Hit with virus/malware on Vista but don't know the origin.

Usually, when a virus hits my computer, I tend to know how to search for solutions because the virus usually attacks something specific or leaves a trail of sorts. For this one, I have no idea what it's doing on/to my computer or where I got it from. In fact, I got it when I was AFK so I definitely don't know how I got it. All I know of it are 2 things:

1. It got rid of my System Restore option. It doesn't just turn off System Restore, it literally got rid of the tab in System Properties.

2. When I boot up Windows normally, it gives me a black screen. I'm not sure if it's freezing or doing something to my graphics, I don't know. However, I can load up Safe Mode (with networking) perfectly fine. Albeit with a much longer than usual load time.

Anyway, here's my OTL log:

OTL logfile created on: 11/09/2013 7:06:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\anti virus
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

6.00 Gb Total Physical Memory | 5.06 Gb Available Physical Memory | 84.37% Memory free
12.11 Gb Paging File | 11.42 Gb Available in Paging File | 94.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 687.32 Gb Total Space | 2.15 Gb Free Space | 0.31% Space Free | Partition Type: NTFS
Drive D: | 11.31 Gb Total Space | 1.50 Gb Free Space | 13.29% Space Free | Partition Type: NTFS
Drive O: | 57.58 Gb Total Space | 0.67 Gb Free Space | 1.17% Space Free | Partition Type: FAT32

Computer Name: BERNARD-PC | User Name: Bernard | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/11 08:51:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\anti virus\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/09/27 19:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/10/18 09:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV - [2013/09/06 14:55:40 | 000,565,672 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/01 14:08:23 | 004,569,856 | ---- | M] () [Auto | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/03/06 06:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 01:09:55 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/26 15:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/07/24 14:36:22 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/07/24 14:32:10 | 000,404,848 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012/07/24 14:28:22 | 000,387,440 | ---- | M] () [Auto | Stopped] -- C:\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/07/24 14:26:42 | 000,474,992 | ---- | M] () [Auto | Stopped] -- C:\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/07/12 13:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/10 02:00:16 | 000,012,800 | ---- | M] (Mr. John aka japamd) [Auto | Stopped] -- C:\RadeonPro\RadeonProSupport.exe -- (RadeonPro Support Service)
SRV - [2010/12/28 02:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/25 09:17:28 | 003,549,696 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/05/29 16:19:06 | 000,198,240 | ---- | M] () [Auto | Stopped] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/11 03:18:40 | 000,384,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 04:28:34 | 000,127,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/11/08 04:49:24 | 000,307,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/27 20:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/09/27 20:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 19:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/24 14:11:54 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/05/13 15:47:29 | 000,013,864 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hostnt.sys -- (HOSTNT)
DRV:64bit: - [2012/05/12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 06:31:50 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/08 22:00:58 | 000,023,896 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\VirtDisk64.sys -- (YLMFVDISK)
DRV:64bit: - [2011/05/24 17:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011/02/23 05:42:49 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/08/19 20:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/01/01 11:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/10/06 12:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009/10/06 12:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009/10/06 12:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009/10/06 12:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009/10/02 21:00:20 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/10/01 20:40:04 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 16:45:41 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/28 16:20:44 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/09 15:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VClone.sys -- (VClone)
DRV:64bit: - [2009/04/22 18:10:56 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2009/04/22 18:10:40 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/04/22 18:10:32 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/04/10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/08 06:27:00 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2008/05/08 06:25:12 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/05/08 06:24:08 | 001,487,872 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DP.sys -- (HSF_DP)
DRV:64bit: - [2008/03/26 09:24:04 | 000,405,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)
DRV:64bit: - [2008/03/19 01:29:30 | 001,379,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2008/02/14 08:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/01/20 20:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/10/18 09:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/07/12 10:35:44 | 000,381,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2007/06/29 14:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/06/19 08:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2012/03/17 17:49:09 | 000,017,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Bernard\AppData\Local\Temp\006955E.tmp -- (X6va006)
DRV - [2011/09/14 17:17:31 | 000,024,144 | ---- | M] (Beijing Joychina Network Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\Temp\ncvet.dll -- (ncvet.dll)
DRV - [2005/01/01 21:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2004/04/26 19:11:32 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\PLCNDIS5.SYS -- (PLCNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}
IE:64bit: - HKLM\..\SearchScopes\{57392D2C-8F82-478C-994D-0C0D9FB35D6C}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE:64bit: - HKLM\..\SearchScopes\{6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}: "URL" = http://ca.search.yah...ing}&fr=hp-pvdt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{57392D2C-8F82-478C-994D-0C0D9FB35D6C}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKLM\..\SearchScopes\{6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}: "URL" = http://ca.search.yah...ing}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4BA2EC92-8370-4335-A0BB-F13F0820BEFC}: "URL" = http://flvdirect.iam...h={SearchTerms}
IE - HKCU\..\SearchScopes\{57392D2C-8F82-478C-994D-0C0D9FB35D6C}: "URL" = http://www.ask.com/w...}&l=dis&o=cahpd
IE - HKCU\..\SearchScopes\{6CD3D5FB-C4DE-499F-AD18-4E33B56F2D10}: "URL" = http://ca.search.yah...ing}&fr=hp-pvdt
IE - HKCU\..\SearchScopes\{6E156CB0-82F2-47D1-A6D2-471A6EF0DB3B}: "URL" = http://search.condui...5662315168&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=183.181.25.248:80

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: CSWebLauncher%40cyberstep.com:1.0.0.13
FF - prefs.js..extensions.enabledAddons: SQLiteManager%40mrinalkant.blogspot.com:0.8.0
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.9
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B6dd0bdba-0a02-429e-b595-87a7dfdca7a1%7D:0.8.8.1
FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..network.proxy.autoconfig_url: "https://mediahint.co...om/default.pac"
FF - prefs.js..network.proxy.type: 2

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bernard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@xunlei.com/npxluser: C:\Thunder Network\Thunder\BHO\xluser\npxluser.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\AVG\AVG2012\Firefox4\ [2013/05/14 12:59:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/03/15 18:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 17:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Mozilla Firefox\components [2013/03/12 22:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Mozilla Firefox\plugins [2013/02/14 01:39:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0}: C:\Users\Bernard\AppData\Local\{6FACD0C3-EF9B-4F52-94DB-6E745D1116A0} [2011/07/08 15:50:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013/02/14 09:41:10 | 000,037,909 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Bernard\AppData\Roaming\IDM\idmmzcc5

[2009/08/10 23:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Extensions
[2013/09/09 00:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions
[2010/04/27 15:10:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/06 23:18:21 | 000,000,000 | ---D | M] (NeffyPlugin Launcher) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{5601B994-0E9B-4ce2-8AB9-AD1155F2ABBD}
[2012/10/12 17:04:38 | 000,000,000 | ---D | M] (GameFOX) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{6dd0bdba-0a02-429e-b595-87a7dfdca7a1}
[2012/02/28 23:19:04 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/09/19 12:26:10 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
[2011/06/23 21:41:32 | 000,000,000 | ---D | M] ("CS Web Launcher") -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\[email protected]
[2013/08/09 17:08:45 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\[email protected]
[2013/04/18 23:23:19 | 000,069,170 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\[email protected]
[2013/05/03 05:55:28 | 000,248,978 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\[email protected]
[2013/05/05 16:13:11 | 000,581,999 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\[email protected]
[2011/10/17 21:39:31 | 000,067,870 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/04/17 18:31:11 | 000,282,569 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013/09/09 00:54:55 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/04 16:29:49 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/05/03 05:54:32 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/07 00:00:18 | 000,002,431 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\anime-news-network.xml
[2012/11/01 20:53:51 | 000,000,914 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\dictionarycom.xml
[2009/08/11 02:29:51 | 000,000,952 | ---- | M] () -- C:\Users\Bernard\AppData\Roaming\Mozilla\Firefox\Profiles\pwuuhfhm.default\searchplugins\youtube-video-search.xml

Hosts file not found
O2:64bit: - BHO: (no name) - {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - No CLSID value found.
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (3F2D81A2-AB9C-DA82-039C-33E7BC2362D3 Class) - {3F2D81A2-AB9C-DA82-039C-33E7BC2362D3} - C:\Thunder Network\Thunder\BBInside\{3F2D81A2-AB9C-DA82-039C-33E7BC2362D3}\AddressBar.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {889D2FEB-5411-4565-8998-1DD2C5261283} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Megaupload\Mega Manager\MegaIEMn.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (FreeOnlineRadioPlayerRecorder Toolbar) - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (FreeOnlineRadioPlayerRecorder Toolbar) - {F999A48B-1950-4D81-9971-79018F807B4B} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFree.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bernard\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] "C:\DAEMON Tools Lite\DTLite.exe" -autorun File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Download Manager\dlm.exe (IGN Entertainment)
O4 - HKCU..\Run: [KiesHelper] C:\Samsung\Kies\KiesHelper.exe /s File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Bernard\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Application Restart #2] C:\WINDOWS\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_169_Plugin.exe -update plugin File not found
O4 - HKLM..\RunOnce\Setup: [Registering MS MPEG4 ActiveX filter...] C:\WINDOWS\SysWOW64\MPG4ds32.ax (Microsoft Corporation)
O4 - HKLM..\RunOnce\Setup: [Registering WMA ActiveX filter...] C:\WINDOWS\SysWOW64\msadds32.ax (Microsoft Corporation)
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kuma_Tray.lnk = C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe ()
O4 - Startup: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ViiKiiDesktopPlugin.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: &?????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &?????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\FlashGet\JC_ALL.HTM ()
O8:64bit: - Extra context menu item: &Download with FlashGet - C:\FlashGet\JC_LINK.HTM ()
O8:64bit: - Extra context menu item: &Ê¹ÓÃÓÅµ°ÏÂÔØ - C:\UDown\getUrl.htm File not found
O8:64bit: - Extra context menu item: &Ê¹ÓÃÓÅµ°ÏÂÔØÈ«²¿Á´½Ó - C:\UDown\getAllUrl.htm File not found
O8:64bit: - Extra context menu item: &E1OAOAμ°IAOO - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &E1OAOAμ°IAOOE≪2?A´?O - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U?????????????????? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &UE1OAA×EEIAOO2￠EO2O - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &UÊ¹ÓÃÃ×ÈËÏÂÔØ²¢ÊÕ²Ø - C:\NamiRobot\Data\du.html File not found
O8:64bit: - Extra context menu item: &U使用米人下?并收藏 - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &U使用米人下载并收藏 - C:\NamiRobot\Data\du.html File not found
O8:64bit: - Extra context menu item: &ﾑｸﾀﾗﾏﾂﾔﾘｵｽﾊﾖｻ - Reg Error: Key error. File not found
O8:64bit: - Extra context menu item: &使用?蛋下? - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &使用?蛋下?全部?接 - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: &使用115优蛋下载 - C:\115\UDown\getUrl.htm ()
O8:64bit: - Extra context menu item: &使用115优蛋下载全部链接 - C:\115\UDown\getAllUrl.htm ()
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8:64bit: - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: &?????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &?????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &Download All with FlashGet - C:\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Ê¹ÓÃÓÅµ°ÏÂÔØ - C:\UDown\getUrl.htm File not found
O8 - Extra context menu item: &Ê¹ÓÃÓÅµ°ÏÂÔØÈ«²¿Á´½Ó - C:\UDown\getAllUrl.htm File not found
O8 - Extra context menu item: &E1OAOAμ°IAOO - Reg Error: Value error. File not found
O8 - Extra context menu item: &E1OAOAμ°IAOOE≪2?A´?O - Reg Error: Value error. File not found
O8 - Extra context menu item: &U????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &U?????????????????? - Reg Error: Value error. File not found
O8 - Extra context menu item: &UE1OAA×EEIAOO2￠EO2O - Reg Error: Value error. File not found
O8 - Extra context menu item: &UÊ¹ÓÃÃ×ÈËÏÂÔØ²¢ÊÕ²Ø - C:\NamiRobot\Data\du.html File not found
O8 - Extra context menu item: &U使用米人下?并收藏 - Reg Error: Value error. File not found
O8 - Extra context menu item: &U使用米人下载并收藏 - C:\NamiRobot\Data\du.html File not found
O8 - Extra context menu item: &ﾑｸﾀﾗﾏﾂﾔﾘｵｽﾊﾖｻ - Reg Error: Key error. File not found
O8 - Extra context menu item: &使用?蛋下? - Reg Error: Value error. File not found
O8 - Extra context menu item: &使用?蛋下?全部?接 - Reg Error: Value error. File not found
O8 - Extra context menu item: &使用115优蛋下载 - C:\115\UDown\getUrl.htm ()
O8 - Extra context menu item: &使用115优蛋下载全部链接 - C:\115\UDown\getAllUrl.htm ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/UNO%20-%20Undercover/Images/armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{081F9EF9-9B38-4560-8DE5-BCF5512DA67E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E2774A5-2766-4D2A-9844-B884397420A9}: NameServer = 208.67.222.222,208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bernard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{442fb762-9425-11de-aae1-001fc65f3688}\Shell - "" = AutoRun
O33 - MountPoints2\{442fb762-9425-11de-aae1-001fc65f3688}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{5447d0ef-c663-11de-9e46-001fc65f3688}\Shell\AutoRun\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{5447d0ef-c663-11de-9e46-001fc65f3688}\Shell\Install\command - "" = F:\Seagate\Installer\InstallSeagateManager.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/11 07:00:50 | 000,000,000 | ---D | C] -- C:\anti virus
[2013/09/11 06:10:21 | 000,000,000 | ---D | C] -- C:\Users\Bernard\AppData\Roaming\Malwarebytes
[2013/09/11 06:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/11 06:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/11 06:09:50 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/11 06:09:50 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2013/09/11 05:33:00 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Documents\HTST - Copy
[2013/09/08 23:56:16 | 000,000,000 | ---D | C] -- C:\Users\Bernard\Documents\Larian Studios
[2013/09/08 23:29:05 | 000,000,000 | ---D | C] -- C:\Divinity Dragon Commander
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[20 C:\Users\Bernard\AppData\Local\*.tmp files -> C:\Users\Bernard\AppData\Local\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/11 06:43:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 05:21:30 | 000,000,732 | ---- | M] () -- C:\Users\Bernard\AppData\Local\d3d9caps64.dat
[2013/09/11 05:08:28 | 000,411,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 03:23:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 03:23:55 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 02:52:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/11 02:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At3.job
[2013/09/11 01:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At2.job
[2013/09/11 00:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At1.job
[2013/09/10 23:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At24.job
[2013/09/10 22:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At23.job
[2013/09/10 21:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At22.job
[2013/09/10 20:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At21.job
[2013/09/10 19:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At20.job
[2013/09/10 18:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At19.job
[2013/09/10 18:27:23 | 000,912,490 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/09/10 17:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At18.job
[2013/09/10 16:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At17.job
[2013/09/10 16:19:12 | 136,593,138 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/09/10 16:12:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/10 16:12:21 | 000,000,310 | -HS- | M] () -- C:\Windows\tasks\Tkjhljntu.job
[2013/09/10 06:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At7.job
[2013/09/10 05:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At6.job
[2013/09/10 04:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At5.job
[2013/09/10 03:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At4.job
[2013/09/09 02:36:34 | 000,777,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/09 02:36:34 | 000,645,952 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/09 02:36:34 | 000,125,094 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/08 07:37:59 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At8.job
[2013/09/07 18:55:15 | 000,022,016 | ---- | M] () -- C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/03 15:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At16.job
[2013/09/03 14:38:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\At15.job
[2013/08/30 14:42:49 | 000,002,032 | ---- | M] () -- C:\Users\Bernard\AppData\Local\d3d9caps.dat
[2013/08/22 23:11:32 | 000,000,000 | ---- | M] () -- C:\END
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[20 C:\Users\Bernard\AppData\Local\*.tmp files -> C:\Users\Bernard\AppData\Local\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/24 02:09:47 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\dvttrn.dll
[2013/03/12 20:35:10 | 000,000,020 | ---- | C] () -- C:\Windows\SysWow64\pub_store.dat
[2013/02/04 00:28:46 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/10/16 18:29:50 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012/07/14 05:26:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/07/14 04:57:05 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/01 00:00:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012/06/09 18:42:18 | 000,000,552 | ---- | C] () -- C:\Users\Bernard\AppData\Local\d3d8caps.dat
[2012/05/13 15:47:57 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\RC_Err_Info.dll
[2012/03/17 22:47:40 | 000,819,200 | -HS- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/17 22:47:40 | 000,180,224 | -HS- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/06 01:57:22 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2012/01/07 23:59:09 | 000,002,006 | -HS- | C] () -- C:\Users\Bernard\AppData\Local\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2012/01/07 23:59:09 | 000,002,006 | -HS- | C] () -- C:\ProgramData\tg2241df7qlm73d86m436gn8m8y1hmqoy104oqcv2y87vy
[2011/10/16 18:20:09 | 000,000,026 | -HS- | C] () -- C:\Windows\SysWow64\Userdata.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/07/08 15:50:50 | 000,000,120 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Wyiru.dat
[2011/07/08 15:50:50 | 000,000,000 | ---- | C] () -- C:\Users\Bernard\AppData\Local\Fdagoyadomi.bin
[2011/07/08 15:42:36 | 000,017,663 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\FF5E.B3A
[2011/04/16 18:03:59 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/04/10 15:25:31 | 000,000,109 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\svchost.jxe
[2011/03/16 03:01:10 | 000,000,600 | ---- | C] () -- C:\Users\Bernard\AppData\Roaming\winscp.rnd
[2010/11/13 15:33:59 | 000,002,032 | ---- | C] () -- C:\Users\Bernard\AppData\Local\d3d9caps.dat
[2010/04/12 23:22:59 | 000,000,000 | ---- | C] () -- C:\Users\Bernard\AppData\Local\prvlcl.dat
[2010/03/03 01:16:11 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/12 02:01:08 | 000,022,016 | ---- | C] () -- C:\Users\Bernard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 21:25:48 | 000,000,732 | ---- | C] () -- C:\Users\Bernard\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2011/11/18 14:55:05 | 000,002,048 | -HS- | M] () -- C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\@
[2011/11/18 14:55:05 | 000,000,000 | -HSD | M] -- C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\L
[2012/07/26 15:11:49 | 000,000,000 | -HSD | M] -- C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U
[2012/07/26 15:11:48 | 000,001,712 | ---- | M] () -- C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\00000001.@
[2012/07/26 15:11:49 | 000,016,896 | ---- | M] () -- C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\80000000.@
[2012/07/26 15:11:49 | 000,023,040 | ---- | M] () -- C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\U\800000cb.@
[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\Bernard\AppData\Local\{f74fa4d3-0d07-b6d5-95c8-76b6bf7abf7e}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/14 01:54:38 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\115
[2011/12/21 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\356AE
[2011/12/21 16:11:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\40D35
[2013/03/18 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\AdbDriverInstaller
[2013/03/12 22:33:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\AnvSoft
[2012/02/25 00:33:57 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\AVG2012
[2011/05/11 01:23:20 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\avidemux
[2011/12/26 22:22:47 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Beat Hazard
[2012/01/19 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\BigHugeEngine
[2010/03/04 22:15:54 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Bioshock2
[2013/01/13 04:56:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\BitComet
[2010/08/07 03:28:02 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\BoneTown
[2012/05/25 04:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Carbon
[2010/12/01 21:41:15 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\com.doubleperfect.ggpo.0753AD3679DBFCA1E7F470171B7D0DB8B404A7EA.1
[2009/08/28 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DAEMON Tools Lite
[2012/02/20 20:55:14 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DarknessII
[2012/01/25 05:22:01 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DarknessIIDemo
[2011/03/29 22:23:51 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DarksporeData
[2012/09/30 00:36:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Defod
[2011/11/13 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\digipen
[2010/11/09 21:27:05 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DiskAid
[2011/12/25 00:05:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DMCache
[2012/02/06 01:57:22 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\DonationCoder
[2013/04/12 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Doublefine
[2012/09/30 00:36:52 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Exyq
[2012/12/30 20:15:38 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FairyBloomRe
[2009/08/11 15:19:29 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FlashGet
[2013/03/12 22:43:12 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner
[2010/10/07 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\FreeArc
[2009/09/21 00:29:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\GetRightToGo
[2011/05/08 03:08:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Ice-pick Lodge
[2013/04/29 02:16:47 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\iFunbox_UserCache
[2009/08/11 21:52:43 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ijjigame
[2009/08/18 03:11:38 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ImgBurn
[2011/09/15 21:04:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\JoyChina
[2011/05/24 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Leadertech
[2011/05/26 17:11:54 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Lionhead Studios
[2011/12/16 04:53:25 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Lixax
[2011/03/06 00:59:05 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\LolClient
[2009/09/04 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009/11/22 06:11:27 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Megaupload
[2011/10/01 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011/05/11 01:43:49 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\mkvtoolnix
[2011/12/18 03:35:18 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\MotioninJoy
[2010/04/18 20:38:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Mount&Blade Warband
[2011/05/03 19:58:04 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Mount&Blade With Fire and Sword
[2013/03/27 19:28:02 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\MP3SkypeRecorder
[2011/10/30 01:03:58 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Mp3tag
[2011/10/31 03:54:00 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\muvee Technologies
[2013/07/26 23:19:30 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Natural Selection 2
[2009/10/12 03:01:08 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\NeopleLauncherDFO
[2009/12/16 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Nokia
[2013/05/03 06:14:28 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Notepad++
[2012/02/06 01:55:57 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Orbit
[2011/10/26 00:12:15 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Origin
[2009/12/16 20:44:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PC Suite
[2010/03/30 03:11:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PlayFirst
[2012/02/06 01:47:03 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ProgSense
[2011/03/21 00:06:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\PunkBuster
[2012/03/21 18:27:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\RadeonPro
[2010/09/02 19:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\runic games
[2011/03/12 17:38:48 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Samsung
[2013/03/12 22:43:28 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SearchProtect
[2010/06/08 19:48:40 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SEGA Corporation
[2009/12/13 02:10:59 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SonyEricsson
[2009/08/16 00:45:30 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\SpinTop
[2012/02/09 16:57:17 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\TeamViewer
[2011/02/22 20:11:38 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\The Creative Assembly
[2013/03/26 21:36:37 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Ubisoft
[2012/05/13 21:02:09 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\UDown
[2012/10/13 21:45:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Unity
[2009/08/16 00:51:42 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\UNOUndercover
[2011/08/06 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Upyri
[2010/10/31 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\uTorrent
[2012/09/30 00:36:46 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Vahais
[2009/12/08 03:37:01 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2010/03/16 01:40:45 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\VitySoft
[2012/01/25 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Vocou
[2011/12/17 05:58:21 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\VOWSoft
[2013/05/03 05:44:11 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Waterfox Limited
[2010/03/30 03:08:51 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\WildTangent
[2012/05/26 22:35:44 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Windows Authenticator
[2010/01/29 03:26:06 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\Xilisoft
[2013/01/21 00:27:26 | 000,000,000 | ---D | M] -- C:\Users\Bernard\AppData\Roaming\YoudaGames

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2010/09/16 14:50:32 | 000,000,000 | ---D | M](C:\Users\Bernard\Documents\?? ???) -- C:\Users\Bernard\Documents\넥슨 플러그
[2010/09/16 14:50:32 | 000,000,000 | ---D | C](C:\Users\Bernard\Documents\?? ???) -- C:\Users\Bernard\Documents\넥슨 플러그
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷?件) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\迅雷软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?z?X?s?^???e?B?`???e?a‰@?A?I?G???・?￢?e“u‰@?≪???`) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ƒzƒXƒsƒ^ƒŠƒeƒB`‚ ‚é•a‰@‚Å‚ÌƒGƒ‚·‚¬‚é“ü‰@«Šˆ`

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:79F042EF
@Alternate Data Stream - 55920 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:BEB15613
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:720EA308

< End of report >

Thank you in advance for your time.

Hit with virus/malware on Vista but don't know the origin.

#1
squall23

Posted 11 September 2013 - 08:18 AM

Advertisements

#2
tom982

Posted 11 September 2013 - 08:33 AM

#3
tom982

Posted 11 September 2013 - 09:49 AM

#4
squall23

Posted 11 September 2013 - 06:10 PM

#5
tom982

Posted 12 September 2013 - 06:20 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Hit with virus/malware on Vista but don't know the origin.

#1 squall23 Posted 11 September 2013 - 08:18 AM

Advertisements

#2 tom982 Posted 11 September 2013 - 08:33 AM

#3 tom982 Posted 11 September 2013 - 09:49 AM

#4 squall23 Posted 11 September 2013 - 06:10 PM

#5 tom982 Posted 12 September 2013 - 06:20 AM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
squall23

Posted 11 September 2013 - 08:18 AM

#2
tom982

Posted 11 September 2013 - 08:33 AM

#3
tom982

Posted 11 September 2013 - 09:49 AM

#4
squall23

Posted 11 September 2013 - 06:10 PM

#5
tom982

Posted 12 September 2013 - 06:20 AM