02 | 000,760,937 | ---- | C] (Farbar) -- C:\Users\RIGO\Desktop\MiniToolBox.exe
[2013/08/22 13:13:40 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/21 12:42:10 | 000,358,507 | ---- | C] (Farbar) -- C:\Users\RIGO\Desktop\FSS.exe
[2013/08/20 12:37:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/20 12:37:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/20 12:37:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/20 12:30:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/19 12:49:52 | 005,102,975 | R--- | C] (Swearware) -- C:\Users\RIGO\Desktop\ComboFix.exe
[2013/08/19 12:41:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\RIGO\Desktop\aswMBR.exe
[2013/08/17 20:54:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/17 20:42:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/17 20:38:52 | 001,159,319 | ---- | C] (Thisisu) -- C:\Users\RIGO\Desktop\JRT.exe
[2013/08/17 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/08/11 19:24:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/11 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\GomPlayer
[2013/08/11 14:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/08/11 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GRETECH
[2013/08/11 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Media Player Classic
[2013/08/10 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Daum
[2013/08/10 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\OpenOffice
[2013/08/10 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Freemake Music Box
[2013/08/10 18:50:49 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Freemake
[2013/08/10 18:50:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/08/10 18:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/08/10 17:52:49 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
[2013/08/10 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Hanso Recorder
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hanso Recorder
[2013/08/10 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hanso Recorder
[2013/08/09 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\spotflux
[2013/08/09 14:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sanwhole
[2013/08/06 22:18:04 | 000,049,240 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger
[2013/08/05 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GetGo Software
[2013/08/05 16:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetGo Software
[2013/08/01 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\wurst
[2013/07/31 18:10:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\.swt
[2013/07/31 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotflux
[2013/07/31 18:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotflux
[2013/07/31 18:03:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\.spotflux
[2013/07/30 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\emaze
[2013/07/30 14:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\iQNotes
[2013/07/28 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier
[2013/04/12 13:18:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\RIGO\AppData\Roaming\pcouffin.sys
[2012/12/08 20:16:38 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/08/25 20:45:35 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/25 18:56:41 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 18:56:41 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 18:48:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/25 18:31:45 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 18:27:12 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\RIGO\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/25 18:16:28 | 000,891,115 | ---- | M] () -- C:\Users\RIGO\Desktop\SecurityCheck.exe
[2013/08/25 13:15:10 | 000,000,464 | ---- | M] () -- C:\Users\RIGO\Desktop\Local Area Connection - Shortcut.lnk
[2013/08/25 13:13:53 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/24 13:33:56 | 000,457,875 | ---- | M] () -- C:\Users\RIGO\Desktop\cintrep.zip
[2013/08/22 13:13:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/21 19:04:04 | 000,760,937 | ---- | M] (Farbar) -- C:\Users\RIGO\Desktop\MiniToolBox.exe
[2013/08/20 20:07:50 | 000,358,507 | ---- | M] (Farbar) -- C:\Users\RIGO\Desktop\FSS.exe
[2013/08/20 12:36:09 | 000,000,624 | ---- | M] () -- C:\Users\RIGO\Desktop\ComboFix - Shortcut.lnk
[2013/08/20 12:26:26 | 005,102,975 | R--- | M] (Swearware) -- C:\Users\RIGO\Desktop\ComboFix.exe
[2013/08/19 12:43:36 | 000,000,512 | ---- | M] () -- C:\Users\RIGO\Desktop\MBR.dat
[2013/08/18 20:14:54 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\RIGO\Desktop\aswMBR.exe
[2013/08/17 22:59:16 | 000,011,419 | ---- | M] () -- C:\Users\RIGO\Documents\fix.odt
[2013/08/17 20:29:29 | 000,000,163 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/16 13:57:10 | 001,159,319 | ---- | M] (Thisisu) -- C:\Users\RIGO\Desktop\JRT.exe
[2013/08/16 13:56:32 | 000,666,633 | ---- | M] () -- C:\Users\RIGO\Desktop\adwcleaner.exe
[2013/08/13 22:27:18 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/13 22:27:18 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/13 22:27:18 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/13 20:50:24 | 000,012,899 | ---- | M] () -- C:\Users\RIGO\Documents\geeks1.odt
[2013/08/12 22:13:43 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/12 22:13:03 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/10 22:13:07 | 000,443,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/10 18:50:09 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 18:43:02 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | M] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | M] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/09 20:02:26 | 000,001,851 | ---- | M] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/08/09 00:25:54 | 000,000,600 | ---- | M] () -- C:\Users\RIGO\PUTTY.RND
[2013/08/08 00:39:49 | 000,034,134 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2013/08/07 22:26:00 | 000,001,270 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:00 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:09:02 | 000,000,792 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/04 23:00:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Surf Anonymous Free.lnk
[2013/08/03 22:38:47 | 000,014,866 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/30 22:02:22 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2013/08/25 18:36:54 | 000,891,115 | ---- | C] () -- C:\Users\RIGO\Desktop\SecurityCheck.exe
[2013/08/25 18:31:45 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/25 13:15:10 | 000,000,464 | ---- | C] () -- C:\Users\RIGO\Desktop\Local Area Connection - Shortcut.lnk
[2013/08/24 19:57:08 | 000,457,875 | ---- | C] () -- C:\Users\RIGO\Desktop\cintrep.zip
[2013/08/20 12:37:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/20 12:37:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/20 12:37:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/20 12:37:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/20 12:37:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/20 12:36:09 | 000,000,624 | ---- | C] () -- C:\Users\RIGO\Desktop\ComboFix - Shortcut.lnk
[2013/08/19 12:43:36 | 000,000,512 | ---- | C] () -- C:\Users\RIGO\Desktop\MBR.dat
[2013/08/17 22:59:15 | 000,011,419 | ---- | C] () -- C:\Users\RIGO\Documents\fix.odt
[2013/08/17 20:29:18 | 000,000,163 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/17 12:43:04 | 000,666,633 | ---- | C] () -- C:\Users\RIGO\Desktop\adwcleaner.exe
[2013/08/13 20:50:23 | 000,012,899 | ---- | C] () -- C:\Users\RIGO\Documents\geeks1.odt
[2013/08/11 14:54:25 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/10 18:50:09 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | C] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | C] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/07 22:25:55 | 000,001,270 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:00 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:08:58 | 000,000,792 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/03 22:38:45 | 000,014,866 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/31 19:58:36 | 000,001,851 | ---- | C] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/07/30 19:59:01 | 000,001,220 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/07/23 13:21:31 | 000,000,600 | ---- | C] () -- C:\Users\RIGO\PUTTY.RND
[2013/04/12 13:18:48 | 000,007,859 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.cat
[2013/04/12 13:18:48 | 000,001,167 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.inf
[2013/03/17 20:21:01 | 000,034,134 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2013/03/16 22:47:22 | 000,000,000 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\wklnhst.dat
[2012/12/22 14:25:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/03 20:40:58 | 000,000,322 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\burnaware.ini
[2012/12/01 13:47:07 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\91207717.sys
[2012/08/23 19:53:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/07/10 19:38:40 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/06/22 22:10:12 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/28 16:59:14 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/03/02 20:48:53 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/28 17:56:54 | 006,664,208 | ---- | C] () -- C:\Windows\SysWow64\dvdripcore.dll
[2012/01/28 17:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2011/08/22 16:21:58 | 000,011,545 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\UserTile.png
[2011/05/02 14:41:46 | 000,051,802 | ---- | C] () -- C:\Users\RIGO\4e920be4_b4f8_fcc6_4e920be4_b4f8_fcc6.pdf
[2009/12/23 21:25:28 | 000,000,436 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\mainhst.zgh
[2009/11/14 16:22:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/14 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\.dvdcss
[2013/08/09 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\.spotflux
[2013/02/09 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\1-abc
[2011/04/29 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Media
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Team
[2013/05/03 22:12:26 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\7 Sticky Notes
[2011/11/26 23:16:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Abelssoft
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AbleFaxTifView
[2013/04/17 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Actual Tools
[2012/05/05 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnnVideo
[2011/11/26 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnvSoft
[2013/08/21 12:55:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Ashampoo
[2011/10/04 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Atari
[2009/04/27 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Audio Caller ID
[2013/04/13 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Aunsoft
[2012/04/25 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AutoHideIP
[2012/03/18 19:38:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Avanquest
[2013/07/23 13:16:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Awesomium
[2012/05/03 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Big Angry Dog
[2013/03/01 13:49:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BinaryMark
[2013/03/20 22:50:26 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BleachBit
[2010/10/07 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Blueberry
[2012/11/15 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BlueSprig
[2012/09/12 15:23:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Byngo
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
[2009/04/27 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Deluxe
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Pro
[2012/04/02 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Creevity Mp3 Cover Downloader
[2013/06/11 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\CuteReminder
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Lite
[2009/09/04 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Pro
[2012/05/18 22:26:32 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Digiarty
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Diodia
[2013/04/04 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Downloaded Installations
[2011/10/28 23:12:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Dream Aquarium
[2013/08/10 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DVDVideoSoft
[2011/07/10 18:53:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\EurekaLog
[2012/11/01 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Expert PDF Reader
[2010/06/27 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Facebook
[2013/02/15 00:10:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FileOpen
[2012/08/27 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Firetrust
[2013/05/15 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FN Clock
[2013/05/11 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Focus Mp3 Recorder
[2012/11/01 19:57:21 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxit Software
[2010/12/27 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxreal
[2013/04/16 18:50:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Audio Editor
[2013/05/31 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Easy Audio Recorder
[2012/08/13 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2009/04/27 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Sound Recorder
[2010/10/10 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeBurner
[2010/09/30 20:14:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeFLVConverter
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1
[2012/04/10 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gaijin Ent
[2012/06/24 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Get from YouTube
[2013/08/05 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GetGo Software
[2007/01/01 04:10:02 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GlarySoft
[2012/12/01 13:51:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Glarysoft Giveaway
[2012/04/17 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\HamsterSoft
[2011/05/24 14:00:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Image Zone Express
[2012/07/10 19:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Intermedia Software
[2013/03/10 22:48:50 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\IrfanView
[2013/04/27 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\KC Softwares
[2012/09/20 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\KeePass
[2012/11/22 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\kingsoft
[2013/04/09 22:41:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Kristanix Software
[2013/03/12 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Lamantine
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Leadertech
[2012/11/21 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Light Developer
[2012/03/18 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Littlelan
[2010/09/14 13:40:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\LogSys
[2012/04/08 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MAGIX
[2011/09/23 19:58:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Marine Aquarium 3
[2013/04/07 12:50:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MediaFilters
[2011/04/03 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mediAvatar
[2011/08/20 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Modiac
[2012/07/08 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MP3 Editor for Free
[2012/08/12 22:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Mp3tag
[2012/03/02 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mresreg
[2012/08/14 22:15:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MusicBrainz
[2013/07/18 20:19:15 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\NeoDownloader
[2013/02/15 00:10:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Nitro
[2013/06/08 14:22:38 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Nitro PDF
[2012/04/10 14:28:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Oberon Media
[2013/03/11 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\onOne Software
[2013/08/10 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenOffice
[2011/04/28 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenOffice.org
[2013/01/15 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Opera
[2013/04/16 21:11:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Participatory Culture Foundation
[2012/11/18 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Pavtube
[2010/11/26 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PCHC
[2011/08/05 12:48:36 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PearlMountainSoft
[2011/03/17 19:54:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PhotoScape
[2013/05/02 23:08:15 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Pixpedia Publisher
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PlayFirst
[2013/07/19 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PotPlayer64
[2013/07/19 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PotPlayerMini64
[2010/02/17 23:22:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PPStream
[2013/04/18 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Preme for Windows
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Printer Info Cache
[2012/04/17 21:54:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Privacy Guardian
[2012/04/09 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Product_FR
[2010/10/28 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Publish Providers
[2012/08/15 22:10:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart Audio Editor
[2009/12/23 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart PDF Converter Pro
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax Archives
[2011/10/02 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Softland
[2012/10/21 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SoftMaker
[2012/11/01 22:56:38 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SomePDF
[2013/05/31 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sonarca Sound Recorder Free
[2010/10/28 17:25:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sony
[2012/06/26 15:36:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sound Editor Pro
[2012/10/27 23:02:45 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Spotify
[2013/04/23 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\StarBurn
[2012/07/04 16:49:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Steganos
[2013/06/14 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sticker
[2013/02/15 20:17:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SumatraPDF
[2012/04/25 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SurfAnonymousFree
[2013/08/15 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Swifturn Free Audio Editor
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Template
[2013/07/18 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\TheImageCollector
[2010/02/13 22:36:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Thinstall
[2011/11/21 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\URSoft
[2011/04/21 12:26:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\visualsearchpony.com
[2013/04/14 18:49:56 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Vso
[2010/12/08 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\VSRevoGroup
[2011/08/15 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WaveMax Sound Editor
[2009/03/02 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Windows Live Writer
[2012/07/11 20:36:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WindSolutions
[2013/08/01 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\wurst
[2013/07/03 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\XnView
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\ZipGenius
[2013/03/01 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Zoner

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2013/05/19 11:30:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2013/05/19 11:30:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2011/03/23 20:01:12 | 000,000,000 | ---D | M](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š
[2011/03/23 20:01:12 | 000,000,000 | ---D | C](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe.jpg:Roxio EMC Stream

< End of report >

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
KC Softwares KCleaner
Adobe Flash Player 11.8.800.94
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#43
Jasmyne

Posted 25 August 2013 - 09:31 PM

Trusted Helper

Malware Removal
2,010 posts

What error message are you getting when you attempt to install it?

#44
rigs

Posted 26 August 2013 - 01:13 PM

Member

Topic Starter
Member
331 posts

I get the following error code....0x80070643

#45
Jasmyne

Posted 27 August 2013 - 08:08 AM

Trusted Helper

Malware Removal
2,010 posts

One of the most common reasons for that error code when attempting to install MSE is the presence of Microsoft Antimalware. Please check and see if it is present in Programs in the Control Panel. If so, uninstall it and then attempt to reinstall MSE.

There are a few programs that are out of date on your computer that need to be updated:

~Adobe Reader~
Please go here to update Adobe Reader. Be sure to uncheck "Yes, install McAfee Security Scan Plus - optional.

~Mozilla Firefox~
Please go here to update Mozilla Firefox.