Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

worried about computer being hacked [Closed]

Started by janji , Aug 21 2013 10:31 AM

  • This topic is locked This topic is locked

#1
janji
Posted 21 August 2013 - 10:31 AM

janji

    Member

  • Member
  • PipPipPip
  • 210 posts
hi,i've came here about 2 years ago with the same problem and it helped,looks tho my thread has been erased.
my problem is that my ex boyfriend has in all likelihood hacked my computer,he's an IT guy and specializes
in connecting computer systems etc.
the reasons why i think he's at it again is that he comes online exactly when i start of my computer and my internet has been cut off several times now where i never had a problem at all before.
he has also hacked my youtube channel again ,which i know for sure.
previously you advised me to install keyscrambler,which i did but it's not compatible with my browser anymore.
could you also advise me how to prevent this from happening again,i'm using avast and update my programmes with secunia,as you recommended.
appreciate your help very much.
i tried all three OTL,it starts off alright and then stalls when it comes to scanning firefox webbrowser.

ps,i just realized i used a different e mail address last time

Edited by janji, 21 August 2013 - 10:34 AM.

  • 0

Advertisements

#2
janji
Posted 22 August 2013 - 02:02 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
i managed to get the otl scan to run,here it is :

OTL logfile created on: 22-Aug-13 9:09:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.50 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 65.38% Memory free
6.99 Gb Paging File | 5.61 Gb Available in Paging File | 80.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.34 Gb Total Space | 10.01 Gb Free Space | 13.11% Space Free | Partition Type: NTFS
Drive G: | 221.75 Gb Total Space | 221.33 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-08-21 17:54:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013-08-16 22:53:18 | 005,703,920 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013-08-16 10:18:51 | 000,301,120 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013-06-23 21:56:55 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013-06-14 10:03:16 | 001,515,328 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2013-06-05 19:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-25 16:54:10 | 000,335,168 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2013-04-23 06:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013-04-18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013-04-16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013-01-11 07:31:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-10-31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011-12-25 17:31:18 | 007,311,360 | ---- | M] (Fabio Martin) -- C:\Program Files\7 Sticky Notes\7StickyNotes.exe
PRC - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011-10-14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2011-06-05 20:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-09-19 19:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-09-19 19:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-01-26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013-03-13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-01-15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013-01-15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013-01-15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013-01-15 18:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2012-11-14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012-11-13 22:53:04 | 000,121,472 | ---- | M] () -- C:\Program Files\Razer\Razer Game Booster\GBV3ContextMenu.dll
MOD - [2011-08-16 00:13:26 | 000,802,816 | ---- | M] () -- C:\Windows\System32\EditCtlsU.ocx
MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007-09-21 03:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2013-08-16 10:18:51 | 000,301,120 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013-08-14 19:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-07-13 00:34:05 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-07-11 09:03:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-25 16:54:10 | 000,335,168 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013-04-16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012-11-24 22:49:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-09-20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2010-09-19 19:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-03-16 06:12:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013-05-22 18:49:34 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013-04-03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-04-03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013-03-26 19:34:32 | 000,020,944 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2013-03-26 19:34:30 | 000,031,752 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys -- (RegFilter)
DRV - [2013-03-23 15:49:18 | 000,021,480 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2012-11-15 03:36:52 | 000,035,592 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2012-11-13 22:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012-10-31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-10-31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-10-31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-10-31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-10-31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-10-24 00:39:46 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012-10-24 00:39:46 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-10-15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012-07-20 12:12:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012-07-20 12:11:58 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012-06-20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011-12-15 02:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-03-07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2010-11-20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010-09-19 20:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010-09-19 20:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-09-19 19:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-09-01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010-07-27 15:27:41 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...8&ts=1376859099
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/...8&ts=1376859099
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.c...8&ts=1376859100
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.c...8&ts=1376859100
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...8&ts=1376859100
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/...8&ts=1376859099
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/...8&ts=1376859099
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...8&ts=1376859100
IE - HKCU\..\SearchScopes\{68886DAE-B805-43CE-BC84-321244275702}: "URL" = http://de.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT2653012.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "qvo6"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "qvo6"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.qvo6.com/...&ts=1376859099"
FF - prefs.js..extensions.enabledAddons: betterfacebook%40mattkruse.com:6.603
FF - prefs.js..extensions.enabledAddons: My-Translator%40eugenche.com:0.3
FF - prefs.js..extensions.enabledAddons: restart%40restart.org:0.5
FF - prefs.js..extensions.enabledAddons: simpletimer%40grbradt.org:1.13
FF - prefs.js..extensions.enabledAddons: xpirftoolbar%40roboform.com:3.1.0
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: iobitapps%40mybrowserbar.com:7.2
FF - prefs.js..extensions.enabledAddons: 4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6%4036857116-74e0-4973-936f-860cd2a102a9.com:0.91.10
FF - prefs.js..extensions.enabledAddons: plugin%40getwebcake.com:1.00.01
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: gmailwatcher%40sonthakit:1.61
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.1
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.4
FF - prefs.js..extensions.enabledAddons: %7B15a7ef52-8a77-426e-9e17-e21af257d7c8%7D:1.8.3
FF - prefs.js..extensions.enabledAddons: %7Bc95a4e8e-816d-4655-8c79-d736da1adb6d%7D:10.16.4.519
FF - prefs.js..extensions.enabledAddons: %7BEE223D7A-F30F-11DD-8F0A-D2AD55D89593%7D:1.1.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "http://de.search.yah...type=198484&p="
FF - prefs.js..network.proxy.http: "50.57.85.7"
FF - prefs.js..network.proxy.http_port: 3128


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-06-23 21:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25 02:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-20 02:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-06-23 21:58:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2013-06-23 21:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2013-08-08 14:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.3\extensions\\Components: C:\Program Files\Pale Moon\components [2013-08-13 14:47:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.3\extensions\\Plugins: C:\Program Files\Pale Moon\plugins [2013-08-08 14:58:21 | 000,000,000 | ---D | M]

[2010-07-27 15:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013-08-18 22:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions
[2012-08-29 17:35:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2013-08-18 22:50:06 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013-07-02 01:02:57 | 000,000,000 | ---D | M] ("Plus-HD-2.2") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
[2013-07-10 15:09:49 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-28 02:45:39 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2012-08-05 10:39:52 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2011-12-13 13:32:18 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-02 01:03:40 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-02 01:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode
[2013-08-18 22:50:08 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-05-31 02:26:30 | 000,138,110 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-05 21:11:50 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:03:39 | 000,230,040 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,226,606 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-05 21:11:50 | 000,308,849 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-16 16:26:03 | 000,032,637 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:38:16 | 000,156,725 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-15 19:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:38:16 | 000,702,918 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:06 | 000,266,336 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi
[2012-05-29 16:10:02 | 000,035,719 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2013-08-18 22:50:06 | 000,074,959 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
[2013-06-14 22:21:43 | 000,000,910 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\yahoo.xml
[2013-08-22 21:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-08-22 21:07:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-07-03 22:02:57 | 000,000,000 | ---D | M] (IObit Apps Toolbar) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.qvo6.com/...8&ts=1376859099
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\crossrider
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0\crossrider
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.57_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Google Wallet Service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\

O1 HOSTS File: ([2013-08-08 15:11:29 | 000,449,839 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Plus-HD-2.2) - {11111111-1111-1111-1111-110311301136} - C:\Program Files\Plus-HD-2.2\Plus-HD-2.2-bho.dll (Plus HD)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Users\User\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - No CLSID value found.
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk = C:\Program Files\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Users\User\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34409987-9796-4508-BBF4-9B47970A5F1F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-08-22 21:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-08-22 15:39:45 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013-08-22 15:39:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2013-08-22 15:39:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2013-08-22 15:39:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2013-08-22 15:24:13 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2013-08-22 15:23:59 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2013-08-22 15:22:31 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2013-08-22 15:22:30 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2013-08-22 15:22:28 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2013-08-22 15:22:28 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2013-08-22 15:07:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013-08-22 00:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013-08-21 18:23:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com
[2013-08-21 17:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013-08-18 22:52:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013-08-18 22:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013-08-18 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DSite
[2013-08-18 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\eIntaller
[2013-08-15 13:02:21 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\canon,instruct
[2013-08-05 19:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-08-22 21:24:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-08-22 21:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-08-22 21:15:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA.job
[2013-08-22 21:07:53 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-08-22 21:00:42 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-08-22 21:00:42 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-08-22 20:52:24 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-08-22 20:52:21 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job
[2013-08-22 20:52:20 | 000,001,880 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-chromeinstaller.job
[2013-08-22 20:52:08 | 000,001,804 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013-08-22 20:52:07 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job
[2013-08-22 20:52:07 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job
[2013-08-22 20:52:06 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2013-08-22 20:51:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-08-22 20:51:36 | 2814,558,208 | -HS- | M] () -- C:\hiberfil.sys
[2013-08-22 16:51:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013-08-22 15:59:36 | 012,252,672 | ---- | M] () -- C:\Users\User\Desktop\ShockwavePlayer_12.0.3.133_SPS.exe
[2013-08-22 15:45:41 | 000,694,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013-08-22 15:45:41 | 000,147,802 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013-08-22 15:45:40 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-08-22 15:45:40 | 000,383,076 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013-08-22 15:45:40 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-08-22 15:45:40 | 000,119,074 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013-08-22 15:34:28 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat
[2013-08-22 15:34:28 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat
[2013-08-22 15:15:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core.job
[2013-08-22 14:32:36 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-08-22 00:29:17 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013-08-21 19:43:43 | 000,154,624 | -H-- | M] () -- C:\Users\User\Desktop\photothumb.db
[2013-08-21 18:22:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.com
[2013-08-21 17:54:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013-08-21 01:06:59 | 000,063,863 | ---- | M] () -- C:\Users\User\Desktop\Favim.com-34179.jpg
[2013-08-20 22:17:26 | 025,942,693 | ---- | M] () -- C:\Users\User\Desktop\Metallica - Enter Sandman [Official Music Video].mp4
[2013-08-20 12:54:23 | 000,000,005 | ---- | M] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-08-20 00:48:45 | 000,006,711 | ---- | M] () -- C:\Users\User\Desktop\China_Super_Black_Polished_porcelain_Tile_60_60cm20128171123561.jpg
[2013-08-20 00:31:34 | 000,081,951 | ---- | M] () -- C:\Users\User\Desktop\in_the_darkest_night_by_secretumbox-d67kjwh.jpg
[2013-08-19 20:12:53 | 000,163,131 | ---- | M] () -- C:\Users\User\Desktop\pool-of-tears.jpg
[2013-08-19 19:03:58 | 000,153,562 | ---- | M] () -- C:\Users\User\Desktop\pastafarian-280x165.jpg
[2013-08-19 19:00:37 | 000,015,576 | ---- | M] () -- C:\Users\User\Desktop\9414_-_Grande_mostro_di_spaghetti_volanti_al_Presidio_anticlericale,_Milano,_2_June_2012_-_Foto_di_Giovanni_Dall'Orto.jpg
[2013-08-18 23:52:21 | 000,000,057 | ---- | M] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-08-18 22:51:43 | 000,002,419 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013-08-18 22:51:43 | 000,002,049 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk
[2013-08-18 22:51:43 | 000,001,601 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-08-17 21:00:35 | 000,040,765 | ---- | M] () -- C:\Users\User\Desktop\quotes-a-true-friend_11527-0.png
[2013-08-17 20:24:30 | 000,032,305 | ---- | M] () -- C:\Users\User\Desktop\tony.jpg
[2013-08-17 13:05:02 | 000,097,521 | ---- | M] () -- C:\Users\User\Desktop\hitch.jpg
[2013-08-17 13:03:47 | 000,063,700 | ---- | M] () -- C:\Users\User\Desktop\324-Mother-Teresa-was-a-fanatic-and-a-fraud-christopher-hitchens-fanaticism-fundamentalists-quotes-suffering.jpg
[2013-08-17 01:18:21 | 000,234,587 | ---- | M] () -- C:\Users\User\Desktop\CarolBlue-ChristopherHitchens.jpg
[2013-08-15 22:11:42 | 000,001,438 | ---- | M] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2013-08-12 21:09:08 | 000,028,366 | ---- | M] () -- C:\Users\User\Desktop\drunk cat.jpg
[2013-08-12 20:34:02 | 000,031,501 | ---- | M] () -- C:\Users\User\Desktop\life of po.jpg
[2013-08-11 00:59:00 | 000,042,430 | ---- | M] () -- C:\Users\User\Desktop\hitch malaysia.jpg
[2013-08-09 22:27:43 | 000,014,163 | ---- | M] () -- C:\Users\User\Desktop\mariogod.jpg
[2013-08-09 21:27:48 | 000,032,798 | ---- | M] () -- C:\Users\User\Desktop\a.aaa-Serious-cat.jpg
[2013-08-09 21:10:02 | 000,093,200 | ---- | M] () -- C:\Users\User\Desktop\pantai.jpg
[2013-08-08 19:11:52 | 000,056,770 | ---- | M] () -- C:\Users\User\Desktop\Internet-in-the-jungle-What the...-Pictures.jpg
[2013-08-08 15:11:29 | 000,449,839 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-08-08 15:10:23 | 000,001,866 | ---- | M] () -- C:\Windows\wininit.ini
[2013-07-27 02:44:57 | 000,021,101 | ---- | M] () -- C:\Users\User\Desktop\captains log.jpg
[2013-07-24 22:24:54 | 000,022,573 | ---- | M] () -- C:\Users\User\Desktop\nonono.jpg
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-08-22 21:07:53 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013-08-22 21:07:53 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-08-22 15:59:25 | 012,252,672 | ---- | C] () -- C:\Users\User\Desktop\ShockwavePlayer_12.0.3.133_SPS.exe
[2013-08-22 15:59:06 | 000,000,174 | -HS- | C] () -- C:\Users\User\Documents\desktop (4).ini
[2013-08-22 15:58:47 | 000,000,546 | -HS- | C] () -- C:\Users\User\Documents\desktop (3).ini
[2013-08-22 15:58:21 | 000,000,546 | -HS- | C] () -- C:\Users\User\Documents\desktop (2).ini
[2013-08-22 15:45:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013-08-22 15:45:21 | 000,694,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013-08-22 15:45:21 | 000,147,802 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013-08-22 15:45:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013-08-22 00:29:17 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013-08-22 00:29:16 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013-08-21 01:06:58 | 000,063,863 | ---- | C] () -- C:\Users\User\Desktop\Favim.com-34179.jpg
[2013-08-20 22:17:00 | 025,942,693 | ---- | C] () -- C:\Users\User\Desktop\Metallica - Enter Sandman [Official Music Video].mp4
[2013-08-20 00:48:44 | 000,006,711 | ---- | C] () -- C:\Users\User\Desktop\China_Super_Black_Polished_porcelain_Tile_60_60cm20128171123561.jpg
[2013-08-20 00:31:33 | 000,081,951 | ---- | C] () -- C:\Users\User\Desktop\in_the_darkest_night_by_secretumbox-d67kjwh.jpg
[2013-08-19 20:12:52 | 000,163,131 | ---- | C] () -- C:\Users\User\Desktop\pool-of-tears.jpg
[2013-08-19 19:00:37 | 000,015,576 | ---- | C] () -- C:\Users\User\Desktop\9414_-_Grande_mostro_di_spaghetti_volanti_al_Presidio_anticlericale,_Milano,_2_June_2012_-_Foto_di_Giovanni_Dall'Orto.jpg
[2013-08-19 18:57:04 | 000,153,562 | ---- | C] () -- C:\Users\User\Desktop\pastafarian-280x165.jpg
[2013-08-18 23:52:21 | 000,000,057 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-08-18 23:52:21 | 000,000,005 | ---- | C] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-08-18 22:51:35 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013-08-17 21:00:35 | 000,040,765 | ---- | C] () -- C:\Users\User\Desktop\quotes-a-true-friend_11527-0.png
[2013-08-17 20:24:30 | 000,032,305 | ---- | C] () -- C:\Users\User\Desktop\tony.jpg
[2013-08-17 13:05:02 | 000,097,521 | ---- | C] () -- C:\Users\User\Desktop\hitch.jpg
[2013-08-17 13:03:47 | 000,063,700 | ---- | C] () -- C:\Users\User\Desktop\324-Mother-Teresa-was-a-fanatic-and-a-fraud-christopher-hitchens-fanaticism-fundamentalists-quotes-suffering.jpg
[2013-08-17 01:18:21 | 000,234,587 | ---- | C] () -- C:\Users\User\Desktop\CarolBlue-ChristopherHitchens.jpg
[2013-08-15 22:11:42 | 000,001,438 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2013-08-12 21:09:08 | 000,028,366 | ---- | C] () -- C:\Users\User\Desktop\drunk cat.jpg
[2013-08-12 20:34:01 | 000,031,501 | ---- | C] () -- C:\Users\User\Desktop\life of po.jpg
[2013-08-11 00:59:00 | 000,042,430 | ---- | C] () -- C:\Users\User\Desktop\hitch malaysia.jpg
[2013-08-09 22:27:42 | 000,014,163 | ---- | C] () -- C:\Users\User\Desktop\mariogod.jpg
[2013-08-09 21:27:47 | 000,032,798 | ---- | C] () -- C:\Users\User\Desktop\a.aaa-Serious-cat.jpg
[2013-08-09 21:09:59 | 000,093,200 | ---- | C] () -- C:\Users\User\Desktop\pantai.jpg
[2013-08-08 19:11:51 | 000,056,770 | ---- | C] () -- C:\Users\User\Desktop\Internet-in-the-jungle-What the...-Pictures.jpg
[2013-08-08 14:58:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013-07-27 02:44:57 | 000,021,101 | ---- | C] () -- C:\Users\User\Desktop\captains log.jpg
[2013-07-24 22:24:54 | 000,022,573 | ---- | C] () -- C:\Users\User\Desktop\nonono.jpg
[2013-02-05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013-02-05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013-02-05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013-02-05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013-02-05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012-11-24 00:32:04 | 000,001,866 | ---- | C] () -- C:\Windows\wininit.ini
[2012-11-01 21:39:21 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2012-11-01 21:39:21 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
[2012-07-16 21:40:29 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
[2011-12-14 21:36:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011-11-21 20:59:17 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011-11-21 20:59:17 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011-11-18 19:13:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-11-18 19:13:36 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-09-15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2010-12-16 19:20:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-05-18 17:07:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-12-16 04:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012-12-16 04:44:17 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-08-18 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013-08-22 20:52:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\7 Sticky Notes
[2010-10-22 03:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2012-10-05 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG
[2011-11-09 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011-10-30 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CheckPoint
[2013-08-22 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2013-08-18 22:51:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DSite
[2013-08-18 22:51:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eIntaller
[2010-07-27 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2010-07-27 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2012-11-29 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2013-08-22 00:29:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2011-11-23 17:42:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2012-08-12 19:28:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2012-07-29 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Moonchild Productions
[2012-04-09 01:24:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
[2013-03-24 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy
[2013-07-05 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera Software
[2013-06-29 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoScape
[2011-11-09 02:03:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QFX Software
[2010-11-15 09:50:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
[2013-04-11 16:11:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013-03-21 17:40:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2011-11-21 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SolidDocuments
[2013-08-22 17:10:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2012-10-01 06:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011-12-16 06:24:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateTemp1308534806
[2013-08-22 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinZipper

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013-08-11 22:23:51 | 003,062,878 | ---- | M] ()(C:\Users\User\Desktop\? With God On Our Side {Live at Town Hall 1963} (23_25) - Elston Gunn - YouTube.MP3) -- C:\Users\User\Desktop\▶ With God On Our Side {Live at Town Hall 1963} (23_25) - Elston Gunn - YouTube.MP3
[2013-08-11 22:23:50 | 003,062,878 | ---- | C] ()(C:\Users\User\Desktop\? With God On Our Side {Live at Town Hall 1963} (23_25) - Elston Gunn - YouTube.MP3) -- C:\Users\User\Desktop\▶ With God On Our Side {Live at Town Hall 1963} (23_25) - Elston Gunn - YouTube.MP3
[2013-08-10 23:24:50 | 001,740,432 | ---- | M] ()(C:\Users\User\Desktop\? Iggy and the Stooges - Burn (new song) - YouTube.MP3) -- C:\Users\User\Desktop\▶ Iggy and the Stooges - Burn (new song) - YouTube.MP3
[2013-08-10 23:24:47 | 001,740,432 | ---- | C] ()(C:\Users\User\Desktop\? Iggy and the Stooges - Burn (new song) - YouTube.MP3) -- C:\Users\User\Desktop\▶ Iggy and the Stooges - Burn (new song) - YouTube.MP3

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Users\User\Desktop\poppy pic.jpg:com.dropbox.attributes

< End of report >
  • 0

#3
janji
Posted 05 September 2013 - 12:03 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
doesn't anyone want to help me :)
  • 0

#4
godawgs
Posted 05 September 2013 - 01:06 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello janji, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Since the original OTL log is so old let's get a fresh one with the Extras.txt log.


Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
DRIVES


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section click the radio button beside Use SafeList<--Very Importanyt
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. the Extras.txt file will be minimized on the desktop. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. the new OTL.txt log
2. The Extras.txt log
  • 0

#5
godawgs
Posted 09 September 2013 - 11:22 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
godawgs
Posted 11 September 2013 - 09:33 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
User returned.
  • 0

#7
janji
Posted 12 September 2013 - 01:21 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
thanks godawgs :) here are both logs as requested:




OTL logfile created on: 12-Sep-13 8:46:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.50 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 62.83% Memory free
6.99 Gb Paging File | 5.66 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.34 Gb Total Space | 6.82 Gb Free Space | 8.93% Space Free | Partition Type: NTFS
Drive G: | 221.75 Gb Total Space | 221.33 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-09-02 21:28:30 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013-08-22 21:47:03 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files\WinZipper\winzipersvc.exe
PRC - [2013-08-21 17:54:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013-08-16 22:53:18 | 005,703,920 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013-08-14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013-06-05 19:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-04-23 06:48:20 | 000,844,144 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013-04-18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013-01-11 07:31:55 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-10-31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011-12-25 17:31:18 | 007,311,360 | ---- | M] (Fabio Martin) -- C:\Program Files\7 Sticky Notes\7StickyNotes.exe
PRC - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011-10-14 08:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe
PRC - [2011-06-05 20:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-09-19 19:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010-09-19 19:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009-01-26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013-03-13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013-01-15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013-01-15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013-01-15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013-01-15 18:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2012-11-14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\User\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012-11-13 22:53:04 | 000,121,472 | ---- | M] () -- C:\Program Files\Razer\Razer Game Booster\GBV3ContextMenu.dll
MOD - [2011-08-16 00:13:26 | 000,802,816 | ---- | M] () -- C:\Windows\System32\EditCtlsU.ocx
MOD - [2011-03-17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2013-09-11 11:20:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-08-22 21:47:03 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files\WinZipper\winzipersvc.exe -- (winzipersvc)
SRV - [2013-08-14 19:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-08-14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013-07-13 00:34:05 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-06-21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012-11-24 22:49:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012-10-31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-09-20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012-07-11 20:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011-10-14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011-10-14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011-10-03 20:59:48 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\Program Files\SolidDocuments\SolidPDFCreator\SPC\SolidPdfService.exe -- (SPDFCreatorReadSpool)
SRV - [2010-09-19 19:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010-03-16 06:12:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-02-07 02:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008-11-09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2013-05-22 18:49:34 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2013-04-03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013-04-03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012-11-15 03:36:52 | 000,035,592 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2012-11-13 22:53:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2012-10-31 00:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-10-31 00:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-10-31 00:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-10-31 00:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-10-31 00:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-10-24 00:39:46 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012-10-24 00:39:46 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012-10-15 18:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012-07-20 12:12:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012-07-20 12:11:58 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012-06-20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011-12-15 02:41:38 | 000,173,880 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011-07-22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011-07-12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011-03-07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2010-11-20 05:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 05:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 05:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 02:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 02:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 02:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010-09-19 20:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010-09-19 20:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010-09-19 19:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010-09-01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010-07-27 15:27:41 | 000,035,363 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\windrvNT.sys -- (windrvNT)
DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...8&ts=1376859100
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search.yah...r=spigot-yhp-ie
IE - HKU\.DEFAULT\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {05503B1C-2535-43BF-BDBB-AB202F7835DF}
IE - HKU\.DEFAULT\..\SearchScopes\{05503B1C-2535-43BF-BDBB-AB202F7835DF}: "URL" = http://de.search.yah...p={searchTerms}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search.yah...r=spigot-yhp-ie
IE - HKU\S-1-5-18\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {05503B1C-2535-43BF-BDBB-AB202F7835DF}
IE - HKU\S-1-5-18\..\SearchScopes\{05503B1C-2535-43BF-BDBB-AB202F7835DF}: "URL" = http://de.search.yah...p={searchTerms}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes\{68886DAE-B805-43CE-BC84-321244275702}: "URL" = http://de.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....q={searchTerms}
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js - File not found


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-02 21:29:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-06-29 11:02:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-25 02:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-20 02:44:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-09-02 21:29:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Components: C:\Program Files\Minefield\components [2013-09-09 14:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a1pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2013-09-09 14:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.3\extensions\\Components: C:\Program Files\Pale Moon\components [2013-09-09 14:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 20.3\extensions\\Plugins: C:\Program Files\Pale Moon\plugins [2013-09-09 14:34:36 | 000,000,000 | ---D | M]

[2010-07-27 15:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2013-08-18 22:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions
[2012-08-29 17:35:09 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2013-08-18 22:50:06 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013-07-02 01:02:57 | 000,000,000 | ---D | M] ("Plus-HD-2.2") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
[2013-07-10 15:09:49 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-28 02:45:39 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2012-08-05 10:39:52 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2011-12-13 13:32:18 | 000,000,000 | ---D | M] (My-Translator) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-02 01:03:40 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-02 01:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode
[2013-08-18 22:50:08 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-05-31 02:26:30 | 000,138,110 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-05 21:11:50 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:03:39 | 000,230,040 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:07 | 000,226,606 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-05 21:11:50 | 000,308,849 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-16 16:26:03 | 000,032,637 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:38:16 | 000,156,725 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-15 19:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:38:16 | 000,702,918 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-08-18 22:50:06 | 000,266,336 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{15a7ef52-8a77-426e-9e17-e21af257d7c8}.xpi
[2012-05-29 16:10:02 | 000,035,719 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
[2013-08-18 22:50:06 | 000,074,959 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
[2013-06-14 22:21:43 | 000,000,910 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\searchplugins\yahoo.xml
[2013-08-22 21:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013-08-22 21:07:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-07-03 22:02:57 | 000,000,000 | ---D | M] (IObit Apps Toolbar) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime Alternative\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AP Suggestor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnmbpihhamedhophbnjjpidokcknoid\1.2.5_0\
CHR - Extension: avast! WebRep = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_1\
CHR - Extension: RealDownloader = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1\
CHR - Extension: Lightning Newtab = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.5.3_0\
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\crossrider
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.23.10_0\
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\crossrider
CHR - Extension: Plus-HD-2.2 = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo\1.24.60_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_1\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013-08-08 15:11:29 | 000,449,839 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15468 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Users\User\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - No CLSID value found.
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4165335087-975643669-458432890-1000..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-4165335087-975643669-458432890-1000..\Run: [Advanced SystemCare 6] C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-4165335087-975643669-458432890-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7 Sticky Notes.lnk = C:\Program Files\7 Sticky Notes\7StickyNotes.exe (Fabio Martin)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4165335087-975643669-458432890-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Users\User\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34409987-9796-4508-BBF4-9B47970A5F1F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013-09-12 03:09:12 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-09-12 03:09:10 | 002,876,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-09-12 03:09:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-09-12 03:09:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-09-12 03:09:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-09-12 03:09:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-09-12 03:09:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-09-12 03:09:07 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-09-12 03:09:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-09-12 03:09:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-09-11 11:09:35 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013-09-11 11:09:34 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-09-11 11:09:32 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013-09-11 11:09:31 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013-09-11 11:09:31 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013-09-11 11:09:31 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013-09-11 11:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013-09-11 11:09:31 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013-09-11 11:09:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013-09-11 11:09:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013-09-11 11:09:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013-09-11 11:09:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013-09-11 11:09:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013-09-11 11:09:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013-09-11 11:09:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013-09-11 11:09:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013-09-11 11:09:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013-09-10 13:31:31 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-09-10 13:31:31 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-09-10 13:31:30 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-09-10 13:31:30 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-09-10 13:31:30 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-09-10 13:31:30 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-09-10 13:31:30 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-09-10 13:31:30 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-09-10 13:31:30 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-09-10 13:31:30 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-09-10 13:31:30 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-09-10 13:31:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-09-10 13:31:30 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-09-10 13:31:30 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-09-10 13:31:30 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-09-10 13:31:30 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-09-10 13:31:30 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-09-10 13:31:30 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-09-10 13:31:30 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-09-10 13:31:30 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-09-10 13:31:30 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-09-10 13:31:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-09-10 13:31:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-09-10 13:31:30 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-09-10 13:31:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-09-10 13:31:30 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-09-09 14:38:06 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
[2013-09-09 14:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013-09-09 14:34:04 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013-09-05 14:10:09 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\friends
[2013-09-02 21:30:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\RealNetworks
[2013-09-02 21:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013-09-02 21:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013-09-02 21:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013-08-26 15:12:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tsusbflt.sys.mui
[2013-08-22 21:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[2013-08-22 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinZipper
[2013-08-22 21:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinZipper
[2013-08-22 21:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013-08-22 15:39:45 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2013-08-22 15:39:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2013-08-22 15:39:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2013-08-22 15:39:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2013-08-22 15:24:48 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui
[2013-08-22 15:24:47 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdvgkmd.sys.mui
[2013-08-22 15:24:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdpwd.sys.mui
[2013-08-22 15:24:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui
[2013-08-22 15:24:45 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui
[2013-08-22 15:24:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui
[2013-08-22 15:24:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tsusbhub.sys.mui
[2013-08-22 15:24:43 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui
[2013-08-22 15:24:42 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbport.sys.mui
[2013-08-22 15:24:42 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui
[2013-08-22 15:24:42 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui
[2013-08-22 15:24:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui
[2013-08-22 15:24:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\disk.sys.mui
[2013-08-22 15:24:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui
[2013-08-22 15:24:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui
[2013-08-22 15:24:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui
[2013-08-22 15:24:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui
[2013-08-22 15:24:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui
[2013-08-22 15:24:14 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbhub.sys.mui
[2013-08-22 15:24:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vhdmp.sys.mui
[2013-08-22 15:24:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui
[2013-08-22 15:24:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\portcls.sys.mui
[2013-08-22 15:24:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui
[2013-08-22 15:24:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui
[2013-08-22 15:24:13 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2013-08-22 15:24:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui
[2013-08-22 15:24:05 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui
[2013-08-22 15:23:59 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2013-08-22 15:23:59 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui
[2013-08-22 15:23:59 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui
[2013-08-22 15:23:59 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\k57nd60x.sys.mui
[2013-08-22 15:23:59 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui
[2013-08-22 15:23:59 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui
[2013-08-22 15:23:59 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui
[2013-08-22 15:23:59 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\de-DE\getn62.sys.mui
[2013-08-22 15:23:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui
[2013-08-22 15:23:59 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismp6.sys.mui
[2013-08-22 15:23:59 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui
[2013-08-22 15:23:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui
[2013-08-22 15:23:58 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1y6032.sys.mui
[2013-08-22 15:23:58 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1q6032.sys.mui
[2013-08-22 15:23:58 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1k6032.sys.mui
[2013-08-22 15:23:58 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui
[2013-08-22 15:23:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui
[2013-08-22 15:23:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui
[2013-08-22 15:23:58 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui
[2013-08-22 15:23:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui
[2013-08-22 15:23:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ataport.sys.mui
[2013-08-22 15:23:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui
[2013-08-22 15:23:58 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui
[2013-08-22 15:23:58 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui
[2013-08-22 15:23:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui
[2013-08-22 15:23:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui
[2013-08-22 15:23:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui
[2013-08-22 15:23:49 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bfe.dll.mui
[2013-08-22 15:23:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ws2ifsl.sys.mui
[2013-08-22 15:23:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
[2013-08-22 15:23:46 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2013-08-22 15:23:46 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui
[2013-08-22 15:23:46 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui
[2013-08-22 15:23:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui
[2013-08-22 15:23:35 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fvevol.sys.mui
[2013-08-22 15:23:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scfilter.sys.mui
[2013-08-22 15:23:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdbss.sys.mui
[2013-08-22 15:23:21 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui
[2013-08-22 15:23:21 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui
[2013-08-22 15:23:21 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui
[2013-08-22 15:23:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\partmgr.sys.mui
[2013-08-22 15:23:15 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui
[2013-08-22 15:23:15 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\nwifi.sys.mui
[2013-08-22 15:23:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndis.sys.mui
[2013-08-22 15:23:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui
[2013-08-22 15:23:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui
[2013-08-22 15:23:04 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui
[2013-08-22 15:23:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui
[2013-08-22 15:23:00 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui
[2013-08-22 15:22:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2013-08-22 15:22:44 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui
[2013-08-22 15:22:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui
[2013-08-22 15:22:31 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2013-08-22 15:22:31 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui
[2013-08-22 15:22:30 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2013-08-22 15:22:30 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui
[2013-08-22 15:22:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui
[2013-08-22 15:22:30 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui
[2013-08-22 15:22:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui
[2013-08-22 15:22:29 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui
[2013-08-22 15:22:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\HdAudio.sys.mui
[2013-08-22 15:22:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui
[2013-08-22 15:22:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui
[2013-08-22 15:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui
[2013-08-22 15:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui
[2013-08-22 15:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui
[2013-08-22 15:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdppm.sys.mui
[2013-08-22 15:22:28 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui
[2013-08-22 15:22:28 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2013-08-22 15:22:28 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2013-08-22 15:22:28 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui
[2013-08-22 15:22:28 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui
[2013-08-22 15:22:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui
[2013-08-22 15:22:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui
[2013-08-22 15:22:28 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui
[2013-08-22 15:22:28 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2013-08-22 15:22:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\cdrom.sys.mui
[2013-08-22 15:22:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthenum.sys.mui
[2013-08-22 15:22:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui
[2013-08-22 15:22:27 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\1394ohci.sys.mui
[2013-08-22 15:22:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui
[2013-08-22 15:20:02 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013-08-22 15:19:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-08-22 15:19:50 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-08-22 15:19:50 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-08-22 15:19:50 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-08-22 15:19:44 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013-08-22 15:19:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-08-22 15:19:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-08-22 15:19:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-08-22 15:19:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-08-22 15:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013-08-22 15:19:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-08-22 15:19:41 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013-08-22 15:19:41 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013-08-22 15:19:41 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013-08-22 15:19:40 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013-08-22 15:19:40 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013-08-22 15:19:40 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013-08-22 15:19:40 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013-08-22 15:19:39 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013-08-22 15:19:39 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013-08-22 15:19:39 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013-08-22 15:19:38 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013-08-22 15:07:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013-08-22 14:53:30 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013-08-21 17:54:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013-08-18 22:52:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013-08-18 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DSite
[2013-08-17 21:19:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013-08-17 21:18:17 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-08-17 21:18:17 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-08-15 13:02:21 | 000,000,000 | R--D | C] -- C:\Users\User\Desktop\canon,instruct
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-09-12 20:51:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013-09-12 20:24:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-09-12 20:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-09-12 19:11:18 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-09-12 19:11:18 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-09-12 19:03:02 | 000,001,180 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-updater.job
[2013-09-12 19:03:00 | 000,001,184 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-codedownloader.job
[2013-09-12 19:03:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-enabler.job
[2013-09-12 19:02:01 | 000,001,880 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-chromeinstaller.job
[2013-09-12 19:02:01 | 000,001,804 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.2-firefoxinstaller.job
[2013-09-12 19:00:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000UA.job
[2013-09-12 18:35:21 | 000,094,315 | ---- | M] () -- C:\Users\User\Desktop\anxiety attack cartoon.jpg
[2013-09-12 18:34:36 | 000,103,424 | -H-- | M] () -- C:\Users\User\Desktop\photothumb.db
[2013-09-12 17:47:26 | 000,694,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013-09-12 17:47:26 | 000,660,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-09-12 17:47:26 | 000,383,076 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013-09-12 17:47:26 | 000,147,802 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013-09-12 17:47:26 | 000,121,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-09-12 17:47:26 | 000,119,074 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013-09-12 17:41:08 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-09-12 17:41:06 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2013-09-12 17:40:33 | 002,522,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-09-12 17:40:09 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4165335087-975643669-458432890-1000Core.job
[2013-09-12 17:39:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-09-12 17:38:28 | 2814,558,208 | -HS- | M] () -- C:\hiberfil.sys
[2013-09-12 17:37:36 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013-09-12 00:36:08 | 000,015,040 | ---- | M] () -- C:\Users\User\Desktop\Everyone-you-will-ever-meet-knows-something.jpg
[2013-09-12 00:10:14 | 000,063,686 | ---- | M] () -- C:\Users\User\Desktop\10692169-little-siamese-kitten-with-a-football.jpg
[2013-09-12 00:01:08 | 000,085,846 | ---- | M] () -- C:\Users\User\Desktop\funny-pictures-kitten-plays-invisible-football.jpg
[2013-09-11 11:30:00 | 504,095,873 | ---- | M] () -- C:\Users\User\Desktop\Ougenweide - Eulenspiegel 1976 (Full Album Listen) (Full HD).mp4
[2013-09-11 11:20:19 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-09-11 11:20:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-09-10 13:31:31 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-09-10 13:31:31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-09-10 13:31:30 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-09-10 13:31:30 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-09-10 13:31:30 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-09-10 13:31:30 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-09-10 13:31:30 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-09-10 13:31:30 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-09-10 13:31:30 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-09-10 13:31:30 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-09-10 13:31:30 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-09-10 13:31:30 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-09-10 13:31:30 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-09-10 13:31:30 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-09-10 13:31:30 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-09-10 13:31:30 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-09-10 13:31:30 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-09-10 13:31:30 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-09-10 13:31:30 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-09-10 13:31:30 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-09-10 13:31:30 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-09-10 13:31:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-09-10 13:31:30 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-09-10 13:31:30 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-09-10 13:31:30 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-09-10 13:31:30 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-09-10 13:31:30 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-09-10 00:51:09 | 000,000,093 | ---- | M] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-09-10 00:32:37 | 000,098,905 | ---- | M] () -- C:\Users\User\Desktop\troll_b62a2f_2758678.jpg
[2013-09-09 23:55:25 | 000,105,409 | ---- | M] () -- C:\Users\User\Desktop\vaccination scare.jpg
[2013-09-09 16:25:04 | 000,122,067 | ---- | M] () -- C:\Users\User\Desktop\5884-baby-harp-seal.jpg
[2013-09-08 21:35:21 | 000,037,478 | ---- | M] () -- C:\Users\User\Desktop\pope quiz.jpg
[2013-09-08 01:02:58 | 000,149,563 | ---- | M] () -- C:\Users\User\Desktop\religion like internet explorer.png
[2013-09-07 21:51:49 | 000,173,195 | ---- | M] () -- C:\Users\User\Desktop\index.jpg
[2013-09-06 08:46:20 | 000,035,505 | ---- | M] () -- C:\Users\User\Desktop\house-on-religion-600x450.jpg
[2013-09-05 18:54:28 | 000,060,087 | ---- | M] () -- C:\Users\User\Desktop\old pic.jpg
[2013-09-04 22:31:22 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013-09-02 21:29:41 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013-09-02 21:28:50 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013-09-02 21:28:34 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013-09-02 21:28:34 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013-08-31 10:03:03 | 000,194,560 | -H-- | M] () -- C:\Users\User\Documents\photothumb.db
[2013-08-31 10:01:58 | 000,000,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013-08-27 15:37:50 | 000,028,855 | ---- | M] () -- C:\Users\User\Desktop\natural-selection.jpg
[2013-08-26 15:12:39 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tsusbflt.sys.mui
[2013-08-24 01:08:01 | 000,028,194 | ---- | M] () -- C:\Users\User\Desktop\spock-logic-begninning.jpg
[2013-08-22 21:47:44 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-08-22 15:34:28 | 000,295,922 | ---- | M] () -- C:\Windows\System32\perfi007.dat
[2013-08-22 15:34:28 | 000,038,104 | ---- | M] () -- C:\Windows\System32\perfd007.dat
[2013-08-21 17:54:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013-08-20 12:54:23 | 000,000,005 | ---- | M] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-08-18 22:51:43 | 000,002,049 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk
[2013-08-18 22:51:43 | 000,001,601 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013-08-17 21:19:25 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013-08-17 21:18:17 | 003,968,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-08-17 21:18:17 | 003,913,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-08-15 22:11:42 | 000,001,438 | ---- | M] () -- C:\Users\User\AppData\Local\recently-used.xbel
[1 C:\Users\User\Documents\*.tmp files -> C:\Users\User\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-09-12 18:34:15 | 000,094,315 | ---- | C] () -- C:\Users\User\Desktop\anxiety attack cartoon.jpg
[2013-09-12 17:37:36 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013-09-12 00:36:07 | 000,015,040 | ---- | C] () -- C:\Users\User\Desktop\Everyone-you-will-ever-meet-knows-something.jpg
[2013-09-12 00:08:56 | 000,063,686 | ---- | C] () -- C:\Users\User\Desktop\10692169-little-siamese-kitten-with-a-football.jpg
[2013-09-12 00:01:07 | 000,085,846 | ---- | C] () -- C:\Users\User\Desktop\funny-pictures-kitten-plays-invisible-football.jpg
[2013-09-11 11:22:55 | 504,095,873 | ---- | C] () -- C:\Users\User\Desktop\Ougenweide - Eulenspiegel 1976 (Full Album Listen) (Full HD).mp4
[2013-09-10 13:45:36 | 000,001,413 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013-09-10 13:31:30 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-09-10 00:32:37 | 000,098,905 | ---- | C] () -- C:\Users\User\Desktop\troll_b62a2f_2758678.jpg
[2013-09-09 23:55:25 | 000,105,409 | ---- | C] () -- C:\Users\User\Desktop\vaccination scare.jpg
[2013-09-09 16:23:50 | 000,122,067 | ---- | C] () -- C:\Users\User\Desktop\5884-baby-harp-seal.jpg
[2013-09-08 21:35:20 | 000,037,478 | ---- | C] () -- C:\Users\User\Desktop\pope quiz.jpg
[2013-09-08 01:02:57 | 000,149,563 | ---- | C] () -- C:\Users\User\Desktop\religion like internet explorer.png
[2013-09-07 21:45:34 | 000,103,424 | -H-- | C] () -- C:\Users\User\Desktop\photothumb.db
[2013-09-07 21:45:18 | 000,173,195 | ---- | C] () -- C:\Users\User\Desktop\index.jpg
[2013-09-06 08:46:19 | 000,035,505 | ---- | C] () -- C:\Users\User\Desktop\house-on-religion-600x450.jpg
[2013-09-05 18:54:26 | 000,060,087 | ---- | C] () -- C:\Users\User\Desktop\old pic.jpg
[2013-09-05 14:14:04 | 000,194,560 | -H-- | C] () -- C:\Users\User\Documents\photothumb.db
[2013-09-02 21:29:41 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013-08-31 10:01:58 | 000,000,042 | ---- | C] () -- C:\Users\User\AppData\Roaming\mbam.context.scan
[2013-08-27 15:37:49 | 000,028,855 | ---- | C] () -- C:\Users\User\Desktop\natural-selection.jpg
[2013-08-24 01:08:00 | 000,028,194 | ---- | C] () -- C:\Users\User\Desktop\spock-logic-begninning.jpg
[2013-08-22 21:07:53 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013-08-22 15:59:06 | 000,000,174 | -HS- | C] () -- C:\Users\User\Documents\desktop (4).ini
[2013-08-22 15:58:47 | 000,000,546 | -HS- | C] () -- C:\Users\User\Documents\desktop (3).ini
[2013-08-22 15:58:21 | 000,000,546 | -HS- | C] () -- C:\Users\User\Documents\desktop (2).ini
[2013-08-22 15:45:22 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2013-08-22 15:45:21 | 000,694,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2013-08-22 15:45:21 | 000,147,802 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2013-08-22 15:45:21 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2013-08-22 00:29:16 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2013-08-18 23:52:21 | 000,000,093 | ---- | C] () -- C:\Users\User\AppData\Roaming\WB.CFG
[2013-08-18 23:52:21 | 000,000,005 | ---- | C] () -- C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
[2013-08-18 22:51:35 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013-08-15 22:11:42 | 000,001,438 | ---- | C] () -- C:\Users\User\AppData\Local\recently-used.xbel
[2013-02-05 18:52:54 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013-02-05 18:52:50 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013-02-05 18:52:50 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013-02-05 18:52:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013-02-05 18:52:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012-11-24 00:32:04 | 000,001,866 | ---- | C] () -- C:\Windows\wininit.ini
[2012-11-01 21:39:21 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2012-11-01 21:39:21 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
[2012-07-16 21:40:29 | 000,027,520 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
[2011-12-14 21:36:20 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2011-11-21 20:59:17 | 000,027,976 | ---- | C] () -- C:\Windows\System32\solidlocalmon.dll
[2011-11-21 20:59:17 | 000,019,272 | ---- | C] () -- C:\Windows\System32\solidlocalui.dll
[2011-11-18 19:13:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-11-18 19:13:36 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-09-15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2010-12-16 19:20:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-12-16 04:44:17 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012-12-16 04:44:17 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011-12-18 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012-10-13 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2011-12-18 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012-10-13 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-08-18 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013-09-12 17:42:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\7 Sticky Notes
[2010-10-22 03:35:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2012-10-05 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG
[2011-11-09 07:39:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BITS
[2011-10-30 21:32:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CheckPoint
[2013-09-12 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2013-08-18 22:51:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DSite
[2010-07-27 15:38:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGet
[2010-07-27 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FlashGetBHO
[2012-11-29 17:02:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\go
[2013-08-31 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2011-11-23 17:42:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2012-08-12 19:28:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam
[2012-07-29 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Moonchild Productions
[2012-04-09 01:24:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nitro PDF
[2013-07-05 21:19:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera Software
[2013-06-29 11:02:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PhotoScape
[2011-11-09 02:03:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\QFX Software
[2010-11-15 09:50:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sammsoft
[2013-04-11 16:11:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2013-03-21 17:40:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2011-11-21 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SolidDocuments
[2013-09-12 02:10:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2012-10-01 06:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011-12-16 06:24:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\UpdateTemp1308534806
[2013-08-22 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinZipper

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009-07-14 03:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013-05-18 17:07:59 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009-07-14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010-11-20 05:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010-11-20 05:18:08 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2012-01-12 12:44:03 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009-07-14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012-08-15 05:04:20 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013-08-17 21:17:24 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010-11-20 05:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010-11-20 05:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011-06-05 20:17:42 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009-07-14 03:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009-07-14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009-07-14 03:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010-11-20 05:19:24 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009-07-14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009-07-14 03:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009-07-14 03:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012-11-14 03:17:35 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009-07-14 03:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011-06-29 20:14:33 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012-08-15 05:05:42 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2012-01-12 12:44:03 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009-07-14 03:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010-11-20 05:21:02 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010-11-20 05:21:04 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009-07-14 03:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2012-01-12 12:44:03 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009-07-14 03:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010-11-20 05:21:28 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010-11-20 05:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010-11-20 05:21:06 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010-11-20 05:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009-07-14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012-06-13 02:53:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010-11-20 05:17:52 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010-11-20 05:18:06 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010-11-20 05:18:06 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010-11-20 05:21:08 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013-07-13 00:34:05 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010-11-20 05:21:36 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010-11-20 05:19:42 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010-11-20 05:21:36 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010-11-20 05:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2012-12-16 04:44:18 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012-06-03 00:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010-11-20 05:18:36 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009-07-14 03:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010-11-20 05:21:38 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011-06-05 20:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011-06-05 20:18:33 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011-06-05 19:52:16 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011-06-05 20:18:33 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011-06-05 20:18:33 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010-11-20 05:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011-06-05 20:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011-06-05 20:18:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2011-06-05 19:50:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2011-06-05 19:50:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2011-06-05 19:52:16 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: QMGR.DLL >
[2009-07-14 03:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\ERDNT\cache\qmgr.dll
[2009-07-14 03:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010-11-20 05:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010-11-20 05:21:00 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SERVICES >
[2009-06-10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009-06-10 23:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2012-09-23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013-05-11 12:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\ERDNT\cache\services.exe
[2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009-07-13 18:40:28 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\System32\de-DE\services.exe.mui
[2009-07-13 18:40:28 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=5BB3A4AC670D245257DBA6C397DF2EEB -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_c0e2c741986ab76d\services.exe.mui
[2009-07-14 05:00:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=E89EB9C6A1F652766B1E7D2E50ED5381 -- C:\Windows\System32\zh-CN\services.exe.mui
[2009-07-14 05:00:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=E89EB9C6A1F652766B1E7D2E50ED5381 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_c95a07a86e6a9d44\services.exe.mui
[2009-07-14 04:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\services.exe.mui
[2009-07-14 04:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.JSM >
[2013-08-13 14:47:19 | 000,003,707 | ---- | M] () MD5=269292BD8A3F267229CC27098211CA33 -- C:\Program Files\Pale Moon\modules\Services.jsm

< MD5 for: SERVICES.LNK >
[2009-07-14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009-07-14 06:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009-06-10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009-06-10 23:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009-07-14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009-06-10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009-07-14 04:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009-06-10 23:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2009-07-13 18:43:52 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\System32\de-DE\services.msc
[2009-07-13 18:43:52 | 000,092,744 | ---- | M] () MD5=7FC1BD72E9D0E622638C4620E33FAD47 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_de-de_fb24972d6ed45160\services.msc
[2009-07-14 04:49:54 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\System32\zh-CN\services.msc
[2009-07-14 04:49:54 | 000,092,747 | ---- | M] () MD5=838D8BA778B6B9571019D0D680262914 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_039bd79444d43737\services.msc

< MD5 for: SERVICES.PTXML >
[2009-07-13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009-07-13 22:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.SBS >
[2013-07-16 13:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010-11-20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2011-06-05 19:52:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2011-06-05 19:52:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2011-06-05 19:52:16 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-11-20 05:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 05:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009-07-14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013-04-04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009-07-13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009-07-13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009-07-13 23:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< MD5 for: WSHELPER.DLL >
[2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\System32\wshelper.dll
[2009-07-14 03:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\wshelper.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 3C45-F045
Directory of C:\
14-Jul-09 06:53 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14-Jul-09 06:53 AM <JUNCTION> Application Data [C:\ProgramData]
14-Jul-09 06:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14-Jul-09 06:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14-Jul-09 06:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14-Jul-09 06:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14-Jul-09 06:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14-Jul-09 06:53 AM <SYMLINKD> All Users [C:\ProgramData]
14-Jul-09 06:53 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14-Jul-09 06:53 AM <JUNCTION> Application Data [C:\ProgramData]
14-Jul-09 06:53 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14-Jul-09 06:53 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14-Jul-09 06:53 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14-Jul-09 06:53 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14-Jul-09 06:53 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14-Jul-09 06:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14-Jul-09 06:53 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14-Jul-09 06:53 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
14-Jul-09 06:53 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14-Jul-09 06:53 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14-Jul-09 06:53 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14-Jul-09 06:53 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14-Jul-09 06:53 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14-Jul-09 06:53 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14-Jul-09 06:53 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14-Jul-09 06:53 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14-Jul-09 06:53 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14-Jul-09 06:53 AM <JUNCTION> My Music [C:\Users\Default\Music]
14-Jul-09 06:53 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14-Jul-09 06:53 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14-Jul-09 06:53 AM <JUNCTION> My Music [C:\Users\Public\Music]
14-Jul-09 06:53 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14-Jul-09 06:53 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\User
24-Oct-09 09:00 PM <JUNCTION> Application Data [C:\Users\User\AppData\Roaming]
24-Oct-09 09:00 PM <JUNCTION> Cookies [C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies]
24-Oct-09 09:00 PM <JUNCTION> Local Settings [C:\Users\User\AppData\Local]
24-Oct-09 09:00 PM <JUNCTION> My Documents [C:\Users\User\Documents]
24-Oct-09 09:00 PM <JUNCTION> NetHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
24-Oct-09 09:00 PM <JUNCTION> PrintHood [C:\Users\User\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
24-Oct-09 09:00 PM <JUNCTION> Recent [C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent]
24-Oct-09 09:00 PM <JUNCTION> SendTo [C:\Users\User\AppData\Roaming\Microsoft\Windows\SendTo]
24-Oct-09 09:00 PM <JUNCTION> Start Menu [C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu]
24-Oct-09 09:00 PM <JUNCTION> Templates [C:\Users\User\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\User\AppData\Local
24-Oct-09 09:00 PM <JUNCTION> Application Data [C:\Users\User\AppData\Local]
24-Oct-09 09:00 PM <JUNCTION> History [C:\Users\User\AppData\Local\Microsoft\Windows\History]
24-Oct-09 09:00 PM <JUNCTION> Temporary Internet Files [C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\User\Documents
24-Oct-09 09:00 PM <JUNCTION> My Music [C:\Users\User\Music]
24-Oct-09 09:00 PM <JUNCTION> My Pictures [C:\Users\User\Pictures]
24-Oct-09 09:00 PM <JUNCTION> My Videos [C:\Users\User\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
02-Jul-11 07:23 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02-Jul-11 07:23 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02-Jul-11 07:23 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
02-Jul-11 07:23 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02-Jul-11 07:23 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02-Jul-11 07:23 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02-Jul-11 07:23 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02-Jul-11 07:23 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02-Jul-11 07:23 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
02-Jul-11 07:23 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02-Jul-11 07:23 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02-Jul-11 07:23 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
02-Jul-11 07:23 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
02-Jul-11 07:23 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02-Jul-11 07:23 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
64 Dir(s) 10,131,156,992 bytes free

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST9320423AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 76.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 222.00GB
Starting Offset: 81965088768
Hidden sectors: 0


========== Files - Unicode (All) ==========
[2013-08-10 23:24:50 | 001,740,432 | ---- | M] ()(C:\Users\User\Desktop\? Iggy and the Stooges - Burn (new song) - YouTube.MP3) -- C:\Users\User\Desktop\▶ Iggy and the Stooges - Burn (new song) - YouTube.MP3
[2013-08-10 23:24:47 | 001,740,432 | ---- | C] ()(C:\Users\User\Desktop\? Iggy and the Stooges - Burn (new song) - YouTube.MP3) -- C:\Users\User\Desktop\▶ Iggy and the Stooges - Burn (new song) - YouTube.MP3

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Users\User\Desktop\poppy pic.jpg:com.dropbox.attributes

< End of report >







OTL Extras logfile created on: 12-Sep-13 8:46:09 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.50 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 62.83% Memory free
6.99 Gb Paging File | 5.66 Gb Available in Paging File | 81.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.34 Gb Total Space | 6.82 Gb Free Space | 8.93% Space Free | Partition Type: NTFS
Drive G: | 221.75 Gb Total Space | 221.33 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Pale Moon\palemoon.exe (Moonchild Productions)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C61C74-A542-4779-BC66-7FB0F231AF37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B4B0592-6934-4AEC-BBAD-BC533A78180C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14FC3CCA-2508-4EDA-9DD9-1504DDA7FAC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{150524EE-B715-4EF9-A34A-2FA27657BA9D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1F8F43D0-AE21-4D2F-B4D4-14F65ABC6E45}" = lport=10243 | protocol=6 | dir=in | app=system |
"{22B7523C-FD11-4418-908B-BC572CE32896}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3067868C-D9D7-45CC-AA17-2BD96E0CF25E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{31EDE56D-583D-48B1-A9EE-B734482221E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B783F1C-A98D-4FB2-A0DE-ADD52F24F746}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4105292E-4B5D-4092-86F9-DD54781FFF52}" = lport=137 | protocol=17 | dir=in | app=system |
"{48B9CF93-2BA6-42E7-9995-7A713F16172F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B34FFC2-5374-4B9A-BF60-6864E6B61C16}" = rport=139 | protocol=6 | dir=out | app=system |
"{5076F006-4872-4CD9-A914-FA050DC44134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54600A98-5BC1-4D00-A024-F4775DDA56B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59817A93-6301-49F2-BF12-D32F0F714542}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5B428C76-0303-45DC-A725-5E9F2BD19E83}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5D244E71-D03F-4034-BC6D-EDA193BB22A9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62E4E5F3-DDAF-4064-BDCD-2E241709154F}" = lport=138 | protocol=17 | dir=in | app=system |
"{6441F7F4-6196-4E48-8C47-1BDFEE969D87}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66B01EF1-B166-4761-B8EA-DED0315176BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{688686CC-6C7C-4D0F-9892-500DFA3E247F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7EF2A3F3-2ED6-4D63-9631-748CB36EC11A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C460082-BC73-4192-B02F-CC3C031ADBA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{90A11075-C639-4E31-867A-C26531F53050}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D6F358B-BFCD-491E-94D5-6D1359FAA6B5}" = rport=138 | protocol=17 | dir=out | app=system |
"{A08F19AC-829D-4F07-996B-0E8286052BE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2C007FB-235F-4343-B070-8C95158E295D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A59A606A-719E-4118-A706-1DF7B77583D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{A97AB8C1-2756-4920-9558-11A15EBC19DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A9F44E4D-28B9-47A8-9DDE-C7519F917A6D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CA235FB1-E3CE-4757-A992-10AE88140288}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{CDEC3CEA-8A47-402E-8C34-65E3499663DB}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CFB9F7D3-BB27-48CB-AC4A-4A00C20D54D6}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9601372-8481-45E8-895C-3079D6CCBC13}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FB714D14-4E96-4994-8C69-0ED64C9E29C6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EF9A58-D277-4330-9B3A-90885372813E}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{05211AF6-3958-40A4-BC52-260A9B1E964D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B524571-D124-40AB-AC0A-DF6D71025544}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{20BD4472-F4D3-4AAC-9FF9-2C55A5689885}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2A1702E6-2306-4C53-8EF1-8CE2578857CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2C001D39-F521-4AD6-95EE-762828C2EB44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FE96B01-3F9E-49F8-AC71-02288C60EEFA}" = protocol=17 | dir=in | app=c:\program files\pale moon\palemoon.exe |
"{3FE7FFA0-92E5-42EB-8906-23871A27F32D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4021AB22-E7B9-42E8-AF8C-F3CBE237B935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{468A5075-75DF-4FF5-A5D1-0EC56A34049C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5CDC8FCB-9341-4F7F-AEB5-B73948B2D256}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{610C71EA-802F-4F8F-92A8-3BB952648D79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6531AD0D-6328-4847-890D-F5F24E4E6D42}" = protocol=1 | dir=in | [email protected],-28543 |
"{65EEE7D9-C8D7-496B-B305-158BCDEC719B}" = protocol=1 | dir=out | [email protected],-28544 |
"{735113FE-06D8-44E3-AB60-8B11C5F0B984}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{762CEA92-7A9D-4C44-ACB0-96B681E8253A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8206E8C9-CA4F-4DB9-B3B1-28AE96535ABE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{82E4872F-D2C5-423C-ACDD-5705EB68B6DC}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{8DD9E897-6518-4353-8845-52B0CD00094F}" = protocol=58 | dir=in | [email protected],-28545 |
"{91D3638E-2C1A-49B4-965F-14D1AD98BC17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92CE2633-DC11-4F4D-B801-C37BB35CE06A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{95F484B0-209C-44D5-874C-FE1735A539E5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{97CF0871-2934-43E2-B191-59DC4ED8CC96}" = protocol=6 | dir=out | app=system |
"{A28332EE-1BDB-4F9D-98DA-1DDF68CD88AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A7180D2F-05FE-405C-89AB-8D3B00244E88}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BC78AEBE-C92A-4C07-B100-05CBA6E2F4B2}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{C14E6B92-B505-4BB7-B3B5-1DE6F8C5D7A0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C7E6D737-0919-4D73-B5B9-C6E2BFEC5FE9}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C9634DAB-4C85-49CF-B19F-19BAA7C42C58}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CDCB4A86-02B3-4759-8287-DA98D9A41119}" = protocol=6 | dir=in | app=c:\program files\pale moon\palemoon.exe |
"{D414B189-BF28-4F72-9FBF-F984BE3ED8F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D978F408-280A-4EA8-A135-D4D19035A6DE}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{E631CCA6-8D77-4915-8536-23C2997466A2}" = protocol=58 | dir=out | [email protected],-28546 |
"{F14CCCD1-4B51-4570-950A-50D09A48DE9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F16C170E-9F3B-4AA7-B963-11CE82E133CB}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{FBADECE6-B30E-4224-8D25-2EE61A21A99A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FBB383DE-C765-4E38-A6D7-64AA57C47639}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FD57BCC1-C3FA-419F-AA07-5B0FEFED3115}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{2289277F-0AE4-4596-9A42-400710F53A71}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"TCP Query User{26137B51-4629-4D4A-B186-6DD3BB5D36FF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{2FCB800B-7EE7-418A-9DA7-A2DD8CAA1397}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8AB39849-D72F-4033-97A5-41D02D428C33}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{D1AF1CA2-0554-48C1-B53D-2BCCB516887C}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{4FD12FC9-358E-44F4-AB96-AC4C373A26B7}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{554F0595-F26A-47A5-805F-8F158EBC9D8A}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B4986CC4-63CB-4A9A-B430-A07BF9610DAE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BC34D886-A83A-4E06-A550-F0B905FEC43B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C5CE3F1D-4DA1-4883-AEA4-CB36CA2068B6}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0099B484-C24C-4D5F-8167-B0F6DF196E72}" = Adobe Shockwave Player 12.0
"{013C4AC1-64FB-46EA-9320-D34CEB65BDBC}" = AVG 2013
"{0680FE0B-DEBA-419F-A0AC-8D990F32DE60}" = AVG 2013
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21BB2D6D-8ED8-47DC-8146-48104DDE3262}" = Super Granny 4
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2DB7DD8E-F17B-408A-B93B-92867EF7974D}_is1" = 7 Sticky Notes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{523DF39E-DF7D-488F-8022-783946571033}" = Nero 8 Essentials
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE2B7D4-2BAA-4B9D-A4F4-282D3D30F1D0}" = IObit Apps Toolbar v7.2
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9363DCD7-8323-4BB9-9EAC-21FC394CBC2E}" = Luxor 2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE71D10-F112-4EEA-9643-5A33200186A6}" = Heroes Of Hellas
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
"{DFE70CCC-0ACB-45B7-94F4-9DC6F01B7928}" = SolidPDFCreator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AP Suggestor" = AP Suggestor
"avast" = avast! Free Antivirus
"Chasys Draw IES" = Chasys Draw IES 4.02.01
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX Setup
"FreeApp v1" = FreeApps
"Google Chrome" = Google Chrome
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeyScrambler" = KeyScrambler
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ManyCam" = ManyCam 3.0.91 (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Minefield (3.7a1pre)" = Minefield (3.7a1pre)
"MostFun.com Games - Heroes Of Hellas" = MostFun.com Games - Heroes Of Hellas (remove only)
"MostFun.com Games - Luxor 2" = MostFun.com Games - Luxor 2 (remove only)
"MostFun.com Games - Super Granny 4" = MostFun.com Games - Super Granny 4 (remove only)
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 15.0.1147.130" = Opera Stable 15.0.1147.130
"Pale Moon 20.3 (x86 en-US)" = Pale Moon 20.3 (x86 en-US)
"PhotoScape" = PhotoScape
"Plus-HD-2.2" = Plus-HD-2.2
"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Smart Defrag 2_is1" = Smart Defrag 2
"StickMen War 2.5" = StickMen War 2.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WebSite Downloader" = WebSite Downloader 1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZipper" = WinZipper
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"DSite" = Update for Zip Opener
"Folder Lock" = Folder Lock
"Game Organizer" = GameXN GO
"MyFreeCodec" = MyFreeCodec
"MyPaint" = MyPaint 1.0.0
"Spotify" = Spotify
"Zip Opener Packages" = Zip Opener Packages

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10-Sep-13 8:34:42 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2153

Error - 10-Sep-13 8:34:44 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10-Sep-13 8:34:44 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3198

Error - 10-Sep-13 8:34:44 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3198

Error - 10-Sep-13 8:34:45 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10-Sep-13 8:34:45 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4196

Error - 10-Sep-13 8:34:45 AM | Computer Name = User-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4196

Error - 10-Sep-13 12:15:56 PM | Computer Name = User-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 10-Sep-13 12:16:19 PM | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10-Sep-13 5:52:49 PM | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Faulting application name: New Super Mario Forever 2012.exe, version:
1.1.1.1, time stamp: 0x4f16f44d Faulting module name: fmod.dll_unloaded, version:
0.0.0.0, time stamp: 0x3fb81b0b Exception code: 0xc0000005 Fault offset: 0x030d1f5b
Faulting
process id: 0x1fb4 Faulting application start time: 0x01ceae6fc8dc5ed7 Faulting application
path: C:\Program Files\New Super Mario Bros 2012\New Super Mario Forever 2012.exe
Faulting
module path: fmod.dll Report Id: 551f8055-1a63-11e3-a89a-c80aa9f30dbe

[ System Events ]
Error - 11-Sep-13 10:59:32 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Toolbar ISWKL service failed to start due to the following
error: %%3

Error - 11-Sep-13 10:59:32 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar
ISWKL service which failed to start because of the following error: %%3

Error - 11-Sep-13 10:59:38 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 11-Sep-13 3:48:34 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Toolbar ISWKL service failed to start due to the following
error: %%3

Error - 11-Sep-13 3:48:34 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar
ISWKL service which failed to start because of the following error: %%3

Error - 11-Sep-13 3:48:41 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 12-Sep-13 11:38:24 AM | Computer Name = User-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12-Sep-13 11:40:07 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Toolbar ISWKL service failed to start due to the following
error: %%3

Error - 12-Sep-13 11:40:07 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = The ZoneAlarm Toolbar IswSvc service depends on the ZoneAlarm Toolbar
ISWKL service which failed to start because of the following error: %%3

Error - 12-Sep-13 11:40:13 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2


< End of report >
  • 0

#8
godawgs
Posted 12 September 2013 - 11:29 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello janji,

We need to clear some space on the C: drive.

Hard-Drive Free Space Advice:

From the OTL header:

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 76.34 Gb Total Space | 6.82 Gb Free Space | 8.93% Space Free | Partition Type: NTFS
Drive G: | 221.75 Gb Total Space | 221.33 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

I advise you to uninstall some software you do not need and / or move any documents/files/pictures etc to a form of removable media. The lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.


Step-1.

Malicious program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

IObit Apps Toolbar v7.2
Advanced SystemCare 3
Advanced SystemCare 6
AP Suggestor

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Disable SuperAntiSpyware

We need to disable SuperAntiSpyware so it won't interfere with our fixes. To do that:
  • Start the SuperAntiSpyware program
  • Click the General tab.
  • Uncheck the box beside Start SuperAntiSpyware when Windows starts
  • Click the Real-Time Protection tab
  • Uncheck the box beside Enable Real-Time Protection
  • Uncheck the box beside Enable First Chance Protection
  • Click the Close button
  • Restart the computer and make sure that the brown / orange bug is not in the system tray.
We can start it again when we are finished.


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.c...8&ts=1376859100
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search.yah...r=spigot-yhp-ie
IE - HKU\.DEFAULT\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {05503B1C-2535-43BF-BDBB-AB202F7835DF}
IE - HKU\.DEFAULT\..\SearchScopes\{05503B1C-2535-43BF-BDBB-AB202F7835DF}: "URL" = http://de.search.yah...p={searchTerms}
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search.yah...r=spigot-yhp-ie
IE - HKU\S-1-5-18\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {05503B1C-2535-43BF-BDBB-AB202F7835DF}
IE - HKU\S-1-5-18\..\SearchScopes\{05503B1C-2535-43BF-BDBB-AB202F7835DF}: "URL" = http://de.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\SearchScopes\{68886DAE-B805-43CE-BC84-321244275702}: "URL" = http://de.search.yah...p={searchTerms}
[2013-08-18 22:50:06 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2013-07-02 01:02:57 | 000,000,000 | ---D | M] ("Plus-HD-2.2") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
[2012-11-28 02:45:39 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-02 01:03:40 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-02 01:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode
[2013-07-05 21:11:50 | 000,308,849 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-14 16:38:16 | 000,156,725 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2012-11-15 19:30:12 | 000,214,020 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected]
[2013-07-03 22:02:57 | 000,000,000 | ---D | M] (IObit Apps Toolbar) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (AP Suggestor) - {D0984FD4-FA9A-46ee-9072-70B0735FF852} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O2 - BHO: (no name) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - No CLSID value found.
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-4165335087-975643669-458432890-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O9 - Extra Button: AP Suggestor - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
O9 - Extra 'Tools' menuitem : AP Suggestor options - {02E2473F-766B-4ce2-8FD0-C4E8071EF1C4} - C:\Program Files\AP Suggestor\APSuggestor.dll (APSolo LTD UK)
[2013-08-18 22:52:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013-08-18 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DSite
[2013-09-12 20:51:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2011-12-18 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012-10-13 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2011-12-18 14:13:47 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012-10-13 11:39:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013-08-18 22:52:01 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2013-08-18 22:51:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DSite
[2013-08-31 21:13:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IObit
[2011-11-23 17:42:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iolo
[2012-10-01 06:05:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software

:FILES
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-5.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the uninstalls were successful.
2. The OTL.txt log
3. The aswMBR.txt log
4. the AdwCleaner[R0].txt log
  • 0

#9
janji
Posted 13 September 2013 - 12:53 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{05503B1C-2535-43BF-BDBB-AB202F7835DF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05503B1C-2535-43BF-BDBB-AB202F7835DF}\ not found.
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{05503B1C-2535-43BF-BDBB-AB202F7835DF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05503B1C-2535-43BF-BDBB-AB202F7835DF}\ not found.
Registry value HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll not found.
HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\SearchScopes\{68886DAE-B805-43CE-BC84-321244275702}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68886DAE-B805-43CE-BC84-321244275702}\ not found.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\Plugins folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\modules folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\lib folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\sl folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\lib folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\core folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\wa folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\menu folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\gf\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\gf folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui\dlg folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ui folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\sp\spsd folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\sp\spbd folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\sp\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\sp folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\options\js\resources folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\options\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\options\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\options\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\options folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\msd folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\api folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ac\res folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ac\img folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ac\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\ac folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al\aboutBox folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb\al folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\tb folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\logic\uninstall\dialog\js folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\logic\uninstall\dialog\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\logic\uninstall\dialog\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\logic\uninstall\dialog folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\logic\uninstall folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content\logic folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome\CT1561552 folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d} folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\core folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\api folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\content\imgs\flgs folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\content\imgs folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\content\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected] folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected]\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\[email protected] folder moved successfully.
Folder C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com\chrome\content\extensionCode\ not found.
C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected] moved successfully.
C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected] moved successfully.
C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rcdgk3lo.default\extensions\[email protected] moved successfully.
Folder C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
File C:\Program Files\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0984FD4-FA9A-46ee-9072-70B0735FF852}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0984FD4-FA9A-46ee-9072-70B0735FF852}\ not found.
File C:\Program Files\AP Suggestor\APSuggestor.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}\ not found.
File C:\Program Files\IObit Apps Toolbar\IE\7.2\iobitappsToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-4165335087-975643669-458432890-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
File C:\Program Files\AP Suggestor\APSuggestor.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E2473F-766B-4ce2-8FD0-C4E8071EF1C4}\ not found.
File C:\Program Files\AP Suggestor\APSuggestor.dll not found.
C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages folder moved successfully.
C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z folder moved successfully.
C:\Users\User\AppData\Roaming\DSite\UpdateProc folder moved successfully.
C:\Users\User\AppData\Roaming\DSite folder moved successfully.
C:\Windows\Tasks\DSite.job moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\IObit\ not found.
Folder C:\Users\Default User\AppData\Roaming\TuneUp Software\ not found.
Folder C:\Users\User\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\ not found.
Folder C:\Users\User\AppData\Roaming\DSite\ not found.
C:\Users\User\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced Uninsataller\log folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced Uninsataller folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\Startup Manager folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\EmptyFolder folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\Downloader folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Startup Manager folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\SmartRAM folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Smart RAM folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\SecurityHoles folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\PrivacySweeper folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\EmptyFolder folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Driver Manager\DriverBackup folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Driver Manager folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\DiskCheck folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Disk Cleaner folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5\Backup folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Toolbox folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Startup Manager folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Smart RAM\wfp\E1 folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Smart RAM\wfp\08 folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Smart RAM\wfp folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Smart RAM folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\SecurityHoles folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Driver Manager\DriverBackup folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Driver Manager folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Disk Cleaner folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Users\User\AppData\Roaming\IObit\Advanced SystemCare folder moved successfully.
C:\Users\User\AppData\Roaming\IObit folder moved successfully.
C:\Users\User\AppData\Roaming\iolo folder moved successfully.
C:\Users\User\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\User\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\User\AppData\Roaming\TuneUp Software folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33488 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: User
->Temp folder emptied: 35673099 bytes
->Temporary Internet Files folder emptied: 3256970 bytes
->Java cache emptied: 277908 bytes
->FireFox cache emptied: 79125624 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 65264 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 10793111 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4860024600 bytes

Total Files Cleaned = 4,758.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09132013_204543

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by janji, 13 September 2013 - 01:06 PM.

  • 0

#10
janji
Posted 13 September 2013 - 01:04 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-13 20:55:18
-----------------------------
20:55:18.991 OS Version: Windows 6.1.7601 Service Pack 1
20:55:18.991 Number of processors: 2 586 0x603
20:55:18.991 ComputerName: USER-PC UserName: User
20:55:20.229 Initialize success
20:55:20.389 AVAST engine defs: 13091302
20:55:43.161 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:55:43.171 Disk 0 Vendor: ST9320423AS 0006HPM1 Size: 305245MB BusType: 11
20:55:43.331 Disk 0 MBR read successfully
20:55:43.341 Disk 0 MBR scan
20:55:43.351 Disk 0 Windows 7 default MBR code
20:55:43.361 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78167 MB offset 63
20:55:43.391 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227075 MB offset 160088064
20:55:43.411 Disk 0 scanning sectors +625137664
20:55:43.521 Disk 0 scanning C:\Windows\system32\drivers
20:56:00.731 Service scanning
20:56:10.032 Modules scanning
20:56:11.132 Disk 0 trace - called modules:
20:56:11.142 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
20:56:11.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x869391c8]
20:56:11.492 3 CLASSPNP.SYS[8cdb659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x864aa908]
20:56:11.622 AVAST engine scan C:\Windows
20:56:13.732 AVAST engine scan C:\Windows\system32
20:59:35.779 AVAST engine scan C:\Windows\system32\drivers
21:00:04.662 AVAST engine scan C:\Users\User
21:00:49.516 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
21:00:49.523 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"
  • 0

Advertisements

#11
janji
Posted 13 September 2013 - 01:16 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
# AdwCleaner v3.003 - Report created 13/09/2013 at 21:10:36
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Update lucky leap
Service Found : winzipersvc

***** [ Files / Folders ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\\invalidprefs.js
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected]
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\foxydeal.sqlite
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\user.js
File Found : C:\Windows\System32\Tasks\DSite
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
File Found : C:\Windows\System32\Tasks\Plus-HD-2.2-updater
File Found : C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
File Found : C:\Windows\Tasks\Plus-HD-2.2-updater.job
Folder Found : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
Folder Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\lucky leap
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\Plus-HD-2.2
Folder Found C:\Program Files\WinZipper
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Found C:\ProgramData\Trymedia
Folder Found C:\Users\User\AppData\Local\MyScrapNook_12
Folder Found C:\Users\User\AppData\Local\PutLockerDownloader
Folder Found C:\Users\User\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\User\AppData\LocalLow\Conduit
Folder Found C:\Users\User\AppData\LocalLow\ZoneAlarm_Security
Folder Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\ConduitCommon
Folder Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack
Folder Found C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Smartbar
Folder Found C:\Users\User\AppData\Roaming\WinZipper

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9320423AS_5VH3ENV8&ts=1377200860 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield (Safe Mode).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )
Shortcut Found : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST9320423AS_5VH3ENV8&ts=1376859099 )

***** [ Registry ] *****

Data Found : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=ST9320423AS_5VH3ENV8&ts=1377200860
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Plus-HD-2.2
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\ZoneAlarm_Security
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\lucky leap
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\delta-homesSoftware
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CF84C1E-63F3-4A81-A93C-6C2465BBFDC4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB6CD4B7-8899-41CB-ACF9-C01DD14D5FAC}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-firefoxinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Plus-HD-2.2-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-firefoxinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Plus-HD-2.2-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-chromeinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-codedownloader
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-enabler
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-firefoxinstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-updater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Plus-HD-2.2
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\ZoneAlarm_Security

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=35a6caa9-48e6-4b5b-bdc2-22fc07770ca3&searchtype=ds&q={searchTerms}

-\\ Mozilla Firefox v23.0.1 (en-US)

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13506 octets] - [13/09/2013 21:10:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13567 octets] ##########
  • 0

#12
janji
Posted 13 September 2013 - 01:21 PM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
done :)
  • 0

#13
godawgs
Posted 14 September 2013 - 09:14 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

The aswMBR scan was clean so the MBR is ok. AdwCleaner found a lot more rubbish that we need to clear and a couple of more programs that need to be uninstalled. You also have two antivirus programs installed...Avast and AVG 2013. We need to uninstall AVG 2013.
As for KeyScrambler, my research shows that KeyScrambler is compatible with the following browsers:

Supports: Advanced Browser, AM Browser, AOL Explorer, AOL 9, Avant, Comodo Dragon, Comodo IceDragon, CometBird, Crazy Browser, Firefox, Flock, Google Chrome, Internet Explorer, K-meleon, Maxthon, MSN Explorer, Netscape, Orca Browser, Opera, Safari, Seamonkey, SlimBrowser, SR Iron Browser, TheWorld Browser, Palemoon, Lunascape, RockMelt, WaterFox, and Yahoo Browser.

It may be that the version of KeyScrambler you have is no longer compatible with your browser. When we are done I would suggest uninstalling the KeyScrambler you have now and installing the newest version.

Let me know how the computer is running after this round.


Step-1.

Uninstall Programs

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Plus-HD-2.2
WinZipper
AVG 2013

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-3.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.

Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013-08-22 21:47:03 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files\WinZipper\winzipersvc.exe
SRV - [2013-08-22 21:47:03 | 000,424,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files\WinZipper\winzipersvc.exe -- (winzipersvc)
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....q={searchTerms}
[2013-07-02 01:02:57 | 000,000,000 | ---D | M] ("Plus-HD-2.2") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\rcdgk3lo.default\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
[2013-08-22 20:52:06 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2013-08-22 21:47:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\WinZipper
[2012-10-05 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG

:FILES
C:\Program Files\AVG
C:\Program Files\AVG 2013

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-4

Delete a Google Chrome extension:

Open the Chrome browser:

  • Click the tools menu icon Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions. A page like the one shown below will open:
    Posted Image
  • Look for any Plus-HD-2.2 items. If there is a check mark in the box next to it/them, click the box to uncheck it/them. Then click the trash can icon next to the box.
  • A confirmation dialog will appear, click Remove.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the uninstalls were successful.
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. The OTL fixes log
5. The new OTL.txt log
6. How is the computer running now?
  • 0

#14
janji
Posted 14 September 2013 - 10:12 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
# AdwCleaner v3.003 - Report created 14/09/2013 at 18:08:01
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update lucky leap
[#] Service Deleted : winzipersvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\lucky leap
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\WinZipper
Folder Deleted : C:\Users\User\AppData\Local\MyScrapNook_12
Folder Deleted : C:\Users\User\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\User\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\User\AppData\LocalLow\ZoneAlarm_Security
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\ConduitCommon
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\jetpack
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Smartbar
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\Extensions\[email protected]
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\\invalidprefs.js
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\foxydeal.sqlite
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rcdgk3lo.default\user.js
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-firefoxinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-firefoxinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-2.2-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-2.2-updater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield (Safe Mode).lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Minefield.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eiimolhnbbbdagljikeckdkldgemmmlj
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E084C4F-D8C9-40BA-BDCC-DC19166A77C7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E084C4F-D8C9-40BA-BDCC-DC19166A77C7}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-chromeinstaller
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CF0A9E5-48AA-428F-AACA-CA9B2F29B4DA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CF0A9E5-48AA-428F-AACA-CA9B2F29B4DA}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-codedownloader
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D283AB59-B8D9-4E54-BC81-AE6986A8CF9A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D283AB59-B8D9-4E54-BC81-AE6986A8CF9A}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-enabler
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D2B6296-C3FD-4C7C-9D18-7374AFFB106F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D2B6296-C3FD-4C7C-9D18-7374AFFB106F}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-firefoxinstaller
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83FD8FCA-ED0F-4319-944A-DF1FE77E9166}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83FD8FCA-ED0F-4319-944A-DF1FE77E9166}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-2.2-updater
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C56CEDE-FFFA-4CA0-8331-3FE2F033A281}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C56CEDE-FFFA-4CA0-8331-3FE2F033A281}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pale-moon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_samsung-kies_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C3C45C5F-2F1B-4012-A854-F89DC99F2335}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116BA71C-8187-4F15-9A1F-C9D6289155D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5CF84C1E-63F3-4A81-A93C-6C2465BBFDC4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB6CD4B7-8899-41CB-ACF9-C01DD14D5FAC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\lucky leap
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\ZoneAlarm_Security
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\ZoneAlarm_Security
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lucky leap

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13648 octets] - [13/09/2013 21:10:36]
AdwCleaner[R1].txt - [13088 octets] - [14/09/2013 18:05:45]
AdwCleaner[S0].txt - [12336 octets] - [14/09/2013 18:08:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12397 octets] ##########
  • 0

#15
janji
Posted 14 September 2013 - 10:25 AM

janji

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 210 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Ultimate x86
Ran by User on 14-Sep-13 at 18:17:30.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cnet_SecurityTaskManager_Setup_exe_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\cnet_SecurityTaskManager_Setup_exe_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r400-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r400-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASMANCS



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14-Sep-13 at 18:21:34.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP