Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trogan TR/PSW.ZBOT.15257 [Solved]


  • This topic is locked This topic is locked

#1
Steviep

Steviep

    Member

  • Member
  • PipPipPip
  • 311 posts
Hi my Avira anti virus has detected the above TRogan on my PC and internet access is really slow I wonder if you would have a look at my OTL logs and advise what I should do?

OTL logfile created on: 22/01/2014 21:50:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stevie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.85% Memory free
3.85 Gb Paging File | 2.61 Gb Available in Paging File | 67.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 12.33 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

Computer Name: DELL360 | User Name: Stevie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/22 21:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
PRC - [2013/12/20 21:02:25 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/12/20 21:02:16 | 000,366,032 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
PRC - [2013/12/20 21:02:16 | 000,115,664 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
PRC - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013/12/09 11:37:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/12/09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/10/30 03:16:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2013/10/16 20:09:30 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/07 23:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2010/01/14 23:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/09 11:37:21 | 000,394,808 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013/10/12 08:37:35 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\b21ef81fc4131bd1edd6d0bae9d58932\System.Configuration.ni.dll
MOD - [2013/10/12 08:37:07 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\46135dcca7a56a358d491b392356a3d6\System.Data.ni.dll
MOD - [2013/10/12 08:36:57 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\2f0f425579c47fb0aba720d838366b7f\System.Core.ni.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/16 22:22:31 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\0f881bc8833c56ab7fcfef2bcc244441\System.Management.ni.dll
MOD - [2013/08/16 22:20:14 | 000,787,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\30212ac4ab2e8f165a31128a61f678eb\System.EnterpriseServices.ni.dll
MOD - [2013/08/16 22:20:14 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\30212ac4ab2e8f165a31128a61f678eb\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/16 22:20:13 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\9f37a2a23772a8e9dcbef5c6b6ebe0ad\System.Transactions.ni.dll
MOD - [2013/08/16 22:07:02 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/08/16 22:06:49 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/07/15 09:37:26 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7cc0afe8cb3e759ecb1af93e2d966e9f\Microsoft.VisualC.ni.dll
MOD - [2013/07/15 08:47:15 | 014,418,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2010/11/02 07:33:58 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/12/20 21:02:25 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/30 03:16:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/10/16 20:09:30 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 20:54:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010/01/14 23:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/06/11 13:58:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Unknown (0) | Disabled | Unknown] -- System32\Drivers\TfKbMon.sys -- (TfKbMon)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2013/12/09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/12/09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/12/09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/30 03:16:30 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/07 23:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/07 23:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/08/26 12:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/11/10 03:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/01/14 23:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 23:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 23:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/04 19:36:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/04 08:34:20 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/06/19 17:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/04/13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/07 00:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/03/20 10:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {BF6ECD4B-F767-45E8-8E28-2628ABD50234}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/11/08 20:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions
[2012/11/08 20:32:57 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2013/09/08 21:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/30 23:04:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1350221284562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A1732D-8D17-4CCA-B27F-9F22AC0E7875}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Stevie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\msnlnamespacemgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/21 22:02:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/22 21:49:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
[2014/01/22 21:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
[2014/01/22 19:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tiuroroky
[2014/01/22 19:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Niulxuic
[2014/01/22 19:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Kepeluoss
[2014/01/22 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Uvpeevykw
[2014/01/22 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Quxyykiposy
[2014/01/22 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Guopqyvu
[2014/01/22 18:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Yfrodabuot
[2014/01/22 18:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod
[2014/01/22 18:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Hiywlodu
[2014/01/22 18:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zioreroko
[2014/01/22 18:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu
[2014/01/22 18:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Puovzyuggy
[2014/01/19 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi
[2014/01/19 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid
[2014/01/19 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Aqgowoidke
[2014/01/19 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Uflyesena
[2014/01/19 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ozravumu
[2014/01/19 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ihadasihze
[2014/01/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zekeepehm
[2014/01/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas
[2014/01/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Givyahciigs
[2014/01/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zisalufe
[2014/01/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tygaanve
[2014/01/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy
[2014/01/19 20:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Riaranist
[2014/01/19 20:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa
[2014/01/19 20:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Oqorxoyty
[2014/01/19 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy
[2014/01/19 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Okzuokerefta
[2014/01/19 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Lodixupyob
[2014/01/19 20:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Itowevit
[2014/01/19 20:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Usfiycnuut
[2014/01/19 20:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Muorduimfi
[2014/01/19 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Vobuutvoom
[2014/01/19 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tipipuupti
[2014/01/19 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Imavikkiwool
[2014/01/19 19:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/19 18:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ywdaunhef
[2014/01/19 18:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw
[2014/01/19 18:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Heinuxizaz
[2014/01/19 18:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom
[2014/01/19 18:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Cuweonyn
[2014/01/19 18:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi
[2014/01/19 18:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi
[2014/01/19 18:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Inlyenxe
[2014/01/19 18:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Fixyexattivu
[2014/01/19 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Qosuguutf
[2014/01/19 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Fenoemcoatq
[2014/01/19 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Daacxoyfu
[2014/01/15 19:57:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stevie\Recent
[2014/01/15 19:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Local Settings\Application Data\AskPartnerNetwork
[2014/01/14 21:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Local Settings\Application Data\VNT
[2014/01/14 21:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\VNT
[2014/01/14 21:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014/01/14 21:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
[2014/01/14 21:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2014/01/14 21:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Avira
[2014/01/14 21:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/14 21:03:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2014/01/14 21:03:49 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/01/14 21:03:49 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/01/14 21:03:48 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/01/14 19:29:59 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Stevie\Desktop\JRT.exe
[2014/01/14 18:58:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Stevie\Desktop\HijackThis.exe
[2014/01/13 22:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lpgg3d33
[2014/01/04 23:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Local Settings\Application Data\Help
[2013/12/24 13:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/12/24 13:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2014/01/22 21:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
[2014/01/22 21:38:30 | 003,809,280 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
[2014/01/22 19:37:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
[2014/01/22 19:37:01 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\SecurityCheck.exe
[2014/01/22 19:28:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/22 19:13:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/19 19:29:56 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/01/19 18:32:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/16 19:45:09 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/15 21:19:53 | 000,010,498 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2014/01/15 19:49:29 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/01/14 21:04:21 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/14 20:59:13 | 129,564,536 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\avira_free_antivirus_en.exe
[2014/01/14 19:30:03 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Stevie\Desktop\JRT.exe
[2014/01/14 19:19:57 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\AdwCleaner.exe
[2014/01/14 18:58:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Stevie\Desktop\HijackThis.exe
[2014/01/13 22:43:38 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\DivX Movies.lnk
[2014/01/13 22:43:21 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2014/01/13 22:42:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2014/01/05 20:35:29 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/05 20:11:22 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/05 05:01:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job
[2013/12/28 12:24:33 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\
[2014/01/22 21:38:30 | 003,809,280 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
[2014/01/22 19:36:59 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\SecurityCheck.exe
[2014/01/15 21:19:10 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2014/01/15 19:49:29 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/01/14 21:04:21 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/14 20:59:08 | 129,564,536 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\avira_free_antivirus_en.exe
[2014/01/14 19:19:54 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\AdwCleaner.exe
[2014/01/13 22:43:38 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\DivX Movies.lnk
[2014/01/13 22:43:21 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2014/01/13 22:42:52 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2014/01/13 15:59:02 | 005,155,573 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\DSC_0384.jpg
[2013/12/28 12:24:33 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/12/24 13:36:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/16 21:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/08/18 13:46:35 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/04/30 17:25:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2013/04/30 17:20:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Spacious
[2013/04/30 17:20:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Sound Effects
[2013/04/30 17:20:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Space Choir
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Solid Colors
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Smooth Strings
[2013/04/30 17:20:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2013/04/30 17:20:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2013/03/17 21:02:58 | 002,586,514 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-963894560-682003330-1003-0.dat
[2013/03/10 19:54:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E8FEA67A3C.sys
[2013/01/20 13:03:38 | 000,564,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/22 18:50:11 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2012/10/22 18:50:10 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2012/10/22 17:57:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012/02/19 14:53:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/02 20:46:31 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Stevie\.asadminpass
[2011/01/03 12:22:49 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPod Access v4 Prefs
[2011/01/03 12:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccessv4_OwnerName
[2011/01/03 12:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\iPodAccessv4_OwnerName
[2011/01/03 12:19:41 | 000,000,009 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccess_Time
[2010/11/03 16:51:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/09/30 21:37:43 | 001,014,870 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\[j0012]-[p01].bmp
[2010/08/25 13:56:52 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/04 22:41:26 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Stevie\.recently-used.xbel
[2010/02/02 19:23:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\$_hpcst$.hpc
[2009/10/04 08:44:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/05/02 09:29:56 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Stevie\default.pls
[2009/05/01 15:42:20 | 000,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/22 17:49:15 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2012/01/10 23:01:57 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB53386$\1533309969\L
[2012/01/10 23:02:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB53386$\1533309969\U
[2009/06/11 15:03:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 23:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/19 19:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/14 21:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2014/01/14 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
[2011/01/03 10:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BSD
[2013/04/30 17:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2013/10/16 20:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/03/02 22:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/06/11 18:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/08/25 13:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2009/05/02 09:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2014/01/14 19:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lpgg3d33
[2010/08/11 16:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2013/08/30 18:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2013/05/02 15:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/04/22 17:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/09/28 17:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/01/12 19:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2013/04/02 15:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCTV Systems
[2013/09/08 20:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PearlMountainSoft
[2013/09/11 17:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoCollageMax
[2010/08/15 15:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/08/11 05:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2013/09/07 09:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/05/01 15:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/08/17 19:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/04/30 17:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportPrinters
[2009/04/23 16:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/04/30 17:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2013/04/30 17:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Themes
[2013/10/16 20:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/08/25 13:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/04/30 17:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/01/17 20:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirginMedia
[2013/03/04 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group
[2011/08/29 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/02/24 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/19 16:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/28 19:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 20:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/10/15 16:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\000A270020AEF053
[2014/01/19 18:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi
[2010/07/19 18:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\ALK Technologies
[2014/01/22 21:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Aqgowoidke
[2012/05/07 19:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Audacity
[2013/01/18 22:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\avidemux
[2009/04/23 21:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2013/03/04 09:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\BitTorrent
[2014/01/19 22:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid
[2011/01/03 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\BSD
[2012/11/08 20:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\calibre
[2013/05/05 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/10 03:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/01/22 21:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Cuweonyn
[2014/01/19 18:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Daacxoyfu
[2010/05/19 15:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\DMCache
[2014/01/19 20:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa
[2013/10/16 20:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Epson
[2014/01/19 20:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy
[2014/01/22 19:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Fenoemcoatq
[2014/01/22 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Fixyexattivu
[2014/01/19 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Givyahciigs
[2010/03/04 22:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\gtk-2.0
[2014/01/22 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Guopqyvu
[2014/01/19 18:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Heinuxizaz
[2014/01/22 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Hiywlodu
[2014/01/19 20:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ihadasihze
[2014/01/19 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Imavikkiwool
[2013/10/15 17:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\iMobie
[2014/01/19 18:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Inlyenxe
[2014/01/19 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Itowevit
[2014/01/19 18:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw
[2014/01/22 19:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Kepeluoss
[2009/04/22 17:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Leadertech
[2014/01/19 20:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Lodixupyob
[2013/10/15 16:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\log
[2010/08/10 05:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\MAGIX
[2013/04/02 16:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\ML
[2014/01/22 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Muorduimfi
[2013/08/30 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\muvee Technologies
[2014/01/22 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod
[2013/07/15 09:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Nikon
[2014/01/22 19:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Niulxuic
[2010/04/22 21:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Nokia
[2014/01/22 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Okzuokerefta
[2014/01/22 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Oqorxoyty
[2012/02/26 19:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Oracle
[2014/01/19 22:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi
[2014/01/22 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ozravumu
[2010/09/28 17:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\PC Suite
[2013/09/08 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\PearlMountainSoft
[2013/09/11 17:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\PhotoCollageMax
[2010/08/15 15:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\proDAD
[2010/08/17 19:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Publish Providers
[2014/01/22 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Puovzyuggy
[2014/01/22 18:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Qosuguutf
[2014/01/22 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Quxyykiposy
[2014/01/19 20:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Riaranist
[2014/01/19 20:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Samsung
[2009/06/11 15:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Skinux
[2009/05/21 21:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\SlySoft
[2010/08/19 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Sony
[2013/10/16 18:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Syncios
[2011/11/12 15:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Temp
[2014/01/22 21:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Tipipuupti
[2014/01/22 19:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Tiuroroky
[2014/01/22 21:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Tygaanve
[2014/01/19 18:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi
[2014/01/19 20:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Uflyesena
[2014/01/19 20:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas
[2012/12/24 12:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ulead Systems
[2011/05/12 06:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\updatetool
[2014/01/19 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Usfiycnuut
[2014/01/22 18:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Uvpeevykw
[2014/01/19 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Vobuutvoom
[2009/04/24 05:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Windows Desktop Search
[2009/05/04 17:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Windows Search
[2010/03/02 23:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\WindSolutions
[2014/01/19 18:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom
[2014/01/22 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Yfrodabuot
[2014/01/22 21:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Ywdaunhef
[2014/01/22 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu
[2014/01/19 20:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy
[2014/01/22 21:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Zekeepehm
[2014/01/22 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Zioreroko
[2014/01/19 20:37:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Zisalufe
[2010/03/09 17:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stevie\Application Data\Zoner

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/24 18:03:43 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鋏朊唔6
[2013/11/24 12:03:40 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鋏朊唔6
[2013/11/19 16:50:07 | 105,044,098 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撗掬唔6
[2013/11/19 16:50:07 | 105,044,098 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撗掬唔6
[2013/11/16 18:52:28 | 104,637,397 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\竦唔6
[2013/11/15 18:57:25 | 104,637,397 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\竦唔6
[2013/11/05 09:04:31 | 105,017,276 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\␻唔6
[2013/11/05 09:04:31 | 105,017,276 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\␻唔6
[2013/10/22 13:13:13 | 102,329,055 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䝆啔6
[2013/10/22 13:13:13 | 102,329,055 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䝆啔6
[2013/10/15 17:30:07 | 101,187,668 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\佨ࣇ啔6
[2013/10/15 17:30:07 | 101,187,668 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\佨ࣇ啔6
[2013/10/12 08:02:32 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\閂迕啔6
[2013/10/12 08:02:32 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\閂迕啔6
[2013/09/22 16:36:24 | 098,597,466 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\綝ጐ啔6
[2013/09/22 16:36:24 | 098,597,466 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\綝ጐ啔6
[2013/09/17 05:27:20 | 097,922,994 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뀠榶啔6
[2013/09/16 17:30:15 | 097,922,994 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뀠榶啔6
[2013/09/06 19:38:08 | 096,462,459 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ⰶ䌼啔6
[2013/09/06 13:39:00 | 096,462,459 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ⰶ䌼啔6

< End of report >
OTL Extras logfile created on: 22/01/2014 21:50:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stevie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.85% Memory free
3.85 Gb Paging File | 2.61 Gb Available in Paging File | 67.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 12.33 Gb Free Space | 16.57% Space Free | Partition Type: NTFS

Computer Name: DELL360 | User Name: Stevie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\glassfish3\jdk\bin\java.exe" = C:\glassfish3\jdk\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Nero\KM\KwikMedia.exe" = C:\Program Files\Nero\KM\KwikMedia.exe:*:Enabled:Nero Kwik Media -- (Nero AG)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp
"{02A312B5-1542-47B6-BFE9-F51358C39E86}" = Epson Easy Photo Print 2
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{05C6B128-1B40-4495-9CB9-090B368BFA0A}" = Nero Video Samples
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1" = Syncios version 2.1.3
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{150D88F1-40AF-4678-A39D-BCE2332F34E5}" = Nero Abstract Themes
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}" = Nero Video Transitions 1
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}" = Nero Cliparts
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3383136B-4F86-4F05-8612-DD4BB16A1EAE}" = Roxio Central
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3828EC4B-D4B9-A742-4D81-9C0A3C72DF8A}" = CCC Help English
"{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1" = RescuePRO Deluxe 5.1.2.7
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41564952-412D-5637-4300-A758B70C0A00}" = Avira SearchFree Toolbar
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D25D881-7183-462F-95C8-990CA1944E0B}" = Nero PiP Effects 1
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E7AC009-5212-499F-942F-A5AA42AE359E}" = Nero 12 Content Pack
"{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}" = Nero Holiday and Sports Themes
"{51B055DD-A5F8-4D0C-A09C-66E58AD56F20}" = WD SmartWare
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{560FC78C-A4B2-461D-9B47-820C1EEF87B8}" = Nero 12
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 3.2.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}" = Nero Football (Soccer) Themes
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{81A917A1-DBA3-3639-53DA-B6E833D41A57}" = ccc-utility
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{82931CCC-65F4-5A50-57AD-AE6DF6B10929}" = Catalyst Control Center
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}" = Nero Retro Film Themes
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}" = Nero Platinum Effects 12
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955BF340-C379-4375-AA2F-F3BCB2A498AB}" = Nero Family and Events Themes
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0A087E5-149E-EC75-F45D-3A3C04344B4A}" = Catalyst Control Center Graphics Previews Common
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C05B5E9B-FE9D-48C7-9D7C-35DA238A9DE8}" = WD Software Upgrader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}" = Nero Image Samples
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE675FBD-75C3-45F1-B6AF-8D250861D536}" = Nero Disc Menus 3
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D58AFD19-6736-A938-154A-EABEA741D2CC}" = AMD Catalyst Install Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E25A469A-2E07-40F5-8B9E-C13B1358A431}" = calibre
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EEBF1676-AF87-4266-93D8-0C14A34C4217}" = Nero Disc Menus 1
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}" = Nero Disc Menus 2
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3ACM" = AC-3 ACM Codec
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON XP-205 207 Series" = EPSON XP-205 207 Series Printer Uninstall
"EPSON XP-205 207 Series Netg" = Network Guide EPSON XP-205 207 Series
"EPSON XP-205 207 Series Useg" = User's Guide EPSON XP-205 207 Series
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"PhotoCollageMax" = Photo Collage Max
"PowerISO" = PowerISO
"Revo Uninstaller" = Revo Uninstaller 1.95
"ShapeCollage" = Shape Collage
"TVEpaDrv" = Roxio Video Capture USB Driver
"VLC media player" = VLC media player 2.1.2
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"winusb0200" = Microsoft WinUsb 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZonerPhotoStudio12_EN_is1" = Zoner Photo Studio 12

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/12/2013 15:33:35 | Computer Name = DELL360 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/12/2013 16:22:37 | Computer Name = DELL360 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 11.1.3.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/12/2013 18:20:09 | Computer Name = DELL360 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 31/12/2013 19:14:06 | Computer Name = DELL360 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/01/2014 15:17:54 | Computer Name = DELL360 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 12.0.6680.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 05/01/2014 15:18:09 | Computer Name = DELL360 | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 13/01/2014 10:04:58 | Computer Name = DELL360 | Source = Application Hang | ID = 1002
Description = Hanging application PhotoshopElementsOrganizer.exe, version 7.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 14/01/2014 14:49:59 | Computer Name = DELL360 | Source = Application Hang | ID = 1002
Description = Hanging application lpgg3d33.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 14/01/2014 15:25:36 | Computer Name = DELL360 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module tfwah.dll, version 4.10.1.14, fault address 0x00002cd7.

Error - 19/01/2014 14:53:28 | Computer Name = DELL360 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

[ OSession Events ]
Error - 04/05/2009 18:17:06 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24911
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 11/06/2009 14:50:15 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8749
seconds with 540 seconds of active time. This session ended with a crash.

Error - 29/11/2009 04:44:56 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 102
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/05/2010 17:52:24 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 70
seconds with 60 seconds of active time. This session ended with a crash.

Error - 18/10/2010 13:36:35 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6215.1000. This session lasted 193
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/01/2011 15:50:38 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6215.1000. This session lasted 234
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/04/2012 12:06:42 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 124
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/04/2012 12:08:42 | Computer Name = DELL360 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/01/2014 16:32:28 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 19/01/2014 16:32:28 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7034
Description = The Adobe Active File Monitor V7 service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/01/2014 16:36:24 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 19/01/2014 16:36:25 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 19/01/2014 16:36:47 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 19/01/2014 16:36:48 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 22/01/2014 14:46:10 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 22/01/2014 14:46:10 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 22/01/2014 15:14:47 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 22/01/2014 15:14:47 | Computer Name = DELL360 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053


< End of report >
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
:welcome:

Seems to be infected with Zero Access.

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\$NtUninstallKB53386$
    C:\WINDOWS\assembly\Desktop.ini

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [RESETHOSTS]
    [EMPTYJAVA]
    [REBOOT]


  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.


Upon restart, follow these steps:

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • OTL should now start.

  • Under the Custom Scan box paste this in


    C:\Documents and Settings\Stevie\Application Data\Tiuroroky\*
    C:\Documents and Settings\Stevie\Application Data\Niulxuic\*
    C:\Documents and Settings\Stevie\Application Data\Kepeluoss\*
    C:\Documents and Settings\Stevie\Application Data\Uvpeevykw\*
    C:\Documents and Settings\Stevie\Application Data\Quxyykiposy\*
    C:\Documents and Settings\Stevie\Application Data\Guopqyvu\*
    C:\Documents and Settings\Stevie\Application Data\Yfrodabuot\*
    C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod\*
    C:\Documents and Settings\Stevie\Application Data\Hiywlodu\*
    C:\Documents and Settings\Stevie\Application Data\Zioreroko\*
    C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu\*
    C:\Documents and Settings\Stevie\Application Data\Puovzyuggy\*
    C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi\*
    C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid\*
    C:\Documents and Settings\Stevie\Application Data\Aqgowoidke\*
    C:\Documents and Settings\Stevie\Application Data\Uflyesena\*
    C:\Documents and Settings\Stevie\Application Data\Ozravumu\*
    C:\Documents and Settings\Stevie\Application Data\Ihadasihze\*
    C:\Documents and Settings\Stevie\Application Data\Zekeepehm\*
    C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas\*
    C:\Documents and Settings\Stevie\Application Data\Givyahciigs\*
    C:\Documents and Settings\Stevie\Application Data\Zisalufe\*
    C:\Documents and Settings\Stevie\Application Data\Tygaanve\*
    C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy\*
    C:\Documents and Settings\Stevie\Application Data\Riaranist\*
    C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa\*
    C:\Documents and Settings\Stevie\Application Data\Oqorxoyty\*
    C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy\*
    C:\Documents and Settings\Stevie\Application Data\Okzuokerefta\*
    C:\Documents and Settings\Stevie\Application Data\Lodixupyob\*
    C:\Documents and Settings\Stevie\Application Data\Itowevit\*
    C:\Documents and Settings\Stevie\Application Data\Usfiycnuut\*
    C:\Documents and Settings\Stevie\Application Data\Muorduimfi\*
    C:\Documents and Settings\Stevie\Application Data\Vobuutvoom\*
    C:\Documents and Settings\Stevie\Application Data\Tipipuupti\*
    C:\Documents and Settings\Stevie\Application Data\Imavikkiwool\*
    C:\Documents and Settings\Stevie\Application Data\Ywdaunhef\*
    C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw\*
    C:\Documents and Settings\Stevie\Application Data\Heinuxizaz\*
    C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom\*
    C:\Documents and Settings\Stevie\Application Data\Cuweonyn\*
    C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi\*
    C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi\*
    C:\Documents and Settings\Stevie\Application Data\Inlyenxe\*
    C:\Documents and Settings\Stevie\Application Data\Fixyexattivu\*
    C:\Documents and Settings\Stevie\Application Data\Qosuguutf\*
    C:\Documents and Settings\Stevie\Application Data\Fenoemcoatq\*
    C:\Documents and Settings\Stevie\Application Data\Daacxoyfu\*

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
  • Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.

  • 0

#3
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
All processes killed
========== FILES ==========
C:\WINDOWS\$NtUninstallKB53386$\1533309969\U folder moved successfully.
C:\WINDOWS\$NtUninstallKB53386$\1533309969\L folder moved successfully.
C:\WINDOWS\$NtUninstallKB53386$\1533309969 folder moved successfully.
Folder move failed. C:\WINDOWS\$NtUninstallKB53386$ scheduled to be moved on reboot.
C:\WINDOWS\assembly\Desktop.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Stevie
->Temp folder emptied: 130768655 bytes
->Temporary Internet Files folder emptied: 37261553 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 88576438 bytes
->Flash cache emptied: 4036 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95970410 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 19446 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 331071300 bytes

Total Files Cleaned = 652.00 mb

File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Stevie
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01232014_173424

Files\Folders moved on Reboot...
Folder move failed. C:\WINDOWS\$NtUninstallKB53386$ scheduled to be moved on reboot.
C:\Documents and Settings\Stevie\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF4440.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF445D.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF47BE.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF47DC.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF49A7.tmp not found!
File\Folder C:\Documents and Settings\Stevie\Local Settings\Temp\~DF49EF.tmp not found!
C:\Documents and Settings\Stevie\Local Settings\Temporary Internet Files\Content.IE5\ZMNMJ9PV\336634-trogan-trpswzbot15257[1].htm moved successfully.
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL logfile created on: 23/01/2014 17:43:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Stevie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.40% Memory free
3.85 Gb Paging File | 2.80 Gb Available in Paging File | 72.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.42 Gb Total Space | 12.77 Gb Free Space | 17.15% Space Free | Partition Type: NTFS

Computer Name: DELL360 | User Name: Stevie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/22 21:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
PRC - [2013/12/20 21:02:25 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/12/20 21:02:16 | 000,366,032 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
PRC - [2013/12/20 21:02:16 | 000,115,664 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
PRC - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013/12/09 11:37:19 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/12/09 11:37:18 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/10/30 03:16:32 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2013/10/16 20:09:30 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2012/11/07 23:37:11 | 006,756,048 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2010/01/14 23:08:13 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/09 11:37:21 | 000,394,808 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2010/11/02 07:33:58 | 000,886,272 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/12/20 21:02:25 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/12/09 11:37:21 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/09 11:37:19 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/12/09 11:37:18 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/10/30 03:16:32 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/10/16 20:09:30 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 20:54:20 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/07 23:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/09/17 05:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/12/11 23:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/08/01 09:11:38 | 001,091,984 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/08/01 09:11:36 | 001,592,208 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/08/01 09:11:32 | 000,263,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2010/01/14 23:08:13 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/10/24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/06/11 13:58:08 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Unknown (0) | Disabled | Unknown] -- System32\Drivers\TfKbMon.sys -- (TfKbMon)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - [2013/12/09 11:37:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/12/09 11:37:19 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/12/09 11:37:18 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/09 11:37:18 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/10/30 03:16:30 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/07 23:38:17 | 000,099,080 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2012/11/07 23:38:16 | 000,032,640 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/07 23:38:14 | 000,497,952 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/08/26 12:56:17 | 000,121,248 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/05/14 06:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/11/10 03:42:12 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/02/16 16:52:46 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2010/01/14 23:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 23:08:29 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/01/14 23:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/04 19:36:03 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/10/04 08:34:20 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2008/06/19 17:52:30 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k)
DRV - [2008/04/13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/03/28 10:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2008/03/06 18:42:14 | 000,530,944 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2007/08/07 00:15:07 | 000,033,052 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/07/20 17:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/26 04:42:16 | 000,045,696 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2007/03/20 10:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {BF6ECD4B-F767-45E8-8E28-2628ABD50234}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BF6ECD4B-F767-45E8-8E28-2628ABD50234}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2012/11/08 20:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions
[2012/11/08 20:32:57 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Documents and Settings\Stevie\Application Data\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2013/09/08 21:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Avira SearchFree Toolbar plus Web Protection = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm\30.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/30 23:04:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar) - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB (FixItClient Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1350221284562 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94A1732D-8D17-4CCA-B27F-9F22AC0E7875}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Documents and Settings\Stevie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\msnlnamespacemgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/21 22:02:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/23 17:34:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/22 21:49:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
[2014/01/22 21:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
[2014/01/22 19:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tiuroroky
[2014/01/22 19:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Niulxuic
[2014/01/22 19:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Kepeluoss
[2014/01/22 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Uvpeevykw
[2014/01/22 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Quxyykiposy
[2014/01/22 18:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Guopqyvu
[2014/01/22 18:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Yfrodabuot
[2014/01/22 18:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod
[2014/01/22 18:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Hiywlodu
[2014/01/22 18:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zioreroko
[2014/01/22 18:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu
[2014/01/22 18:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Puovzyuggy
[2014/01/19 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi
[2014/01/19 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid
[2014/01/19 22:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Aqgowoidke
[2014/01/19 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Uflyesena
[2014/01/19 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ozravumu
[2014/01/19 20:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ihadasihze
[2014/01/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zekeepehm
[2014/01/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas
[2014/01/19 20:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Givyahciigs
[2014/01/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zisalufe
[2014/01/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tygaanve
[2014/01/19 20:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy
[2014/01/19 20:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Riaranist
[2014/01/19 20:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa
[2014/01/19 20:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Oqorxoyty
[2014/01/19 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy
[2014/01/19 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Okzuokerefta
[2014/01/19 20:15:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Lodixupyob
[2014/01/19 20:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Itowevit
[2014/01/19 20:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Usfiycnuut
[2014/01/19 20:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Muorduimfi
[2014/01/19 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Vobuutvoom
[2014/01/19 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tipipuupti
[2014/01/19 19:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Imavikkiwool
[2014/01/19 19:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/19 18:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ywdaunhef
[2014/01/19 18:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw
[2014/01/19 18:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Heinuxizaz
[2014/01/19 18:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom
[2014/01/19 18:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Cuweonyn
[2014/01/19 18:42:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi
[2014/01/19 18:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi
[2014/01/19 18:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Inlyenxe
[2014/01/19 18:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Fixyexattivu
[2014/01/19 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Qosuguutf
[2014/01/19 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Fenoemcoatq
[2014/01/19 18:40:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Daacxoyfu
[2014/01/15 19:57:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stevie\Recent
[2014/01/15 19:31:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Local Settings\Application Data\AskPartnerNetwork
[2014/01/14 21:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Local Settings\Application Data\VNT
[2014/01/14 21:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\VNT
[2014/01/14 21:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork
[2014/01/14 21:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
[2014/01/14 21:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2014/01/14 21:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Application Data\Avira
[2014/01/14 21:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2014/01/14 21:03:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2014/01/14 21:03:49 | 000,135,648 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2014/01/14 21:03:49 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2014/01/14 21:03:48 | 000,090,400 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2014/01/14 19:29:59 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Stevie\Desktop\JRT.exe
[2014/01/14 18:58:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Stevie\Desktop\HijackThis.exe
[2014/01/13 22:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\lpgg3d33
[2014/01/04 23:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stevie\Local Settings\Application Data\Help

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2014/01/23 17:37:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/23 17:36:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/22 21:49:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stevie\Desktop\OTL.exe
[2014/01/22 21:38:30 | 003,809,280 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
[2014/01/22 19:37:35 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
[2014/01/22 19:37:01 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\SecurityCheck.exe
[2014/01/19 19:29:56 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/01/19 18:32:58 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/01/16 19:45:09 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/01/15 21:19:53 | 000,010,498 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2014/01/15 19:49:29 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/01/14 21:04:21 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/14 20:59:13 | 129,564,536 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\avira_free_antivirus_en.exe
[2014/01/14 19:30:03 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Stevie\Desktop\JRT.exe
[2014/01/14 19:19:57 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\AdwCleaner.exe
[2014/01/14 18:58:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Stevie\Desktop\HijackThis.exe
[2014/01/13 22:43:38 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\Stevie\Desktop\DivX Movies.lnk
[2014/01/13 22:43:21 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2014/01/13 22:42:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2014/01/05 20:35:29 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2014/01/05 20:11:22 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2014/01/05 05:01:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job
[2013/12/28 12:24:33 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\
[2014/01/22 21:38:30 | 003,809,280 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
[2014/01/22 19:36:59 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\SecurityCheck.exe
[2014/01/15 21:19:10 | 000,010,498 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lpm.dat
[2014/01/15 19:49:29 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/01/14 21:04:21 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2014/01/14 20:59:08 | 129,564,536 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\avira_free_antivirus_en.exe
[2014/01/14 19:19:54 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\AdwCleaner.exe
[2014/01/13 22:43:38 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\DivX Movies.lnk
[2014/01/13 22:43:21 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2014/01/13 22:42:52 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2014/01/13 15:59:02 | 005,155,573 | ---- | C] () -- C:\Documents and Settings\Stevie\Desktop\DSC_0384.jpg
[2013/12/28 12:24:33 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/10/16 21:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/08/18 13:46:35 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/04/30 17:25:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2013/04/30 17:20:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Spacious
[2013/04/30 17:20:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Sound Effects
[2013/04/30 17:20:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Space Choir
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Soundtrack
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Solid Colors
[2013/04/30 17:20:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Stevie\Application Data\Smooth Strings
[2013/04/30 17:20:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
[2013/04/30 17:20:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLes.DAT
[2013/03/17 21:02:58 | 002,586,514 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-963894560-682003330-1003-0.dat
[2013/03/10 19:54:20 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\E8FEA67A3C.sys
[2013/01/20 13:03:38 | 000,564,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/10/22 18:50:11 | 000,303,104 | ---- | C] () -- C:\WINDOWS\emunist.exe
[2012/10/22 18:50:10 | 000,001,588 | ---- | C] () -- C:\WINDOWS\TVEpaDrv.ini
[2012/10/22 17:57:51 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012/02/19 14:53:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/02 20:46:31 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Stevie\.asadminpass
[2011/01/03 12:22:49 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPod Access v4 Prefs
[2011/01/03 12:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccessv4_OwnerName
[2011/01/03 12:21:24 | 000,000,052 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\iPodAccessv4_OwnerName
[2011/01/03 12:19:41 | 000,000,009 | -H-- | C] () -- C:\Documents and Settings\Stevie\Application Data\iPodAccess_Time
[2010/11/03 16:51:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2010/09/30 21:37:43 | 001,014,870 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\[j0012]-[p01].bmp
[2010/08/25 13:56:52 | 000,005,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/03/04 22:41:26 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Stevie\.recently-used.xbel
[2010/02/02 19:23:52 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Stevie\Application Data\$_hpcst$.hpc
[2009/10/04 08:44:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/05/02 09:29:56 | 000,000,249 | ---- | C] () -- C:\Documents and Settings\Stevie\default.pls
[2009/05/01 15:42:20 | 000,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/04/22 17:49:15 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/02 23:04:03 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< C:\Documents and Settings\Stevie\Application Data\Tiuroroky\* >
[2014/01/22 19:07:54 | 000,002,090 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Tiuroroky\tagaexebuna.uny

< C:\Documents and Settings\Stevie\Application Data\Niulxuic\* >
[2012/12/09 13:15:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Niulxuic\woorgulonua.geo

< C:\Documents and Settings\Stevie\Application Data\Kepeluoss\* >
[2011/11/08 15:54:22 | 000,305,159 | ---- | M] (RoseCitySoftware) -- C:\Documents and Settings\Stevie\Application Data\Kepeluoss\oqivypmiuz.exe

< C:\Documents and Settings\Stevie\Application Data\Uvpeevykw\* >
[2013/12/21 12:50:52 | 000,305,159 | ---- | M] (RoseCitySoftware) -- C:\Documents and Settings\Stevie\Application Data\Uvpeevykw\ypycgiuw.exe

< C:\Documents and Settings\Stevie\Application Data\Quxyykiposy\* >
[2012/08/10 03:15:27 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Quxyykiposy\myxaosriby.ziu

< C:\Documents and Settings\Stevie\Application Data\Guopqyvu\* >
[2010/05/18 04:18:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Guopqyvu\ypbaweihva.rud

< C:\Documents and Settings\Stevie\Application Data\Yfrodabuot\* >
[2009/10/16 17:45:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Yfrodabuot\fuvyimvo.hil

< C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod\* >
[2010/11/09 05:31:22 | 000,305,159 | ---- | M] (RoseCitySoftware) -- C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod\ywetmevy.exe

< C:\Documents and Settings\Stevie\Application Data\Hiywlodu\* >
[2011/07/19 03:14:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Hiywlodu\ixvixoehyfg.viu

< C:\Documents and Settings\Stevie\Application Data\Zioreroko\* >
[2009/06/21 06:19:19 | 000,305,159 | ---- | M] (RoseCitySoftware) -- C:\Documents and Settings\Stevie\Application Data\Zioreroko\yzadwubau.exe

< C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu\* >
[2010/12/26 12:53:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu\doivukaze.omn

< C:\Documents and Settings\Stevie\Application Data\Puovzyuggy\* >
[2011/06/05 01:04:28 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Puovzyuggy\axgegyupoti.pan

< C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi\* >
[2010/04/22 13:41:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi\abybfazib.ude

< C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid\* >
[2012/05/06 02:04:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid\guosnuyww.ciu

< C:\Documents and Settings\Stevie\Application Data\Aqgowoidke\* >

< C:\Documents and Settings\Stevie\Application Data\Uflyesena\* >
[2009/07/25 22:10:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Uflyesena\ytzuidtexue.uvo

< C:\Documents and Settings\Stevie\Application Data\Ozravumu\* >

< C:\Documents and Settings\Stevie\Application Data\Ihadasihze\* >
[2009/08/31 19:30:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Ihadasihze\odtaquvov.wie

< C:\Documents and Settings\Stevie\Application Data\Zekeepehm\* >

< C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas\* >
[2013/09/05 23:54:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas\imuvorkyomy.ciw

< C:\Documents and Settings\Stevie\Application Data\Givyahciigs\* >
[2011/08/30 22:25:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Givyahciigs\egbiohac.dyw

< C:\Documents and Settings\Stevie\Application Data\Zisalufe\* >
[2009/10/08 00:30:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Zisalufe\fizaywusar.yhy

< C:\Documents and Settings\Stevie\Application Data\Tygaanve\* >

< C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy\* >
[2013/12/11 08:30:53 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy\ywybpeumh.uhc

< C:\Documents and Settings\Stevie\Application Data\Riaranist\* >
[2009/08/25 16:08:24 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Riaranist\leaxigbeu.nar

< C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa\* >
[2010/09/15 13:08:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa\caimguxoz.dao

< C:\Documents and Settings\Stevie\Application Data\Oqorxoyty\* >

< C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy\* >
[2010/10/07 02:59:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy\ylemzoqeufg.eku

< C:\Documents and Settings\Stevie\Application Data\Okzuokerefta\* >

< C:\Documents and Settings\Stevie\Application Data\Lodixupyob\* >
[2010/05/18 01:53:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Lodixupyob\orufiluzx.uzu

< C:\Documents and Settings\Stevie\Application Data\Itowevit\* >
[2014/01/01 03:28:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Itowevit\ysyditcuot.gad

< C:\Documents and Settings\Stevie\Application Data\Usfiycnuut\* >
[2012/02/13 17:01:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Usfiycnuut\raylytqup.leq

< C:\Documents and Settings\Stevie\Application Data\Muorduimfi\* >

< C:\Documents and Settings\Stevie\Application Data\Vobuutvoom\* >
[2012/06/18 10:50:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Vobuutvoom\canyzodece.ywn

< C:\Documents and Settings\Stevie\Application Data\Tipipuupti\* >

< C:\Documents and Settings\Stevie\Application Data\Imavikkiwool\* >
[2013/07/29 02:45:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Imavikkiwool\qypyaxib.epw

< C:\Documents and Settings\Stevie\Application Data\Ywdaunhef\* >

< C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw\* >
[2011/06/27 14:44:17 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw\efamdaubm.ydi

< C:\Documents and Settings\Stevie\Application Data\Heinuxizaz\* >
[2011/03/12 17:29:11 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Heinuxizaz\ebmyqewoil.zyi

< C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom\* >
[2010/05/27 06:48:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom\moymelviip.evi

< C:\Documents and Settings\Stevie\Application Data\Cuweonyn\* >

< C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi\* >
[2013/09/30 08:54:46 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi\cigiowetw.hoh

< C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi\* >
[2009/12/13 00:49:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi\fuliacba.itu

< C:\Documents and Settings\Stevie\Application Data\Inlyenxe\* >
[2012/05/08 22:00:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Inlyenxe\duqapeovl.avq

< C:\Documents and Settings\Stevie\Application Data\Fixyexattivu\* >

< C:\Documents and Settings\Stevie\Application Data\Qosuguutf\* >

< C:\Documents and Settings\Stevie\Application Data\Fenoemcoatq\* >

< C:\Documents and Settings\Stevie\Application Data\Daacxoyfu\* >
[2014/01/19 18:40:56 | 000,224,889 | ---- | M] () -- C:\Documents and Settings\Stevie\Application Data\Daacxoyfu\fobucayc.ipn

========== Files - Unicode (All) ==========
[2013/11/24 18:03:43 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鋏朊唔6
[2013/11/24 12:03:40 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鋏朊唔6
[2013/11/19 16:50:07 | 105,044,098 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撗掬唔6
[2013/11/19 16:50:07 | 105,044,098 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撗掬唔6
[2013/11/16 18:52:28 | 104,637,397 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\竦唔6
[2013/11/15 18:57:25 | 104,637,397 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\竦唔6
[2013/11/05 09:04:31 | 105,017,276 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\␻唔6
[2013/11/05 09:04:31 | 105,017,276 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\␻唔6
[2013/10/22 13:13:13 | 102,329,055 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䝆啔6
[2013/10/22 13:13:13 | 102,329,055 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䝆啔6
[2013/10/15 17:30:07 | 101,187,668 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\佨ࣇ啔6
[2013/10/15 17:30:07 | 101,187,668 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\佨ࣇ啔6
[2013/10/12 08:02:32 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\閂迕啔6
[2013/10/12 08:02:32 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\閂迕啔6
[2013/09/22 16:36:24 | 098,597,466 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\綝ጐ啔6
[2013/09/22 16:36:24 | 098,597,466 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\綝ጐ啔6
[2013/09/17 05:27:20 | 097,922,994 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뀠榶啔6
[2013/09/16 17:30:15 | 097,922,994 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뀠榶啔6
[2013/09/06 19:38:08 | 096,462,459 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ⰶ䌼啔6
[2013/09/06 13:39:00 | 096,462,459 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ⰶ䌼啔6

< End of report >
Cant see an OTL extras document
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Hi, Steviep :)

Please download the Suspicious File Packer from Here. Extract its contents to the desktop. Open the SFP folder on your desktop and run the SFP.EXE file.

Copy and Paste the following bold locations into the Suspicious File Packer window:

C:\Documents and Settings\Stevie\Application Data\Tiuroroky\tagaexebuna.uny
C:\Documents and Settings\Stevie\Application Data\Kepeluoss\oqivypmiuz.exe
C:\Documents and Settings\Stevie\Application Data\Uvpeevykw\ypycgiuw.exe


Click on Continue to allow SFP to pack the file. This will generate a CAB archive on your desktop.

Click Here to upload the created CAB archive.

If successful, then follow these steps:

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the entire content of the quote box (except the word quote) below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    [2013/11/24 18:03:43 | 105,952,601 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鋏朊唔6
    [2013/11/24 12:03:40 | 105,952,601 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\鋏朊唔6
    [2013/11/19 16:50:07 | 105,044,098 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撗掬唔6
    [2013/11/19 16:50:07 | 105,044,098 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\撗掬唔6
    [2013/11/16 18:52:28 | 104,637,397 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\竦唔6
    [2013/11/15 18:57:25 | 104,637,397 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\竦唔6
    [2013/11/05 09:04:31 | 105,017,276 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\␻唔6
    [2013/11/05 09:04:31 | 105,017,276 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\␻唔6
    [2013/10/22 13:13:13 | 102,329,055 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䝆啔6
    [2013/10/22 13:13:13 | 102,329,055 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䝆啔6
    [2013/10/15 17:30:07 | 101,187,668 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\佨ࣇ啔6
    [2013/10/15 17:30:07 | 101,187,668 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\佨ࣇ啔6
    [2013/10/12 08:02:32 | 100,595,853 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\閂迕啔6
    [2013/10/12 08:02:32 | 100,595,853 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\閂迕啔6
    [2013/09/22 16:36:24 | 098,597,466 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\綝ጐ啔6
    [2013/09/22 16:36:24 | 098,597,466 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\綝ጐ啔6
    [2013/09/17 05:27:20 | 097,922,994 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뀠榶啔6
    [2013/09/16 17:30:15 | 097,922,994 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\뀠榶啔6
    [2013/09/06 19:38:08 | 096,462,459 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ⰶ䌼啔6
    [2013/09/06 13:39:00 | 096,462,459 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\Ⰶ䌼啔6

    :files
    C:\Documents and Settings\Stevie\Application Data\Tiuroroky
    C:\Documents and Settings\Stevie\Application Data\Niulxuic
    C:\Documents and Settings\Stevie\Application Data\Kepeluoss
    C:\Documents and Settings\Stevie\Application Data\Uvpeevykw
    C:\Documents and Settings\Stevie\Application Data\Quxyykiposy
    C:\Documents and Settings\Stevie\Application Data\Guopqyvu
    C:\Documents and Settings\Stevie\Application Data\Yfrodabuot
    C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod
    C:\Documents and Settings\Stevie\Application Data\Hiywlodu
    C:\Documents and Settings\Stevie\Application Data\Zioreroko
    C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu
    C:\Documents and Settings\Stevie\Application Data\Puovzyuggy
    C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi
    C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid
    C:\Documents and Settings\Stevie\Application Data\Aqgowoidke
    C:\Documents and Settings\Stevie\Application Data\Uflyesena
    C:\Documents and Settings\Stevie\Application Data\Ozravumu
    C:\Documents and Settings\Stevie\Application Data\Ihadasihze
    C:\Documents and Settings\Stevie\Application Data\Zekeepehm
    C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas
    C:\Documents and Settings\Stevie\Application Data\Givyahciigs
    C:\Documents and Settings\Stevie\Application Data\Zisalufe
    C:\Documents and Settings\Stevie\Application Data\Tygaanve
    C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy
    C:\Documents and Settings\Stevie\Application Data\Riaranist
    C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa
    C:\Documents and Settings\Stevie\Application Data\Oqorxoyty
    C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy
    C:\Documents and Settings\Stevie\Application Data\Okzuokerefta
    C:\Documents and Settings\Stevie\Application Data\Lodixupyob
    C:\Documents and Settings\Stevie\Application Data\Itowevit
    C:\Documents and Settings\Stevie\Application Data\Usfiycnuut
    C:\Documents and Settings\Stevie\Application Data\Muorduimfi
    C:\Documents and Settings\Stevie\Application Data\Vobuutvoom
    C:\Documents and Settings\Stevie\Application Data\Tipipuupti
    C:\Documents and Settings\Stevie\Application Data\Imavikkiwool
    C:\Documents and Settings\Stevie\Application Data\Ywdaunhef
    C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw
    C:\Documents and Settings\Stevie\Application Data\Heinuxizaz
    C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom
    C:\Documents and Settings\Stevie\Application Data\Cuweonyn
    C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi
    C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi
    C:\Documents and Settings\Stevie\Application Data\Inlyenxe
    C:\Documents and Settings\Stevie\Application Data\Fixyexattivu
    C:\Documents and Settings\Stevie\Application Data\Qosuguutf
    C:\Documents and Settings\Stevie\Application Data\Fenoemcoatq
    C:\Documents and Settings\Stevie\Application Data\Daacxoyfu

    :Commands
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Upon restart, follow these steps:

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#5
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi, uploaded the SFP file as requested

========== OTL ==========
C:\WINDOWS\system32\鋏朊唔6 moved successfully.
File C:\WINDOWS\System32\鋏朊唔6 not found.
C:\WINDOWS\system32\撗掬唔6 moved successfully.
File C:\WINDOWS\System32\撗掬唔6 not found.
C:\WINDOWS\system32\竦唔6 moved successfully.
File C:\WINDOWS\System32\竦唔6 not found.
C:\WINDOWS\system32\␻唔6 moved successfully.
File C:\WINDOWS\System32\␻唔6 not found.
C:\WINDOWS\system32\䝆啔6 moved successfully.
File C:\WINDOWS\System32\䝆啔6 not found.
C:\WINDOWS\system32\佨ࣇ啔6 moved successfully.
File C:\WINDOWS\System32\佨ࣇ啔6 not found.
C:\WINDOWS\system32\閂迕啔6 moved successfully.
File C:\WINDOWS\System32\閂迕啔6 not found.
C:\WINDOWS\system32\綝ጐ啔6 moved successfully.
File C:\WINDOWS\System32\綝ጐ啔6 not found.
C:\WINDOWS\system32\뀠榶啔6 moved successfully.
File C:\WINDOWS\System32\뀠榶啔6 not found.
C:\WINDOWS\system32\Ⰶ䌼啔6 moved successfully.
File C:\WINDOWS\System32\Ⰶ䌼啔6 not found.
========== FILES ==========
C:\Documents and Settings\Stevie\Application Data\Tiuroroky folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Niulxuic folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Kepeluoss folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Uvpeevykw folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Quxyykiposy folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Guopqyvu folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Yfrodabuot folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Nedyybnuxod folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Hiywlodu folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Zioreroko folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Zaanugmoidbu folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Puovzyuggy folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Ozowurfipoi folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Boaqyqruefid folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Aqgowoidke folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Uflyesena folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Ozravumu folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Ihadasihze folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Zekeepehm folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Uhfuyxydas folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Givyahciigs folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Zisalufe folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Tygaanve folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Fekyuzzyy folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Riaranist folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Dyhaovtaa folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Oqorxoyty folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Zeciihupasfy folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Okzuokerefta folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Lodixupyob folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Itowevit folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Usfiycnuut folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Muorduimfi folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Vobuutvoom folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Tipipuupti folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Imavikkiwool folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Ywdaunhef folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Ixsiygihkeaw folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Heinuxizaz folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Ydeleviwrom folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Cuweonyn folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Ahhyyhodi folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Tygobuyzpi folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Inlyenxe folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Fixyexattivu folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Qosuguutf folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Fenoemcoatq folder moved successfully.
C:\Documents and Settings\Stevie\Application Data\Daacxoyfu folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 01232014_221439


# AdwCleaner v3.017 - Report created 23/01/2014 at 22:25:30
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Stevie - DELL360
# Running from : C:\Documents and Settings\Stevie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v32.0.1700.76

[ File : C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R2].txt - [827 octets] - [02/11/2013 20:03:37]
AdwCleaner[R3].txt - [2027 octets] - [14/01/2014 19:20:14]
AdwCleaner[R4].txt - [1049 octets] - [19/01/2014 20:29:14]
AdwCleaner[R5].txt - [1170 octets] - [23/01/2014 22:24:22]
AdwCleaner[S2].txt - [887 octets] - [02/11/2013 20:05:30]
AdwCleaner[S3].txt - [2134 octets] - [14/01/2014 19:21:42]
AdwCleaner[S4].txt - [1111 octets] - [19/01/2014 20:32:28]
AdwCleaner[S5].txt - [1092 octets] - [23/01/2014 22:25:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1152 octets] ##########
  • 0

#6
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-01-2014 02
Ran by Stevie at 2014-01-23 22:35:30
Running from C:\Documents and Settings\Stevie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall (Disabled) {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (Version: 9.00.631.5823 - ABBYY)
ABBYY FineReader 9.0 Sprint (Version: 9.00.631.5823 - ABBYY) Hidden
AC-3 ACM Codec (Version: - )
Acrobat.com (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Community Help (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 11 (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 7.0 (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (Version: 7.0.0.3 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.04) (Version: 11.0.04 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AnyDVD (Version: 7.1.3.0 - SlySoft)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Avira SearchFree Toolbar (Version: 12.10.0.2951 - APN, LLC)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (Version: 11.21.01 - Broadcom Corporation)
calibre (Version: 1.16.0 - Kovid Goyal)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2011.1109.2145.39010 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2011.1109.2146.39010 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.09 - Piriform)
CCScore (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
CloneDVD2 (Version: 2.9.3.0 - Elaborate Bytes)
CloneDVDmobile (Version: 1.9.0.1 - SlySoft)
COMODO Internet Security (Version: 5.4.58750.1355 - COMODO Security Solutions Inc.)
Contents (Version: 1.6.2.36 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (Version: 1.6.2.36 - Corel Corporation)
Critical Update for Windows Media Player 11 (KB959772) (Version: - Microsoft Corporation)
Dell Resource CD (Version: 1.00.0000 - Dell Inc.)
DeviceIO (Version: 1.6.2.36 - Corel Corporation) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version: - DivX, Inc.)
DivX Setup (Version: 2.6.1.90 - DivX, LLC)
DivX Version Checker (Version: 7.1.0.9 - DivX, Inc.)
Elements 11 Organizer (Version: 11.0 - Adobe Systems Incorporated) Hidden
Epson Easy Photo Print 2 (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (Version: - Seiko Epson Corporation)
EPSON XP-205 207 Series Printer Uninstall (Version: - SEIKO EPSON Corporation)
EpsonNet Print (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESSBrwr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
FileHippo.com Update Checker (Version: - )
Free FLAC to MP3 Converter 1.0 (Version: - PolySoft Solutions)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Earth Pro (Version: 4.2.180.1134 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
ICA (Version: 1.6.2.36 - Corel Corporation) Hidden
Intel® Graphics Media Accelerator Driver (Version: - Intel Corporation)
IPM_VS_Pro (Version: 13.0 - Corel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 4.7.5 (Full) (Version: 4.7.5 - )
KODAK EASYSHARE Gallery Upload ActiveX Control (Version: - )
LightScribe 1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WinUsb 2.0 (Version: - Microsoft Corporation)
Microsoft WSE 3.0 (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MLE (Version: 1.0.0.23 - Corel Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDefrag v4.3.1 (Version: 4.0.0.0 - J.C. Kessels)
Nero 12 (Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (Version: 12.0.00400 - Nero AG)
Nero Abstract Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Audio Pack 1 (Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (Version: 12.0.2001 - Nero AG) Hidden
Nero BackItUp Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (Version: 12.0.14300 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (Version: 12.0.4000 - Nero AG) Hidden
Nero Burning ROM (Version: 12.0.20000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero Cliparts (Version: 12.0.11500 - Nero AG) Hidden
Nero ControlCenter (Version: 11.0.15200 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.18100 - Nero AG) Hidden
Nero Disc Menus 1 (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 2 (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus 3 (Version: 12.0.11500 - Nero AG) Hidden
Nero Disc Menus Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero Express (Version: 12.0.20000 - Nero AG) Hidden
Nero Express Help (CHM) (Version: 12.0.5000 - Nero AG) Hidden
Nero Family and Events Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Football (Soccer) Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Holiday and Sports Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero Image Samples (Version: 12.0.11500 - Nero AG) Hidden
Nero Kwik Media (Version: 1.18.18200 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects 1 (Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (Version: 12.0.11500 - Nero AG) Hidden
Nero Platinum Effects 12 (Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (Version: 12.0.24000 - Nero AG) Hidden
Nero Recode Help (CHM) (Version: 12.0.4000 - Nero AG) Hidden
Nero RescueAgent (Version: 12.0.9000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (Version: 12.0.3000 - Nero AG) Hidden
Nero Retro Film Themes (Version: 12.0.11500 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (Version: 12.0.3000 - Nero AG) Hidden
Nero Video Help (CHM) (Version: 12.0.4000 - Nero AG) Hidden
Nero Video Samples (Version: 12.0.11500 - Nero AG) Hidden
Nero Video Transitions 1 (Version: 12.0.11500 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
netbrdg (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Network Guide EPSON XP-205 207 Series (Version: - )
Nikon Message Center 2 (Version: 2.0.1 - Nikon)
OfotoXMI (Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Photo Collage Max (Version: 2.2.2.8 - )
Picture Collage Maker Pro 3.2.0 (Version: - PearlMountain Technology Co., Ltd)
Picture Control Utility (Version: 1.2.2 - Nikon)
PMB (Version: 5.2.00.03250 - Sony Corporation)
PowerISO (Version: - )
Prerequisite installer (Version: 12.0.0002 - Nero AG) Hidden
PSE11 STI Installer (Version: 11.0 - Adobe Systems Incorporated) Hidden
PureHD (Version: 1.6.2.36 - Corel Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RescuePRO Deluxe 5.1.2.7 (Version: 5.1.2.7 - LC Technology International, Inc.)
Revo Uninstaller 1.95 (Version: 1.95 - VS Revo Group)
Roxio Central (Version: 4.5.0 - Roxio) Hidden
Roxio Video Capture USB Driver (Version: - )
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SES Driver (Version: 1.0.0 - Western Digital)
Setup (Version: 1.6.2.36 - Corel Corporation) Hidden
Shape Collage (Version: - Shape Collage Inc.)
Share (Version: 1.6.2.36 - Corel Corporation) Hidden
SHASTA (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SmartSound Quicktracks 5 (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SoundMAX (Version: 5.10.01.7255 - Analog Devices)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Spybot - Search & Destroy (Version: 2.0.12 - Safer-Networking Ltd.)
staticcr (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Syncios version 2.1.3 (Version: 2.1.3 - Anvsoft, Inc.)
The Lord of the Rings FREE Trial (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
ThreatFire (Version: - PC Tools)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version: - Microsoft)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
User's Guide EPSON XP-205 207 Series (Version: - )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
ViewNX 2 (Version: 2.1.2 - Nikon)
VIO (Version: 1.6.2.36 - Corel Corporation) Hidden
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
VPRINTOL (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
VSClassic (Version: 1.6.2.36 - Corel Corporation) Hidden
VSPro (Version: 1.6.2.36 - Corel Corporation) Hidden
WD SmartWare (Version: 1.5.1 - Western Digital)
WD Software Upgrader (Version: 1.5.1 - Western Digital)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Welcome App (Start-up experience) (Version: 12.0.14000 - Nero AG) Hidden
WinAVI Video Converter (Version: - ZJ Computing, Inc.)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Sign-in Assistant (Version: 5.000.818.5 - Microsoft Corporation)
Windows Media Encoder 9 Series (Version: - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (Version: - )
Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
Windows Media Player 11 (Version: - )
Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH)
WIRELESS (Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Xvid 1.2.2 final uninstall (Version: 1.2 - Xvid team (Koepi))
Zoner Photo Studio 12 (Version: 12.0.1.7 - ZONER software)

==================== Restore Points =========================

14-01-2014 18:52:07 Revo Uninstaller's restore point - Security Update for Windows Search 4 - KB963093
14-01-2014 21:00:10 Revo Uninstaller's restore point - Download Navigator
14-01-2014 21:00:22 Removed Download Navigator
16-01-2014 19:03:33 System Checkpoint
19-01-2014 20:01:27 Revo Uninstaller's restore point - SAMSUNG USB Driver for Mobile Phones
19-01-2014 20:05:59 Removed Samsung New PC Studio
22-01-2014 21:45:13 Revo Uninstaller's restore point - µTorrent

==================== Hosts content: ==========================

2008-04-14 12:00 - 2013-10-30 23:04 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DELL360-Stevie.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1cd685145978ed4.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job => ?
Task: C:\WINDOWS\Tasks\MyDefrag v4.3.1 Monthly.job => ?
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-01-14 21:03 - 2013-12-09 11:37 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-18 09:43 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-03-18 09:43 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-03-18 09:43 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-03-18 09:43 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-03-18 09:43 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2010-11-02 07:33 - 2010-11-02 07:33 - 00886272 _____ () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS\$NtUninstallKB53386$:SummaryInformation

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2014 06:53:28 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.
Processing media-specific event for [explorer.exe!ws!]

Error: (01/14/2014 07:25:36 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module tfwah.dll, version 4.10.1.14, fault address 0x00002cd7.
Processing media-specific event for [iexplore.exe!ws!]

Error: (01/14/2014 06:49:59 PM) (Source: Application Hang) (User: )
Description: Hanging application lpgg3d33.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/13/2014 02:04:58 PM) (Source: Application Hang) (User: )
Description: Hanging application PhotoshopElementsOrganizer.exe, version 7.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (01/05/2014 07:18:09 PM) (Source: Microsoft Office 12) (User: )
Description: Accepted Safe Mode action : Microsoft Office Outlook.

Error: (01/05/2014 07:17:54 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6680.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/31/2013 11:14:06 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/30/2013 10:20:09 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/29/2013 08:22:37 PM) (Source: Application Hang) (User: )
Description: Hanging application iTunes.exe, version 11.1.3.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/29/2013 07:33:35 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/23/2014 10:28:49 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (01/23/2014 10:28:49 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (01/23/2014 10:25:31 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).

Error: (01/23/2014 10:25:31 PM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/23/2014 10:25:30 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/23/2014 10:25:30 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (01/23/2014 10:25:30 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/23/2014 10:25:30 PM) (Source: Service Control Manager) (User: )
Description: The WDDMService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/23/2014 10:25:30 PM) (Source: Service Control Manager) (User: )
Description: The WDFMEService service terminated unexpectedly. It has done this 1 time(s).

Error: (01/23/2014 10:25:30 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (04/12/2012 04:08:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/12/2012 04:06:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 124 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/25/2011 07:50:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6215.1000. This session lasted 234 seconds with 120 seconds of active time. This session ended with a crash.

Error: (10/18/2010 05:36:35 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6535.5005, Microsoft Office Version: 12.0.6215.1000. This session lasted 193 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/18/2010 09:52:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 70 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/29/2009 08:44:56 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 102 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/11/2009 06:50:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8749 seconds with 540 seconds of active time. This session ended with a crash.

Error: (05/04/2009 10:17:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 24911 seconds with 1260 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 2045.89 MB
Available physical RAM: 955.5 MB
Total Pagefile: 3937.7 MB
Available Pagefile: 2802.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.42 GB) (Free:12.84 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
Partition 2: (Active) - (Size=74 GB) - (Type=07 NTFS)

==================== End Of Log ============================Attached File  Addition.txt   31.47KB   76 downloads
  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
You posted and attached the same report. Post the FRST.txt log.
  • 0

#8
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Sorry

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-01-2014 02
Ran by Stevie (administrator) on DELL360 on 23-01-2014 22:34:46
Running from C:\Documents and Settings\Stevie\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(ABBYY) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\escsvc.exe
(Teruten) C:\WINDOWS\system32\FsUsbExService.Exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(PC Tools) C:\Program Files\ThreatFire\TFService.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\Toolbar.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6756048 2012-11-07] (COMODO)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-09] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {BF6ECD4B-F767-45E8-8E28-2628ABD50234} URL = https://www.google.c...q={searchTerms}
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll (APN LLC.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1240353057735
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Power Video Converter\msdxm.ocx (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\msnlnamespacemgr.dll [304128 2008-05-26] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Chrome:
=======
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Docs) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-31]
CHR Extension: (Google Drive) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-31]
CHR Extension: (YouTube) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-31]
CHR Extension: (Google Search) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-31]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-31]
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm [2014-01-15]
CHR Extension: (Gmail) - C:\Documents and Settings\Stevie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-31]
CHR HKLM\...\Chrome\Extension: [pcoohmdcpejoeggdnihdfhohjgdbllgm] - C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx [2013-12-20]

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AdobeActiveFileMonitor11.0; C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1990464 2012-11-07] (COMODO)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S2 gupdate1c9c4557151c6be; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-04-23] (Google Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-10-16] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 ThreatFire; C:\Program Files\ThreatFire\TFService.exe [70928 2010-01-14] (PC Tools)

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121248 2012-08-26] (SlySoft, Inc.)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdXP3.sys [103040 2012-05-14] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-09] (Avira Operations GmbH & Co. KG)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [497952 2012-11-07] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [32640 2012-11-07] (COMODO)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [37344 2013-10-30] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [99080 2012-11-07] (COMODO)
R3 k57w2k; C:\Windows\System32\DRIVERS\k57xp32.sys [176640 2008-06-19] (Broadcom Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [28672 2007-03-20] (http://libusb-win32.sourceforge.net)
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [46096 2012-08-10] (Corel Corporation)
R0 SFAUDIO; C:\Windows\System32\drivers\sfaudio.sys [24064 2008-03-28] (Sonic Focus, Inc)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-11-04] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-12-09] (Avira GmbH)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2009-10-04] ()
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [51984 2010-01-14] (PC Tools)
U4 TfKbMon;
R3 TfNetMon; C:\WINDOWS\system32\drivers\TfNetMon.sys [33552 2010-01-14] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [59664 2010-01-14] (PC Tools)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [530944 2008-03-06] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [45696 2007-04-26] (eMPIA Technology, Inc.)
S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)
S4 cerc6; No ImagePath
S4 IntelIde; No ImagePath
S4 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

Error(0) reading file: "C:\WINDOWS\system32\ "
2014-01-23 22:34 - 2014-01-23 22:35 - 00015323 _____ C:\Documents and Settings\Stevie\Desktop\FRST.txt
2014-01-23 22:34 - 2014-01-23 22:34 - 01222144 _____ (Farbar) C:\Documents and Settings\Stevie\Desktop\FRST.exe
2014-01-23 22:34 - 2014-01-23 22:34 - 00000000 ____D C:\FRST
2014-01-23 22:23 - 2014-01-23 22:23 - 01236282 _____ C:\Documents and Settings\Stevie\Desktop\AdwCleaner.exe
2014-01-23 22:12 - 2014-01-23 22:12 - 00524760 _____ C:\Documents and Settings\Stevie\Desktop\requested-files[2014-01-23_22_12].cab
2014-01-23 22:12 - 2005-07-20 11:32 - 00518656 _____ (Safer Networking Limited) C:\Documents and Settings\Stevie\Desktop\sfp.exe
2014-01-23 22:11 - 2014-01-23 22:11 - 00264875 _____ C:\Documents and Settings\Stevie\Desktop\sfp.zip
2014-01-23 17:34 - 2014-01-23 17:34 - 00000000 ____D C:\_OTL
2014-01-22 21:49 - 2014-01-22 21:49 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-01-22 21:42 - 2014-01-22 21:42 - 00003386 _____ C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_01222014_214207.txt
2014-01-22 21:41 - 2014-01-22 21:41 - 00003626 _____ C:\Documents and Settings\Stevie\Desktop\RKreport[0]_D_01222014_214101.txt
2014-01-22 21:40 - 2014-01-22 21:40 - 00003578 _____ C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_01222014_214032.txt
2014-01-22 21:38 - 2014-01-22 21:42 - 00000000 ____D C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-01-22 21:38 - 2014-01-22 21:38 - 03809280 _____ C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-01-22 19:36 - 2014-01-22 19:37 - 00987425 _____ C:\Documents and Settings\Stevie\Desktop\SecurityCheck.exe
2014-01-19 19:29 - 2014-01-19 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-19 19:21 - 2014-01-19 20:01 - 00004382 _____ C:\WINDOWS\setupapi.log
2014-01-15 21:19 - 2014-01-15 21:19 - 00010498 _____ C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-01-15 20:03 - 2014-01-23 22:26 - 00010711 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-15 19:49 - 2014-01-15 19:49 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-01-15 19:31 - 2014-01-15 19:31 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\AskPartnerNetwork
2014-01-14 21:08 - 2014-01-14 21:08 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\VNT
2014-01-14 21:07 - 2014-01-14 21:07 - 00000000 ____D C:\Program Files\VNT
2014-01-14 21:07 - 2014-01-14 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-14 21:07 - 2014-01-14 21:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2014-01-14 21:05 - 2014-01-14 21:05 - 00000000 ____D C:\Documents and Settings\Stevie\Application Data\Avira
2014-01-14 21:05 - 2014-01-14 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2014-01-14 21:04 - 2014-01-14 21:04 - 00001707 _____ C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2014-01-14 21:04 - 2014-01-14 21:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-01-14 21:03 - 2013-12-09 11:37 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-14 21:03 - 2013-12-09 11:37 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-01-14 21:03 - 2013-12-09 11:37 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-01-14 21:03 - 2013-12-09 11:37 - 00028520 _____ (Avira GmbH) C:\WINDOWS\system32\Drivers\ssmdrv.sys
2014-01-14 20:59 - 2014-01-14 20:59 - 129564536 _____ C:\Documents and Settings\Stevie\Desktop\avira_free_antivirus_en.exe
2014-01-14 20:07 - 2014-01-14 20:07 - 00000582 _____ C:\Documents and Settings\Stevie\Desktop\JRT.txt
2014-01-14 19:29 - 2014-01-14 19:30 - 01037068 _____ (Thisisu) C:\Documents and Settings\Stevie\Desktop\JRT.exe
2014-01-14 18:58 - 2014-01-14 18:58 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Stevie\Desktop\HijackThis.exe
2014-01-13 22:47 - 2014-01-14 19:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\lpgg3d33
2014-01-13 22:43 - 2014-01-13 22:43 - 00001472 _____ C:\Documents and Settings\Stevie\Desktop\DivX Movies.lnk
2014-01-13 22:43 - 2014-01-13 22:43 - 00000727 _____ C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
2014-01-13 22:42 - 2014-01-13 22:42 - 00000792 _____ C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
2014-01-13 13:55 - 2014-01-13 13:55 - 00000000 _____ C:\AdobeDebug.txt
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\Help
2013-12-28 12:24 - 2013-12-28 12:24 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-12-24 13:36 - 2014-01-19 19:29 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-12-24 13:36 - 2014-01-19 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-12-24 13:35 - 2013-12-24 13:36 - 00000000 ____D C:\Program Files\iTunes
2013-12-24 13:31 - 2013-12-24 13:31 - 98633040 _____ (Apple Inc.) C:\Documents and Settings\Stevie\Desktop\iTunesSetup.exe

==================== One Month Modified Files and Folders =======

2014-01-23 22:35 - 2014-01-23 22:34 - 00015323 _____ C:\Documents and Settings\Stevie\Desktop\FRST.txt
2014-01-23 22:34 - 2014-01-23 22:34 - 01222144 _____ (Farbar) C:\Documents and Settings\Stevie\Desktop\FRST.exe
2014-01-23 22:34 - 2014-01-23 22:34 - 00000000 ____D C:\FRST
2014-01-23 22:28 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-23 22:27 - 2009-05-01 18:20 - 00000159 _____ C:\WINDOWS\wiadebug.log
2014-01-23 22:27 - 2009-05-01 18:20 - 00000050 _____ C:\WINDOWS\wiaservc.log
2014-01-23 22:27 - 2009-04-21 22:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-23 22:26 - 2014-01-15 20:03 - 00010711 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 22:26 - 2013-03-18 09:43 - 00393216 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-23 22:26 - 2009-04-21 22:06 - 00032620 _____ C:\WINDOWS\SchedLgU.Txt
2014-01-23 22:26 - 2009-04-21 22:06 - 00000278 ___SH C:\Documents and Settings\Stevie\ntuser.ini
2014-01-23 22:25 - 2013-08-30 18:31 - 00000000 ____D C:\AdwCleaner
2014-01-23 22:25 - 2009-04-21 22:06 - 00000000 ____D C:\Documents and Settings\Stevie
2014-01-23 22:23 - 2014-01-23 22:23 - 01236282 _____ C:\Documents and Settings\Stevie\Desktop\AdwCleaner.exe
2014-01-23 22:12 - 2014-01-23 22:12 - 00524760 _____ C:\Documents and Settings\Stevie\Desktop\requested-files[2014-01-23_22_12].cab
2014-01-23 22:11 - 2014-01-23 22:11 - 00264875 _____ C:\Documents and Settings\Stevie\Desktop\sfp.zip
2014-01-23 20:18 - 2009-06-05 19:03 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{C45D3254-C5F2-4164-8186-CF660410A378}.job
2014-01-23 17:47 - 2010-03-02 23:22 - 00000000 ____D C:\Program Files\ThreatFire
2014-01-23 17:34 - 2014-01-23 17:34 - 00000000 ____D C:\_OTL
2014-01-23 17:34 - 2009-04-21 22:47 - 00000000 _SHDC C:\WINDOWS\$NtUninstallKB53386$
2014-01-22 21:49 - 2014-01-22 21:49 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Stevie\Desktop\OTL.exe
2014-01-22 21:42 - 2014-01-22 21:42 - 00003386 _____ C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_01222014_214207.txt
2014-01-22 21:42 - 2014-01-22 21:38 - 00000000 ____D C:\Documents and Settings\Stevie\Desktop\RK_Quarantine
2014-01-22 21:41 - 2014-01-22 21:41 - 00003626 _____ C:\Documents and Settings\Stevie\Desktop\RKreport[0]_D_01222014_214101.txt
2014-01-22 21:40 - 2014-01-22 21:40 - 00003578 _____ C:\Documents and Settings\Stevie\Desktop\RKreport[0]_S_01222014_214032.txt
2014-01-22 21:38 - 2014-01-22 21:38 - 03809280 _____ C:\Documents and Settings\Stevie\Desktop\RogueKiller.exe
2014-01-22 21:16 - 2011-05-01 17:01 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-22 19:37 - 2014-01-22 19:36 - 00987425 _____ C:\Documents and Settings\Stevie\Desktop\SecurityCheck.exe
2014-01-22 19:26 - 2009-05-19 17:53 - 00000000 ____D C:\Documents and Settings\Stevie\Application Data\vlc
2014-01-22 19:17 - 2009-04-21 21:59 - 00000000 ____D C:\WINDOWS\Registration
2014-01-19 20:22 - 2009-04-21 22:14 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2014-01-19 20:10 - 2009-10-04 08:23 - 00000000 ____D C:\Program Files\Samsung
2014-01-19 20:09 - 2009-10-04 08:56 - 00000000 ____D C:\Documents and Settings\Stevie\Application Data\Samsung
2014-01-19 20:01 - 2014-01-19 19:21 - 00004382 _____ C:\WINDOWS\setupapi.log
2014-01-19 19:48 - 2013-11-24 14:04 - 00000000 ____D C:\Program Files\Bonjour
2014-01-19 19:29 - 2014-01-19 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-19 19:29 - 2013-12-24 13:36 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2014-01-19 19:29 - 2013-12-24 13:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-01-19 18:32 - 2013-10-31 22:11 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-01-16 22:00 - 2013-01-20 09:42 - 00000000 ____D C:\Documents and Settings\Stevie\My Documents\NeroVideo
2014-01-16 19:45 - 2009-04-22 17:49 - 00014848 _____ C:\Documents and Settings\Stevie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 21:19 - 2014-01-15 21:19 - 00010498 _____ C:\Documents and Settings\All Users\Application Data\lpm.dat
2014-01-15 19:49 - 2014-01-15 19:49 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-01-15 19:49 - 2013-03-04 09:03 - 00000000 ____D C:\Program Files\CCleaner
2014-01-15 19:31 - 2014-01-15 19:31 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\AskPartnerNetwork
2014-01-14 21:08 - 2014-01-14 21:08 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\VNT
2014-01-14 21:07 - 2014-01-14 21:07 - 00000000 ____D C:\Program Files\VNT
2014-01-14 21:07 - 2014-01-14 21:07 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2014-01-14 21:07 - 2014-01-14 21:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AskPartnerNetwork
2014-01-14 21:05 - 2014-01-14 21:05 - 00000000 ____D C:\Documents and Settings\Stevie\Application Data\Avira
2014-01-14 21:05 - 2014-01-14 21:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2014-01-14 21:04 - 2014-01-14 21:04 - 00001707 _____ C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2014-01-14 21:04 - 2014-01-14 21:04 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2014-01-14 21:03 - 2011-05-01 16:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira
2014-01-14 21:00 - 2013-10-16 20:14 - 00000000 ____D C:\Program Files\EPSON Software
2014-01-14 20:59 - 2014-01-14 20:59 - 129564536 _____ C:\Documents and Settings\Stevie\Desktop\avira_free_antivirus_en.exe
2014-01-14 20:45 - 2010-08-16 17:37 - 00056832 __SHC C:\Documents and Settings\Stevie\My Documents\Thumbs.db
2014-01-14 20:07 - 2014-01-14 20:07 - 00000582 _____ C:\Documents and Settings\Stevie\Desktop\JRT.txt
2014-01-14 19:30 - 2014-01-14 19:29 - 01037068 _____ (Thisisu) C:\Documents and Settings\Stevie\Desktop\JRT.exe
2014-01-14 19:13 - 2009-04-21 22:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB923561$
2014-01-14 19:12 - 2014-01-13 22:47 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\lpgg3d33
2014-01-14 19:00 - 2013-05-05 19:51 - 00000000 ____D C:\Documents and Settings\Stevie\Desktop\backups
2014-01-14 18:58 - 2014-01-14 18:58 - 00388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Stevie\Desktop\HijackThis.exe
2014-01-14 18:52 - 2009-04-24 05:03 - 00000000 ____D C:\Program Files\Windows Desktop Search
2014-01-13 22:43 - 2014-01-13 22:43 - 00001472 _____ C:\Documents and Settings\Stevie\Desktop\DivX Movies.lnk
2014-01-13 22:43 - 2014-01-13 22:43 - 00000727 _____ C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
2014-01-13 22:43 - 2010-12-02 22:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX
2014-01-13 22:43 - 2009-04-23 20:52 - 00000000 ____D C:\Program Files\DivX
2014-01-13 22:43 - 2009-04-23 20:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\DivX
2014-01-13 22:42 - 2014-01-13 22:42 - 00000792 _____ C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
2014-01-13 13:55 - 2014-01-13 13:55 - 00000000 _____ C:\AdobeDebug.txt
2014-01-05 20:35 - 2013-04-30 17:20 - 00000020 ____H C:\Documents and Settings\All Users\Application Data\PKP_DLev.DAT
2014-01-05 20:11 - 2013-04-30 17:20 - 00000020 ____H C:\Documents and Settings\All Users\Application Data\PKP_DLet.DAT
2014-01-05 05:01 - 2013-11-05 13:31 - 00000358 _____ C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job
2014-01-04 23:26 - 2014-01-04 23:26 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\Help
2013-12-29 21:34 - 2013-03-17 21:02 - 02586514 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-963894560-682003330-1003-0.dat
2013-12-29 21:34 - 2013-01-20 13:03 - 00564618 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-12-29 16:00 - 2013-06-22 17:00 - 00085256 _____ C:\MP4debug.log
2013-12-29 16:00 - 2009-04-26 14:41 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\WinAVI
2013-12-29 11:35 - 2013-01-20 09:42 - 00000000 ____D C:\Documents and Settings\Stevie\Local Settings\Application Data\Nero
2013-12-28 12:24 - 2013-12-28 12:24 - 00000719 _____ C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
2013-12-28 12:24 - 2013-09-28 10:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
2013-12-24 13:36 - 2013-12-24 13:35 - 00000000 ____D C:\Program Files\iTunes
2013-12-24 13:35 - 2011-11-11 16:59 - 00000000 ____D C:\Program Files\iPod
2013-12-24 13:35 - 2009-04-23 20:15 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-24 13:31 - 2013-12-24 13:31 - 98633040 _____ (Apple Inc.) C:\Documents and Settings\Stevie\Desktop\iTunesSetup.exe

Some content of TEMP:
====================
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe
C:\Documents and Settings\Stevie\Local Settings\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
  • 0

#9
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Download the enclosed file. Attached File  fixlist.txt   255bytes   48 downloads

Save it in the same location FRST is.

Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Everything else looks clear. How is the computer doing?
  • 0

#10
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-01-2014 02
Ran by Stevie at 2014-01-24 06:11:39 Run:1
Running from C:\Documents and Settings\Stevie\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
Task: C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job => ?
Task: C:\WINDOWS\Tasks\MyDefrag v4.3.1 Monthly.job => ?
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe
C:\Documents and Settings\Stevie\Local Settings\temp\Quarantine.exe
End
*****************

C:\WINDOWS\Tasks\MyDefrag v4.3.1 Daily.job => Moved successfully.
C:\WINDOWS\Tasks\MyDefrag v4.3.1 Monthly.job => Moved successfully.
C:\Documents and Settings\Stevie\Local Settings\temp\avgnt.exe => Moved successfully.
C:\Documents and Settings\Stevie\Local Settings\temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====


Computer now seems a lot quicker when moving to different websites, before I ran this latest fix my anti virus was still giving warnings
  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Chances are the antivirus is reading the quarantined files.

If you ran Combofix, follow these steps:

The following will implement some cleanup procedures as well as reset System Restore points:


  • Press the Windows key + R. At the Run command type or copy and paste the following:

    Combofix /uninstall

If experience problem with the uninstall of Combofix, use this uninstaller, then delete the application

Run OTL. Click on the Cleanup button and follow the prompts.

Remove the C:\FRST folder if present

Run AdwCleaner and uninstall.

Manually remove any tool or quarantine folder left on your desktop.

Restart the computer and check if AVIRA still detecting the virus.
  • 0

#12
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Seems much better now, thank you. My Anti Virus still shows the infectionin the quarantine folder - should I delete these or just leave them where they are?
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,958 posts
Delete the quarantine.

I am glad things have improved. I will keep this topic opened for a few days, should you need further help.

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

#14
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Thank you for all of your help :thumbsup:
  • 0

#15
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi sorry to bother you but I left my PC on and when I next looked the anti virus was showing an alert that it found the trojan in the following:

C:\System Volume Information\_restore{D2DEE3BF-91FD-4565-A7DB-46F92BA0CC54}\RP310\A0062444.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP