Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell Inspiron 1501 running VERY SLOW

dell inspiron slow

  • This topic is locked This topic is locked

#1
pen_nomad

pen_nomad

    Member

  • Member
  • PipPip
  • 47 posts

http://www.geekstogo...ning-very-slow/

 

Hi 
The XP Tech guys had a go at this problem and the response has improved slightly, but still has issues with right click menu being slow, folders opening slow and freezing for 10-20 seconds every 10-15 minutes, (and as you know 10-20 sec can seem like an eternity when you are in the middle of something :killcomp: ), so they think I may have a Malware bug and suggested that I try this forum. They also suggested that it may have been a problem connected with an old, rarely used, P2P program which I have now uninstalled.
Any ideas that you guys can suggest would be greatly appreciated.
Best Wishes
Pen

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

Please download OTL to your Desktop
  • Double click on the OTLicon.jpg to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.
  • 0

#3
pen_nomad

pen_nomad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi zep516

Done  :prop: 

OTL.TEXT

OTL logfile created on: 18/07/2014 14:29:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Pen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 35.05% Memory free
3.04 Gb Paging File | 2.00 Gb Available in Paging File | 65.89% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.68 Gb Total Space | 51.75 Gb Free Space | 47.62% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1068.93 Gb Free Space | 57.38% Space Free | Partition Type: NTFS
Drive F: | 210.16 Mb Total Space | 158.30 Mb Free Space | 75.33% Space Free | Partition Type: FAT
Drive G: | 980.72 Mb Total Space | 13.55 Mb Free Space | 1.38% Space Free | Partition Type: FAT
Drive J: | 463.50 Mb Total Space | 324.38 Mb Free Space | 69.98% Space Free | Partition Type: FAT
 
Computer Name: PEN-NOMAD | User Name: Pen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/18 13:55:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pen\Desktop\OTL.exe
PRC - [2014/07/16 20:03:47 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/16 20:03:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/15 16:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2014/06/03 16:12:18 | 000,655,352 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
PRC - [2008/07/07 22:46:45 | 000,416,768 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFX.exe
PRC - [2008/04/14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/20 15:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/18 13:59:22 | 002,793,472 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14071800\algo.dll
MOD - [2014/07/16 20:04:06 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/16 20:03:58 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/07/15 16:24:48 | 000,353,096 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 16:24:46 | 014,664,008 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
MOD - [2014/07/15 16:24:44 | 008,537,928 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 16:24:35 | 001,732,936 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2014/06/03 16:23:10 | 000,148,808 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
MOD - [2014/06/03 16:23:08 | 000,131,920 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
MOD - [2014/06/03 16:23:08 | 000,122,704 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
MOD - [2014/06/03 16:22:58 | 000,030,584 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
MOD - [2014/06/03 16:22:56 | 000,087,928 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
MOD - [2014/06/03 16:22:56 | 000,022,392 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
MOD - [2014/06/03 16:22:54 | 000,638,328 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
MOD - [2014/06/03 16:22:50 | 000,107,904 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
MOD - [2014/06/03 16:22:48 | 000,048,512 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
MOD - [2014/06/03 16:22:48 | 000,030,072 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
MOD - [2014/06/03 16:22:46 | 000,123,744 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
MOD - [2014/06/03 16:22:44 | 002,421,064 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
MOD - [2014/06/03 16:22:44 | 000,541,008 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
MOD - [2014/06/03 16:22:36 | 001,873,768 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
MOD - [2014/06/03 16:22:30 | 000,313,720 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
MOD - [2014/06/03 16:22:30 | 000,105,304 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
MOD - [2014/06/03 16:22:24 | 008,386,920 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
MOD - [2014/06/03 16:22:22 | 000,367,472 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
MOD - [2014/06/03 16:22:22 | 000,270,192 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
MOD - [2014/06/03 16:22:20 | 000,503,648 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
MOD - [2014/06/03 16:22:18 | 000,372,600 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
MOD - [2014/06/03 16:22:18 | 000,087,384 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
MOD - [2014/06/03 16:22:16 | 000,298,840 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
MOD - [2014/06/03 16:22:16 | 000,205,160 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
MOD - [2014/06/03 16:22:14 | 000,633,712 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
MOD - [2014/06/03 16:22:12 | 000,513,392 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
MOD - [2014/06/03 16:22:12 | 000,190,824 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
MOD - [2014/06/03 16:22:10 | 000,342,376 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
MOD - [2014/06/03 16:22:10 | 000,119,656 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
MOD - [2014/06/03 16:22:08 | 000,248,160 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
MOD - [2014/06/03 16:22:06 | 000,344,944 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
MOD - [2014/06/03 16:22:02 | 000,248,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
MOD - [2014/06/03 16:22:02 | 000,170,376 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
MOD - [2014/06/03 16:21:54 | 000,300,920 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
MOD - [2014/06/03 16:21:54 | 000,179,552 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
MOD - [2014/06/03 16:21:52 | 000,174,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
MOD - [2014/06/03 16:21:50 | 000,277,872 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
MOD - [2014/06/03 16:21:50 | 000,143,720 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
MOD - [2014/06/03 16:21:48 | 000,478,056 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
MOD - [2014/06/03 16:12:18 | 000,655,352 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
MOD - [2011/03/01 05:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2008/04/14 07:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 07:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/13 03:00:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Stardock\CursorFX\zlib1.dll
MOD - [2006/12/03 20:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Cain\Abel.exe -- (Abel)
SRV - [2014/07/16 20:03:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/09 14:42:35 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/06/03 16:12:18 | 000,655,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe -- (LavasoftAdAwareService11)
SRV - [2014/05/20 18:17:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2007/02/20 00:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2005/01/27 20:28:28 | 000,106,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\My Documents\05 Downloads\amifldrv32.sys -- (GENERICDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/07/16 20:05:47 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/16 20:04:10 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/07/16 20:04:10 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/16 20:04:10 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/16 20:04:10 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/07/16 20:04:10 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/07/16 20:04:10 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/16 20:04:10 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/04/22 17:29:24 | 000,360,376 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2014/04/22 17:29:22 | 000,165,744 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys -- (gzflt)
DRV - [2014/04/11 15:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2014/04/11 15:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/04/11 15:39:22 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/10/17 05:49:16 | 000,090,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Temp\mvd23.sys -- (mvd23)
DRV - [2013/10/17 05:49:12 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Temp\mdf16.sys -- (mdf16)
DRV - [2013/09/21 06:22:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/12/30 03:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/15 10:48:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2011/11/01 17:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 17:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 17:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 17:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 17:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/07/12 15:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/07 21:55:58 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/03/25 22:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 22:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 22:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 22:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 22:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 22:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 22:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/01/23 04:37:37 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 01:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 01:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/03/17 16:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser6k.sys -- (qcusbser6k)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbpcsync.sys -- (qcusbpcsync)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbnmea.sys -- (qcusbnmea)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbmdm6k.sys -- (qcusbmdm6k)
DRV - [2006/12/19 00:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/03 12:34:00 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/11 18:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 17:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/17 19:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/02 04:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 01:27:42 | 000,281,600 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006/06/02 05:51:10 | 000,021,376 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2005/08/12 22:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/15 05:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/24 21:01:16 | 000,077,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 21:00:56 | 000,079,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 21:00:46 | 000,087,424 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 21:00:44 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 21:00:38 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus)
DRV - [2005/02/23 20:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/17 20:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 21:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/12/16 22:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/11/05 17:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 19:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 19:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 17:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/23 00:08:14 | 000,012,504 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2004/09/22 00:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2002/10/15 20:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/04 02:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.254:8
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = BTHomeHub AD79 
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.254:8
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = BTHomeHub AD79 
 
 
 
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\SearchScopes\{96A1833F-CD67-428C-8344-858C4F9F6F80}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\SearchScopes\{AB73677F-9E1C-4263-BBEB-20436F42541B}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4196911015-24638137-990088397-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://securedsearch...FBB6523CDC71A2"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:24.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/14 01:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/28 05:42:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]lla.org: C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate [2014/06/24 20:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/16 20:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/07/17 15:07:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2013/12/26 02:21:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate [2014/06/24 20:26:41 | 000,000,000 | ---D | M]
 
[2010/07/14 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Extensions
[2009/04/21 20:37:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/07/14 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Extensions\[email protected]
[2014/06/24 20:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions
[2014/06/24 20:26:41 | 000,000,000 | ---D | M] (Total Browser Security) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate
[2014/07/15 13:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions
[2014/06/30 19:03:45 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2014/01/17 12:16:45 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2014/04/04 09:57:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/15 13:10:10 | 000,010,966 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\[email protected]
[2014/07/01 19:48:52 | 000,985,329 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}.xpi
[2014/01/20 08:11:14 | 000,007,373 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2013/08/27 19:36:02 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\searchplugins\yahoo.xml
[2014/05/20 18:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/20 18:18:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/15 14:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/07/15 14:14:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/10 15:18:10 | 000,069,632 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npitunes.dll
[2011/08/31 03:33:42 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U19 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.190.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Adblock Plus = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: F.B Purity-Clean Up Facebook = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\9.9.1.7_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Currently = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh\2.7.0_0\
 
O1 HOSTS File: ([2009/04/07 00:03:23 | 000,304,232 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10480 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - No CLSID value found.
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IE.PerformancePack) - {7adefb8e-b723-45e6-86e2-2b7841f5d6a5} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10000000-1000-1000-1000-100000000000} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4196911015-24638137-990088397-1005..\Run: []  File not found
O4 - HKU\S-1-5-21-4196911015-24638137-990088397-1005..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4196911015-24638137-990088397-1005..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-4196911015-24638137-990088397-1005..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4196911015-24638137-990088397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-4196911015-24638137-990088397-1005\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Rise of Atlantis\Images\armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C379B33D-D075-4B28-B906-7AA576770014}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C379B33D-D075-4B28-B906-7AA576770014}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 23:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{02e714c3-6bbd-11df-a1ad-d7db7009a453}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\Shell - "" = AutoRun
O33 - MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\Shell - "" = AutoRun
O33 - MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\Shell\explore\Command - "" = boot.exe
O33 - MountPoints2\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\Shell\open\Command - "" = boot.exe
O33 - MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\Shell - "" = AutoRun
O33 - MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\Shell\AutoRun\command - "" = H:\VersionControl.exe
O33 - MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b66f282c-d9b9-11dc-a164-92a57a2577b7}\Shell\Setup\command - "" = E:\setup.exe
O33 - MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\Shell - "" = AutoRun
O33 - MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f72e897a-3782-11dd-a1ef-00197e687bd7}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/18 13:55:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pen\Desktop\OTL.exe
[2014/07/18 10:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo
[2014/07/17 15:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Foxit Software
[2014/07/17 10:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/16 20:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\AVAST Software
[2014/07/16 20:06:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/07/16 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/07/16 20:04:45 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/07/16 20:04:43 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/07/16 20:04:41 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/07/16 20:04:39 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/07/16 20:04:36 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/07/16 20:04:21 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/07/16 20:04:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/07/16 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/07/16 19:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/15 11:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/07/15 11:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2014/07/15 11:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2014/07/13 20:52:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pen\Recent
[2014/07/13 19:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2014/07/13 16:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\E-MEDIA for sale
[2014/07/13 11:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Start Menu\Programs\SpeedFan
[2014/07/13 11:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2014/07/11 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2014/07/11 20:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2014/07/10 20:32:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\Dropbox
[2014/07/10 20:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\DropboxMaster
[2014/07/10 20:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/07/10 20:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Start Menu\Programs\Dropbox
[2014/07/10 20:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Dropbox
[2014/07/09 14:41:28 | 005,659,136 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2014/07/08 20:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/07/07 17:52:47 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudserd.sys
[2014/07/07 17:52:39 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2014/07/07 17:52:32 | 000,089,856 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2014/07/07 17:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2014/07/07 17:19:02 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\WINDOWS\System32\secman.dll
[2014/07/07 17:12:17 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2014/07/07 17:12:15 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2014/07/07 17:12:09 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2014/07/07 11:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\BVE for onedotcom
[2014/07/07 10:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Pen
[2014/07/07 10:49:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD
[2014/07/03 20:02:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\My Videos
[2014/07/03 12:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Adobe
[2014/07/02 11:33:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\Twelve Links of Dependent Origination
[2014/06/27 18:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\SLOW LAPTOP
[2014/06/27 15:33:23 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2014/06/27 11:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\SISTA DEE
[2014/06/26 15:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\Tesco Lotus on Koh Phangan (COMPLAINT)
[2014/06/25 11:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Lavasoft
[2014/06/24 22:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
[2014/06/24 20:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Microsoft Extensions
[2014/06/24 20:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\MCommon
[2007/06/16 23:19:01 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pen\MSSSerif120.fon
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/18 14:18:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4196911015-24638137-990088397-1005UA.job
[2014/07/18 13:55:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pen\Desktop\OTL.exe
[2014/07/18 13:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/18 12:06:08 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/07/18 11:18:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/07/18 11:03:08 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/18 10:20:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/18 10:19:16 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/18 10:18:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/17 18:31:33 | 000,516,405 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot003.jpg
[2014/07/16 20:06:07 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/07/16 20:05:47 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/07/16 20:04:10 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/07/16 20:04:10 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/07/16 20:04:10 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/07/16 20:04:10 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/07/16 20:04:10 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/07/16 20:04:10 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/07/16 20:04:10 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/07/16 20:04:08 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/07/16 20:04:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/07/16 19:14:00 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/16 19:01:50 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/16 18:25:40 | 000,550,170 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot002.jpg
[2014/07/16 12:03:44 | 000,326,357 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot001.jpg
[2014/07/14 12:24:48 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2014/07/14 12:24:48 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2014/07/13 16:50:19 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\Nanthawan Bungalows (Chaloklum).lnk
[2014/07/13 13:06:57 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\2014 umm.lnk
[2014/07/13 11:48:14 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2014/07/12 08:20:30 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4196911015-24638137-990088397-1005Core.job
[2014/07/10 16:01:55 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\00 NET IMAGES.lnk
[2014/07/09 14:42:12 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/07/09 14:42:12 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/07/09 14:41:31 | 005,659,136 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2014/07/08 15:00:01 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/07 17:19:43 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2014/07/07 17:19:42 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2014/07/07 17:09:26 | 005,961,828 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\GT-S6102_UM_EU_Gingerbread_Eng_Rev.2.0_120217_Screen.pdf
[2014/07/07 10:50:11 | 001,805,692 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Pen.exe
[2014/07/07 10:48:35 | 007,720,252 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD.exe
[2014/07/04 14:45:05 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\WEBSITES 2.lnk
[2014/06/30 20:12:58 | 000,494,270 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\2014 - 06 Accounts.jpg
[2014/06/30 03:50:49 | 079,678,680 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Game.of.Thrones.S04E11.HDTV.x264-KILLERS.mp4
[2014/06/23 00:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2014/06/18 16:48:34 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\01 Song_of_Isan_.wmv.lnk
 
========== Files Created - No Company Name ==========
 
[2014/07/17 18:31:33 | 000,516,405 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot003.jpg
[2014/07/17 10:37:20 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2014/07/16 20:06:07 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/07/16 20:05:21 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/16 20:04:44 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/07/16 20:04:40 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/07/16 20:04:38 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/07/16 18:25:40 | 000,550,170 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot002.jpg
[2014/07/16 12:48:38 | 000,041,223 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\Bella Vista Enterprises Mobile Unit 3.JPG
[2014/07/16 12:03:44 | 000,326,357 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot001.jpg
[2014/07/14 12:24:48 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2014/07/14 12:24:48 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2014/07/13 16:50:19 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\Nanthawan Bungalows (Chaloklum).lnk
[2014/07/13 13:06:26 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\2014 umm.lnk
[2014/07/11 20:13:44 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2014/07/10 19:55:33 | 000,004,277 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\Po- Cannot find Weapons of Mass Destruction.htm
[2014/07/10 16:01:55 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\00 NET IMAGES.lnk
[2014/07/07 17:19:43 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2014/07/07 17:19:42 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2014/07/07 17:09:05 | 005,961,828 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\GT-S6102_UM_EU_Gingerbread_Eng_Rev.2.0_120217_Screen.pdf
[2014/07/07 10:50:12 | 001,805,692 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Pen.exe
[2014/07/07 10:48:42 | 007,720,252 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD.exe
[2014/07/06 19:14:48 | 079,678,680 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Game.of.Thrones.S04E11.HDTV.x264-KILLERS.mp4
[2014/07/06 14:23:41 | 000,004,086 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\index.html
[2014/07/04 14:45:05 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\WEBSITES 2.lnk
[2014/06/30 20:12:58 | 000,494,270 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\2014 - 06 Accounts.jpg
[2014/06/18 16:48:34 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\01 Song_of_Isan_.wmv.lnk
[2014/05/17 18:58:53 | 000,194,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/30 19:47:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014/04/10 14:07:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2013/11/28 04:02:34 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/09/15 05:21:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/09/15 05:21:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/08/27 05:48:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/02/18 01:30:08 | 000,000,444 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\wklnhst.dat
[2008/02/24 18:37:19 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\SAS7_000.DAT
[2007/12/06 00:25:45 | 000,846,504 | ---- | C] () -- C:\Documents and Settings\Pen\JNativeCpp.dll
[2007/08/22 18:16:22 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Pen\default.pls
[2007/05/30 06:15:44 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/26 15:47:16 | 021,822,168 | ---- | C] (                            ) -- C:\Program Files\AdbeRdr80_en_US.exe
[2007/05/25 17:56:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 23:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 19:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B52AE048
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A704FE1
 
< End of report >

 

 
Extras.Txt

OTL Extras logfile created on: 18/07/2014 14:29:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Pen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 35.05% Memory free
3.04 Gb Paging File | 2.00 Gb Available in Paging File | 65.89% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.68 Gb Total Space | 51.75 Gb Free Space | 47.62% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 1068.93 Gb Free Space | 57.38% Space Free | Partition Type: NTFS
Drive F: | 210.16 Mb Total Space | 158.30 Mb Free Space | 75.33% Space Free | Partition Type: FAT
Drive G: | 980.72 Mb Total Space | 13.55 Mb Free Space | 1.38% Space Free | Partition Type: FAT
Drive J: | 463.50 Mb Total Space | 324.38 Mb Free Space | 69.98% Space Free | Partition Type: FAT
 
Computer Name: PEN-NOMAD | User Name: Pen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4196911015-24638137-990088397-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"10421:UDP" = 10421:UDP:*:Disabled:SingleClick Discovery Protocol
"10426:UDP" = 10426:UDP:*:Disabled:SingleClick ICC
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Disabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\Macromedia\FreeHand 10\FreeHand 10.exe" = C:\Program Files\Macromedia\FreeHand 10\FreeHand 10.exe:*:Disabled:FreeHand 10
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire
"C:\Program Files\Macromedia\Flash MX\Flash.exe" = C:\Program Files\Macromedia\Flash MX\Flash.exe:*:Disabled:Flash 6.0 r25 -- (Macromedia, Inc.)
"F:\MSN Messenger\msnmsgr.exe" = F:\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe" = C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Disabled:Dell Network Assistant -- (SingleClick Systems)
"E:\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = E:\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Documents and Settings\Pen\Desktop\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = C:\Documents and Settings\Pen\Desktop\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Pen\Desktop\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = C:\Documents and Settings\Pen\Desktop\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Documents and Settings\Pen\My Documents\MINI PROGRAMS\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = C:\Documents and Settings\Pen\My Documents\MINI PROGRAMS\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Documents and Settings\Pen\My Documents\ZZ MINI PROGRAMS\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = C:\Documents and Settings\Pen\My Documents\ZZ MINI PROGRAMS\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"G:\MINI PROGRAMS\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = G:\MINI PROGRAMS\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VoipCheap\VoipCheap.exe" = C:\Program Files\VoipCheap\VoipCheap.exe:*:Enabled:VoipCheap
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\MostFun\Bin\MostFun.exe" = C:\Program Files\MostFun\Bin\MostFun.exe:*:Disabled:MostFun Agent
"G:\MINI PROGRAMS\GAMES\Microsoft - EMPIRE EARTH (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = G:\MINI PROGRAMS\GAMES\Microsoft - EMPIRE EARTH (Full PC Game)\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Documents and Settings\Pen\Desktop\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = C:\Documents and Settings\Pen\Desktop\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth
"C:\Program Files\Freeciv-2.2.0-gtk2\freeciv-server.exe" = C:\Program Files\Freeciv-2.2.0-gtk2\freeciv-server.exe:*:Disabled:freeciv-server
"C:\Documents and Settings\Pen\My Documents\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe" = C:\Documents and Settings\Pen\My Documents\GAMES\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth.exe:*:Disabled:Empire Earth -- ()
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Disabled:Java™ Web Start Launcher
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"E:\Shared Stuff\COMPLETE PROGRAMS\00 GAMES from Pen\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe" = E:\Shared Stuff\COMPLETE PROGRAMS\00 GAMES from Pen\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe:*:Disabled:Empire Earth - Kopia
"E:\01 Shared Stuff\COMPLETE PROGRAMS\00 GAMES from Pen\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe" = E:\01 Shared Stuff\COMPLETE PROGRAMS\00 GAMES from Pen\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe:*:Disabled:Empire Earth - Kopia -- ()
"C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe" = C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe:*:Enabled:Ad-Aware Security Add-on DTX Broker -- (Visicom Media Inc.)
"C:\Program Files\AVG\AVG2014\avgmfapx.exe" = C:\Program Files\AVG\AVG2014\avgmfapx.exe:*:Enabled:AVG Installer
"E:\05 MY STUFF\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe" = E:\05 MY STUFF\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe:*:Disabled:Empire Earth - Kopia
"E:\00 MY STUFF\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe" = E:\00 MY STUFF\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe:*:Disabled:Empire Earth - Kopia
"G:\00 MY STUFF\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe" = G:\00 MY STUFF\Microsoft - Age of Empires 3 (Full PC Game)\Empire Earth - Kopia.exe:*:Disabled:Empire Earth - Kopia
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Disabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\Pen\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Pen\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.7.2
"{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}" = calibre
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = Foxit Cloud
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72EF03F5-0507-4861-9A44-D99FD4C41417}" = Paint.NET v3.5.11
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9089F4B9-F055-4CF3-9DCC-7E43FCD24BFD}" = AdAwareInstaller
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}" = iTunes
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1080852-065E-4991-9260-F3756E3CC182}" = CursorFX
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C860AFE7-2A99-4AF6-AB03-116EFC14AD30}" = Convert EPUB to PDF 6.6.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}" = AdAwareUpdater
"{CB799B5A-84B8-46A2-BEB5-4FD7D5230361}_AdAwareUpdater" = Ad-Aware Antivirus
"{CC347FC6-C8D7-493A-B70E-1D89E22691A7}" = AntimalwareEngine
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader Software
"{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6963450-7577-4049-8793-2B66B85237C1}" = ATI Catalyst Control Center
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.181
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1100000-0010-0000-0000-074957833700}" = ABBYY FineReader 11 Corporate Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"Avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD
"Babel Deluxe_is1" = Babel Deluxe
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.25
"CursorFX" = CursorFX
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"ExpressBurn" = Express Burn
"FormatFactory" = FormatFactory 2.50
"Foxit Reader_is1" = Foxit Reader
"Free Video Dub_is1" = Free Video Dub version 2.0.21.822
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.32.1230
"Gadwin PrintScreen" = Gadwin PrintScreen
"Huawei Modems" = Huawei modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.53
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Biorhythms_is1" = Natural Biorhythms version 3.04
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"PC-Doctor for Windows" = My Dell
"PolderbitSRecorder" = PolderbitS Sound Recorder and Editor
"Power DVD Rip Studio_is1" = Power DVD Rip Studio v1.1.7.271
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RapidTyping" = RapidTyping
"SearchAssist" = SearchAssist
"Speccy" = Speccy
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Video to AVI MPEG MOV RM FLV iPod PSP 3GP Zune Converter_is1" = Video to AVI MPEG MOV RM FLV iPod PSP 3GP Zune Converter V2.2.3
"VLC media player" = VideoLAN VLC media player 0.8.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wubi" = Wubi
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZTE_MF627_LEGACY_DRIVER_1.2059.0.4" = ZTE_MF627_USB_MODEM_1.2059.0.4
"ZTE_MF6X6_USB_MODEM_1.2050.0.6" = ZTE_MF6X6_USB_MODEM_1.2050.0.6
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4196911015-24638137-990088397-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Dharma IV Screen Saver" = Dharma IV Screen Saver
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"I-Doser v4" = I-Doser v4
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/07/2014 00:57:25 | Computer Name = PEN-NOMAD | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 08/07/2014 02:35:25 | Computer Name = PEN-NOMAD | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 08/07/2014 04:32:26 | Computer Name = PEN-NOMAD | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 08/07/2014 06:18:28 | Computer Name = PEN-NOMAD | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 08/07/2014 08:06:33 | Computer Name = PEN-NOMAD | Source = Userenv | ID = 1081
Description = Windows cannot impersonate the user. (The handle is invalid. ). Group
 Policy processing aborted. 
 
Error - 10/07/2014 00:22:53 | Computer Name = PEN-NOMAD | Source = Application Error | ID = 1000
Description = Faulting application excel.exe, version 10.0.2614.0, faulting module
 blnmgrps.dll, version 10.0.2607.0, fault address 0x00003bd2.
 
Error - 11/07/2014 09:02:35 | Computer Name = PEN-NOMAD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
 with error: This operation returned because the timeout period expired.  
 
Error - 16/07/2014 00:55:44 | Computer Name = PEN-NOMAD | Source = Userenv | ID = 1082
Description = Windows cannot set the background refresh timer for Group Policy. 
WaitForMultipleObjects (The handle is invalid. ). Group Policy processing aborted.
 
 
Error - 16/07/2014 23:09:19 | Computer Name = PEN-NOMAD | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
  The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
Error - 16/07/2014 23:09:19 | Computer Name = PEN-NOMAD | Source = EventSystem | ID = 4614
Description = The COM+ Event System detected an inconsistency in its internal state.
  The assertion "GetLastError() == 122L" failed at line 162 of d:\comxp_sp3\com\com1x\src\events\shared\sectools.cpp.
  Please contact Microsoft Product Support Services to report this erro
 
[ System Events ]
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43016
Description = Not an EDID device
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43015
Description = I2c return failed
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43015
Description = I2c return failed
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43015
Description = I2c return failed
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43015
Description = I2c return failed
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43016
Description = Not an EDID device
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43016
Description = Not an EDID device
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43016
Description = Not an EDID device
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43015
Description = I2c return failed
 
Error - 17/07/2014 23:19:19 | Computer Name = PEN-NOMAD | Source = ati2mtag | ID = 43015
Description = I2c return failed
 
 
< End of report >
 
Best Wishes
Pen

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi,

First

You have 2 Anti Virus programs running.

1-avast! Free Antivirus.
2-Ad-Aware Security.
 

The real-time protection of two antivirus programs may conflict with each other and cause the following:

* False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
* Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
* Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
* Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.



Please uninstall 1 of them, let me know the one you're keeping.

Next

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.254:8
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.254:8
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - No CLSID value found.
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {10000000-1000-1000-1000-100000000000} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [NWEReboot]  File not found
    04 - HKU\S-1-5-21-4196911015-24638137-990088397-1005..\Run: []  File not found
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2) 
    O33 - MountPoints2\{02e714c3-6bbd-11df-a1ad-d7db7009a453}\Shell\AutoRun\command - "" = J:\setupSNK.exe
    O33 - MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\Shell - "" = AutoRun
    O33 - MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\Shell - "" = AutoRun
    O33 - MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\Shell\explore\Command - "" = boot.exe
    O33 - MountPoints2\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\Shell\open\Command - "" = boot.exe
    O33 - MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\Shell - "" = AutoRun
    O33 - MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\Shell\AutoRun\command - "" = H:\VersionControl.exe
    O33 - MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\Shell - "" = AutoRun
    O33 - MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\Shell - "" = AutoRun
    O33 - MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{b66f282c-d9b9-11dc-a164-92a57a2577b7}\Shell\Setup\command - "" = E:\setup.exe
    O33 - MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\Shell - "" = AutoRun
    O33 - MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f72e897a-3782-11dd-a1ef-00197e687bd7}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe
    @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B52AE048
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A704FE1
    
    :Files
    
    ipconfig /flushdns /c
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply please post:
1- OTL Fix log, that should pop up in front of you when the fix finishes.
2- New OTL after a quick scan is run.
3- Tell me what Anti Virus you're keeping.

Thanks
Joe :)
  • 0

#5
pen_nomad

pen_nomad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi Joe

That certainly seems to have improved things a bit  :spoton:  response seems a lot better.

 

OTL,Txt

OTL logfile created on: 19/07/2014 13:11:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.40% Memory free
3.04 Gb Paging File | 2.22 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.68 Gb Total Space | 53.37 Gb Free Space | 49.11% Space Free | Partition Type: NTFS
 
Computer Name: PEN-NOMAD | User Name: Pen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/18 13:55:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo\OTL.exe
PRC - [2014/07/16 20:03:47 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/16 20:03:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/15 16:24:50 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2008/07/07 22:46:45 | 000,416,768 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFX.exe
PRC - [2008/04/14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/20 15:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/19 12:19:47 | 002,793,472 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14071801\algo.dll
MOD - [2014/07/16 20:04:06 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/16 20:03:58 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/07/15 16:24:48 | 000,353,096 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppgooglenaclpluginchrome.dll
MOD - [2014/07/15 16:24:46 | 014,664,008 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
MOD - [2014/07/15 16:24:44 | 008,537,928 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll
MOD - [2014/07/15 16:24:35 | 001,732,936 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
MOD - [2011/03/01 05:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2008/04/14 07:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 07:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/13 03:00:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Stardock\CursorFX\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Cain\Abel.exe -- (Abel)
SRV - [2014/07/16 20:03:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/09 14:42:35 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/17 17:56:02 | 000,242,216 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/05/20 18:17:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2007/02/20 00:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2005/01/27 20:28:28 | 000,106,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\My Documents\05 Downloads\amifldrv32.sys -- (GENERICDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/07/16 20:05:47 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/16 20:04:10 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/07/16 20:04:10 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/16 20:04:10 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/16 20:04:10 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/07/16 20:04:10 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/07/16 20:04:10 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/16 20:04:10 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/04/11 15:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2014/04/11 15:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/04/11 15:39:22 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/10/17 05:49:16 | 000,090,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Temp\mvd23.sys -- (mvd23)
DRV - [2013/10/17 05:49:12 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Temp\mdf16.sys -- (mdf16)
DRV - [2013/09/21 06:22:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/12/30 03:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/15 10:48:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2011/11/01 17:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 17:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 17:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 17:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 17:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/07/12 15:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/07 21:55:58 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/03/25 22:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 22:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 22:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 22:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 22:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 22:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 22:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/01/23 04:37:37 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 01:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 01:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/03/17 16:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser6k.sys -- (qcusbser6k)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbpcsync.sys -- (qcusbpcsync)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbnmea.sys -- (qcusbnmea)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbmdm6k.sys -- (qcusbmdm6k)
DRV - [2006/12/19 00:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/03 12:34:00 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/11 18:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 17:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/17 19:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/02 04:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 01:27:42 | 000,281,600 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006/06/02 05:51:10 | 000,021,376 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2005/08/12 22:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/15 05:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/24 21:01:16 | 000,077,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 21:00:56 | 000,079,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 21:00:46 | 000,087,424 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 21:00:44 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 21:00:38 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus)
DRV - [2005/02/23 20:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/17 20:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 21:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/12/16 22:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/11/05 17:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 19:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 19:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 17:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/23 00:08:14 | 000,012,504 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2004/09/22 00:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2002/10/15 20:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/04 02:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\..\SearchScopes\{96A1833F-CD67-428C-8344-858C4F9F6F80}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AB73677F-9E1C-4263-BBEB-20436F42541B}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://securedsearch...FBB6523CDC71A2"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:24.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/14 01:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate [2014/06/24 20:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/16 20:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/07/17 15:07:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2013/12/26 02:21:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate [2014/06/24 20:26:41 | 000,000,000 | ---D | M]
 
[2010/07/14 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Extensions
[2010/07/14 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Extensions\[email protected]
[2014/06/24 20:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions
[2014/06/24 20:26:41 | 000,000,000 | ---D | M] (Total Browser Security) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate
[2014/07/15 13:10:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions
[2014/06/30 19:03:45 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2014/01/17 12:16:45 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2014/04/04 09:57:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/15 13:10:10 | 000,010,966 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\[email protected]
[2014/07/01 19:48:52 | 000,985,329 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}.xpi
[2014/01/20 08:11:14 | 000,007,373 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2013/08/27 19:36:02 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\searchplugins\yahoo.xml
[2014/05/20 18:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/20 18:18:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/15 14:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/07/15 14:14:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/10 15:18:10 | 000,069,632 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npitunes.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U19 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.190.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Adblock Plus = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: F.B Purity-Clean Up Facebook = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\9.9.1.8_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Currently = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh\2.7.0_0\
 
O1 HOSTS File: ([2014/07/19 12:55:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10000000-1000-1000-1000-100000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Rise of Atlantis\Images\armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C379B33D-D075-4B28-B906-7AA576770014}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C379B33D-D075-4B28-B906-7AA576770014}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Pen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 23:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/19 12:53:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/19 12:00:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/07/18 10:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo
[2014/07/17 15:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Foxit Software
[2014/07/17 10:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/16 20:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\AVAST Software
[2014/07/16 20:06:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/07/16 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/07/16 20:04:45 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/07/16 20:04:43 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/07/16 20:04:41 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/07/16 20:04:39 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/07/16 20:04:36 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/07/16 20:04:21 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/07/16 20:04:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/07/16 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/07/16 19:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/15 11:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/07/15 11:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2014/07/15 11:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2014/07/13 20:52:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pen\Recent
[2014/07/13 19:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2014/07/13 16:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\E-MEDIA for sale
[2014/07/13 11:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Start Menu\Programs\SpeedFan
[2014/07/13 11:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2014/07/11 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2014/07/11 20:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2014/07/10 20:32:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\Dropbox
[2014/07/10 20:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\DropboxMaster
[2014/07/10 20:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/07/10 20:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Start Menu\Programs\Dropbox
[2014/07/10 20:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Dropbox
[2014/07/08 20:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/07/07 17:52:47 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudserd.sys
[2014/07/07 17:52:39 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2014/07/07 17:52:32 | 000,089,856 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2014/07/07 17:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2014/07/07 17:19:02 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\WINDOWS\System32\secman.dll
[2014/07/07 17:12:17 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2014/07/07 17:12:09 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2014/07/07 11:05:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\BVE for onedotcom
[2014/07/07 10:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Pen
[2014/07/07 10:49:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD
[2014/07/03 20:02:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\My Videos
[2014/07/03 12:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Adobe
[2014/07/02 11:33:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\Twelve Links of Dependent Origination
[2014/06/27 18:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\SLOW LAPTOP
[2014/06/27 15:33:23 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2014/06/27 11:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\SISTA DEE
[2014/06/26 15:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\Tesco Lotus on Koh Phangan (COMPLAINT)
[2014/06/25 11:53:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Lavasoft
[2014/06/24 20:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Microsoft Extensions
[2014/06/24 20:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\MCommon
[2007/06/16 23:19:01 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pen\MSSSerif120.fon
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/19 13:18:01 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4196911015-24638137-990088397-1005UA.job
[2014/07/19 13:04:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/19 13:04:03 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/19 13:03:56 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/19 13:01:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/19 12:55:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/07/19 12:41:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/19 11:45:33 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\A. E. Van Vogt (2).lnk
[2014/07/18 16:43:08 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/18 16:39:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/07/18 16:38:53 | 000,322,768 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot004.jpg
[2014/07/18 12:06:08 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/07/16 20:06:07 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/07/16 20:05:47 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/07/16 20:04:10 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/07/16 20:04:10 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/07/16 20:04:10 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/07/16 20:04:10 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/07/16 20:04:10 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/07/16 20:04:10 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/07/16 20:04:10 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/07/16 20:04:08 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/07/16 20:04:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/07/16 19:14:00 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/14 12:24:48 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2014/07/14 12:24:48 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2014/07/13 16:50:19 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\Nanthawan Bungalows (Chaloklum).lnk
[2014/07/13 13:06:57 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\2014 umm.lnk
[2014/07/13 11:48:14 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2014/07/12 08:20:30 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4196911015-24638137-990088397-1005Core.job
[2014/07/10 16:01:55 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\00 NET IMAGES.lnk
[2014/07/08 15:00:01 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/07 17:19:43 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2014/07/07 17:19:42 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2014/07/07 17:09:26 | 005,961,828 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\GT-S6102_UM_EU_Gingerbread_Eng_Rev.2.0_120217_Screen.pdf
[2014/07/07 10:50:11 | 001,805,692 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Pen.exe
[2014/07/07 10:48:35 | 007,720,252 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD.exe
[2014/07/04 14:45:05 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\WEBSITES 2.lnk
[2014/06/30 20:12:58 | 000,494,270 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\2014 - 06 Accounts.jpg
[2014/06/30 03:50:49 | 079,678,680 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Game.of.Thrones.S04E11.HDTV.x264-KILLERS.mp4
[2014/06/23 00:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
 
========== Files Created - No Company Name ==========
 
[2014/07/19 11:45:33 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\A. E. Van Vogt (2).lnk
[2014/07/18 16:38:47 | 000,322,768 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot004.jpg
[2014/07/17 10:37:20 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2014/07/16 20:06:07 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/07/16 20:05:21 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/16 20:04:44 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/07/16 20:04:40 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/07/16 20:04:38 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/07/14 12:24:48 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2014/07/14 12:24:48 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2014/07/13 16:50:19 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\Nanthawan Bungalows (Chaloklum).lnk
[2014/07/13 13:06:26 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\2014 umm.lnk
[2014/07/11 20:13:44 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2014/07/10 19:55:33 | 000,004,277 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\Po- Cannot find Weapons of Mass Destruction.htm
[2014/07/10 16:01:55 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\00 NET IMAGES.lnk
[2014/07/07 17:19:43 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2014/07/07 17:19:42 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2014/07/07 17:09:05 | 005,961,828 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\GT-S6102_UM_EU_Gingerbread_Eng_Rev.2.0_120217_Screen.pdf
[2014/07/07 10:50:12 | 001,805,692 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Pen.exe
[2014/07/07 10:48:42 | 007,720,252 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD.exe
[2014/07/06 19:14:48 | 079,678,680 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Game.of.Thrones.S04E11.HDTV.x264-KILLERS.mp4
[2014/07/06 14:23:41 | 000,004,086 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\index.html
[2014/07/04 14:45:05 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\WEBSITES 2.lnk
[2014/06/30 20:12:58 | 000,494,270 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\2014 - 06 Accounts.jpg
[2014/05/17 18:58:53 | 000,194,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/30 19:47:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014/04/10 14:07:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2013/11/28 04:02:34 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/09/15 05:21:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/09/15 05:21:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/08/27 05:48:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/02/18 01:30:08 | 000,000,444 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\wklnhst.dat
[2008/02/24 18:37:19 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\SAS7_000.DAT
[2007/12/06 00:25:45 | 000,846,504 | ---- | C] () -- C:\Documents and Settings\Pen\JNativeCpp.dll
[2007/08/22 18:16:22 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Pen\default.pls
[2007/05/30 06:15:44 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/26 15:47:16 | 021,822,168 | ---- | C] (                            ) -- C:\Program Files\AdbeRdr80_en_US.exe
[2007/05/25 17:56:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 23:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 19:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/09/21 13:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2008/08/16 02:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2008/08/15 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2010/06/02 16:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2014/07/15 11:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/07/16 19:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/01/03 21:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2013/09/15 05:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2007/05/26 04:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2013/08/27 00:38:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/15 05:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2014/04/18 18:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/06/02 01:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2014/01/23 15:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\House Of Soft
[2014/01/23 15:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/01 22:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2014/07/13 18:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/31 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2013/12/26 02:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2013/12/26 02:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2008/02/19 17:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/12/26 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/10/21 01:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/07/18 10:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/02 15:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/03/21 04:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2014/07/07 17:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/02/26 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/09/21 15:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2007/05/24 00:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2013/09/07 21:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/22 05:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/25 00:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/02/18 06:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2014/03/01 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2009/04/06 20:39:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE032019-B933-4DF4-9174-48C52613DA13}
[2009/04/09 21:28:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pen\Application Data\.#
[2013/09/15 05:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Ad-Aware Antivirus
[2013/12/21 04:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\adawaretb
[2010/06/01 22:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Alawar
[2009/03/17 19:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Any Video Converter
[2014/07/16 20:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\AVAST Software
[2009/04/20 12:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
[2010/08/11 01:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\avidemux
[2014/07/18 12:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Azureus
[2009/10/18 03:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2007/07/22 05:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\BitTorrent
[2009/01/08 01:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Bytemobile
[2014/06/23 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\calibre
[2014/07/13 11:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Dropbox
[2014/07/13 11:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\DropboxMaster
[2014/02/23 21:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\DVDVideoSoft
[2009/02/18 07:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\EPSON
[2010/06/02 16:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\ERS G-Studio
[2010/06/25 14:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Foxit
[2013/10/24 23:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Foxit Software
[2014/05/17 18:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Fractron 9000
[2008/07/12 03:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\gtk-2.0
[2009/01/08 01:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\HCM Updater
[2007/06/16 23:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Leadertech
[2014/06/24 20:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\MCommon
[2009/06/11 05:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Movie Torrent
[2013/09/01 16:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\MSNInstaller
[2013/12/26 02:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Nokia
[2008/02/19 18:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Nuance
[2013/12/26 02:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PC Suite
[2013/10/21 01:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PCDr
[2014/07/07 10:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Pen
[2014/07/07 10:54:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD
[2010/06/02 15:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PlayFirst
[2014/07/03 14:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PrimoPDF
[2014/04/17 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PrivateTunnel
[2009/03/21 04:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\RapidTyping
[2014/07/07 17:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Samsung
[2014/01/20 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\SecureSearch
[2007/09/07 05:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Slide
[2007/12/16 20:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\SpinTop
[2007/09/23 18:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Swarm Racer
[2009/02/18 01:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Template
[2007/07/28 16:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Thunderbird
[2013/08/27 14:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\TuneUp Software
[2009/06/16 04:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\VoipCheap
[2
 
 
007/08/24 17:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Zen Puzzle Garden
 
========== Purity Check ==========
 
 
 
< End of report >
 
:headscratch:
 
07192014_125329
 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
C:\Program Files\AVG\AVG8\avgssie.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6714ADBD-C6C1-42A8-BD84-9C9339059421}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6714ADBD-C6C1-42A8-BD84-9C9339059421}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10000000-1000-1000-1000-100000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10000000-1000-1000-1000-100000000000}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02e714c3-6bbd-11df-a1ad-d7db7009a453}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02e714c3-6bbd-11df-a1ad-d7db7009a453}\ not found.
File J:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d031d7e-19ee-11de-a36b-83bb2b93224c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d031d80-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d031d80-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d031d80-19ee-11de-a36b-83bb2b93224c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d031d80-19ee-11de-a36b-83bb2b93224c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\ not found.
File boot.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60a1c4d8-7c42-11de-a096-cd34ff5f254b}\ not found.
File boot.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97fa8798-9217-11de-a0b5-d958748c0c4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97fa8798-9217-11de-a0b5-d958748c0c4d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97fa8798-9217-11de-a0b5-d958748c0c4d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97fa8798-9217-11de-a0b5-d958748c0c4d}\ not found.
File H:\VersionControl.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b1778-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9f2b177a-dce9-11dd-a2ff-c34cb2ffd839}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b66f282c-d9b9-11dc-a164-92a57a2577b7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b66f282c-d9b9-11dc-a164-92a57a2577b7}\ not found.
File E:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacb982c-b8dc-11df-a20f-00197e687bd7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacb982c-b8dc-11df-a20f-00197e687bd7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bacb982c-b8dc-11df-a20f-00197e687bd7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bacb982c-b8dc-11df-a20f-00197e687bd7}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f72e897a-3782-11dd-a1ef-00197e687bd7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f72e897a-3782-11dd-a1ef-00197e687bd7}\ not found.
File E:\WD_Windows_Tools\Setup.exe not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F87C192A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B52AE048 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A704FE1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo\cmd.bat deleted successfully.
C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 90562 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Pen
->Temp folder emptied: 218027067 bytes
->Temporary Internet Files folder emptied: 2513364 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20128702 bytes
->Google Chrome cache emptied: 11016420 bytes
->Flash cache emptied: 602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112287096 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 14977416 bytes
 
Total Files Cleaned = 362.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07192014_125329
 
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
:headscratch:
 
Uinstalled Adaware and kept Avast
 
Best Wishes
Pen

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

We will get rid of the Lavasoft leftovers and a few other items.

We need to do a fix to delete some files using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    DRV - [2010/07/12 15:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
    IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
    FF - prefs.js..browser.startup.homepage: "http://securedsearch...FBB6523CDC71A2"
    FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
    [2014/01/17 12:16:45 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
    O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
    O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {10000000-1000-1000-1000-100000000000} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    [2014/06/23 00:25:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2013/09/15 05:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Ad-Aware Antivirus
    [2013/12/21 04:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\adawaretb
    
    :Files
    
    :Commands
    
    [emptytemp]
    
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Joe
  • 0

#7
pen_nomad

pen_nomad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi Joe

:oops:

Sorry but I have to be in a place with no internet for the next 4 days and will not be able to reply until then.

Can we Please keep this thread open and continue when I return?

Best Wishes

Pen


  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
We'll keep the light on for you :)

See you when you return.

Joe
  • 0

#9
pen_nomad

pen_nomad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi Joe

Thanks for keeping the thread open.

Have done as you suggested.

 

OTL logfile created on: 25/07/2014 19:06:05 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.87 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 74.75% Memory free
3.04 Gb Paging File | 2.73 Gb Available in Paging File | 90.05% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.68 Gb Total Space | 53.26 Gb Free Space | 49.01% Space Free | Partition Type: NTFS
 
Computer Name: PEN-NOMAD | User Name: Pen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/18 13:55:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo\OTL.exe
PRC - [2014/07/16 20:03:47 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/07/16 20:03:43 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/01 15:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
PRC - [2008/07/07 22:46:45 | 000,416,768 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\CursorFX\CursorFX.exe
PRC - [2008/04/14 07:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/20 15:42:23 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/25 16:56:30 | 002,794,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\14072500\algo.dll
MOD - [2014/07/16 20:04:06 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/16 20:03:58 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2011/03/01 05:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2008/03/13 03:00:32 | 000,059,904 | ---- | M] () -- C:\Program Files\Stardock\CursorFX\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Cain\Abel.exe -- (Abel)
SRV - [2014/07/16 20:03:43 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/09 14:42:35 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/01 15:14:02 | 000,242,728 | ---- | M] (Foxit Corporation) [Auto | Running] -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe -- (FoxitCloudUpdateService)
SRV - [2014/05/20 18:17:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2007/02/20 00:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) [Disabled | Stopped] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2005/01/27 20:28:28 | 000,106,496 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\My Documents\05 Downloads\amifldrv32.sys -- (GENERICDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/07/16 20:05:47 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/16 20:04:10 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/07/16 20:04:10 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/16 20:04:10 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/16 20:04:10 | 000,057,800 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/07/16 20:04:10 | 000,055,112 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/07/16 20:04:10 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/16 20:04:10 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2014/04/11 15:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2014/04/11 15:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2014/04/11 15:39:22 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/10/17 05:49:16 | 000,090,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Temp\mvd23.sys -- (mvd23)
DRV - [2013/10/17 05:49:12 | 000,018,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Temp\mdf16.sys -- (mdf16)
DRV - [2013/09/21 06:22:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/12/30 03:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2012/07/15 10:48:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2011/11/01 17:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 17:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 17:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 17:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/11/01 17:07:24 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/09/07 21:55:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/09/07 21:55:58 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/03/25 22:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 22:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic)
DRV - [2009/03/25 22:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV - [2009/03/25 22:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 22:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus)
DRV - [2009/03/25 22:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5)
DRV - [2009/03/25 22:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009/01/23 04:37:37 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/14 01:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 01:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/03/17 16:03:46 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbser6k.sys -- (qcusbser6k)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbpcsync.sys -- (qcusbpcsync)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbnmea.sys -- (qcusbnmea)
DRV - [2007/10/03 11:30:32 | 000,065,024 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcusbmdm6k.sys -- (qcusbmdm6k)
DRV - [2006/12/19 00:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/11/03 12:34:00 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/11 18:43:56 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/22 17:06:26 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/17 19:55:16 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/02 04:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/07 01:27:42 | 000,281,600 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2006/06/02 05:51:10 | 000,021,376 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2005/08/12 22:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/15 05:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/05/24 21:01:16 | 000,077,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 21:00:56 | 000,079,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 21:00:46 | 000,087,424 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 21:00:44 | 000,006,096 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 21:00:38 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus)
DRV - [2005/02/23 20:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/17 20:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 21:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/12/16 22:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/11/05 17:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/19 19:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 19:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 17:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/23 00:08:14 | 000,012,504 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2004/09/22 00:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2002/10/15 20:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [1996/04/04 02:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{96A1833F-CD67-428C-8344-858C4F9F6F80}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AB73677F-9E1C-4263-BBEB-20436F42541B}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://securedsearch...FBB6523CDC71A2"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:24.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://securedsearch...soft&ent=bs&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/14 01:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate [2014/06/24 20:26:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/16 20:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/07/17 15:07:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2013/12/26 02:21:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate [2014/06/24 20:26:41 | 000,000,000 | ---D | M]
 
[2010/07/14 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Extensions
[2010/07/14 20:38:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Extensions\[email protected]
[2014/06/24 20:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions
[2014/06/24 20:26:41 | 000,000,000 | ---D | M] (Total Browser Security) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Extensions\MozillaUpdate
[2014/07/25 18:43:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions
[2014/06/30 19:03:45 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2014/04/04 09:57:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/15 13:10:10 | 000,010,966 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\[email protected]
[2014/07/01 19:48:52 | 000,985,329 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}.xpi
[2014/01/20 08:11:14 | 000,007,373 | ---- | M] () (No name found) -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi
[2013/08/27 19:36:02 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Mozilla\Firefox\Profiles\0cfm5pc7.default\searchplugins\yahoo.xml
[2014/05/20 18:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/20 18:18:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/15 14:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2014/07/15 14:14:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/07/10 15:18:10 | 000,069,632 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npitunes.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U19 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.190.4 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Adblock Plus = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: F.B Purity-Clean Up Facebook = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\9.9.1.8_0\
CHR - Extension: F.B Purity-Clean Up Facebook = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl\9.9.3_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Currently = C:\Documents and Settings\Pen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh\2.7.0_0\
 
O1 HOSTS File: ([2014/07/19 12:55:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [CursorFX] C:\Program Files\Stardock\CursorFX\CursorFX.exe (Stardock Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Rise of Atlantis\Images\armhelper.ocx (ArmHelper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C379B33D-D075-4B28-B906-7AA576770014}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C379B33D-D075-4B28-B906-7AA576770014}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Pen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 23:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/19 12:53:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/19 12:00:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/07/18 10:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\AV & Defrag programmes from GeeksToGo
[2014/07/17 15:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Foxit Software
[2014/07/17 10:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/07/16 20:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\AVAST Software
[2014/07/16 20:06:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[2014/07/16 20:06:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/07/16 20:04:45 | 000,057,800 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/07/16 20:04:43 | 000,779,536 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/07/16 20:04:41 | 000,414,520 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/07/16 20:04:39 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/07/16 20:04:36 | 000,055,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/07/16 20:04:21 | 000,276,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/07/16 20:04:08 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/07/16 19:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/07/16 19:25:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/07/15 11:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/07/15 11:35:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2014/07/15 11:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2014/07/13 20:52:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pen\Recent
[2014/07/13 19:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2014/07/13 16:47:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\E-MEDIA for sale
[2014/07/13 11:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Start Menu\Programs\SpeedFan
[2014/07/13 11:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2014/07/11 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2014/07/11 20:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2014/07/10 20:32:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\Dropbox
[2014/07/10 20:26:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\DropboxMaster
[2014/07/10 20:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/07/10 20:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Start Menu\Programs\Dropbox
[2014/07/10 20:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Dropbox
[2014/07/08 20:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2014/07/07 17:52:47 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudserd.sys
[2014/07/07 17:52:39 | 000,184,192 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudmdm.sys
[2014/07/07 17:52:32 | 000,089,856 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\WINDOWS\System32\drivers\ssudbus.sys
[2014/07/07 17:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2014/07/07 17:19:02 | 000,144,664 | ---- | C] (MAPILab Ltd. & Add-in Express Ltd.) -- C:\WINDOWS\System32\secman.dll
[2014/07/07 17:12:17 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2014/07/07 17:12:09 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2014/07/07 10:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Application Data\Pen
[2014/07/07 10:49:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD
[2014/07/03 20:02:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\My Videos
[2014/07/03 12:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Local Settings\Application Data\Adobe
[2014/07/02 11:33:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Pen\My Documents\Twelve Links of Dependent Origination
[2014/06/27 18:29:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\SLOW LAPTOP
[2014/06/27 15:33:23 | 000,000,000 | ---D | C] -- C:\My Web Sites
[2014/06/26 15:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pen\Desktop\Tesco Lotus on Koh Phangan (COMPLAINT)
[2007/06/16 23:19:01 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Pen\MSSSerif120.fon
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/25 18:54:16 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/25 18:54:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/07/25 18:54:07 | 000,000,218 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/07/25 18:50:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/07/25 18:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/07/25 18:18:41 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4196911015-24638137-990088397-1005UA.job
[2014/07/19 12:55:46 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/07/19 11:45:33 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\A. E. Van Vogt (2).lnk
[2014/07/18 16:43:08 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/07/18 16:39:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014/07/18 16:38:53 | 000,322,768 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot004.jpg
[2014/07/18 12:06:08 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/07/16 20:06:07 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/07/16 20:05:47 | 000,414,520 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/07/16 20:04:10 | 000,779,536 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2014/07/16 20:04:10 | 000,192,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/07/16 20:04:10 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/07/16 20:04:10 | 000,057,800 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/07/16 20:04:10 | 000,055,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2014/07/16 20:04:10 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/07/16 20:04:10 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/07/16 20:04:08 | 000,276,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/07/16 20:04:08 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/07/16 19:14:00 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/07/14 12:24:48 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2014/07/14 12:24:48 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2014/07/13 16:50:19 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\Nanthawan Bungalows (Chaloklum).lnk
[2014/07/13 13:06:57 | 000,001,496 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\2014 umm.lnk
[2014/07/13 11:48:14 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2014/07/12 08:20:30 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4196911015-24638137-990088397-1005Core.job
[2014/07/10 16:01:55 | 000,000,464 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\00 NET IMAGES.lnk
[2014/07/08 15:00:01 | 000,000,212 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[2014/07/07 17:19:43 | 000,001,672 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2014/07/07 17:19:42 | 000,001,662 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2014/07/07 10:50:11 | 001,805,692 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Pen.exe
[2014/07/07 10:48:35 | 007,720,252 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD.exe
[2014/07/04 14:45:05 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\WEBSITES 2.lnk
[2014/06/30 20:12:58 | 000,494,270 | ---- | M] () -- C:\Documents and Settings\Pen\Desktop\2014 - 06 Accounts.jpg
[2014/06/30 03:50:49 | 079,678,680 | ---- | M] () -- C:\Documents and Settings\Pen\Application Data\Game.of.Thrones.S04E11.HDTV.x264-KILLERS.mp4
 
========== Files Created - No Company Name ==========
 
[2014/07/19 11:45:33 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\A. E. Van Vogt (2).lnk
[2014/07/18 16:38:47 | 000,322,768 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\ScreenShot004.jpg
[2014/07/17 10:37:20 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2014/07/16 20:06:07 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/07/16 20:05:21 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/07/16 20:04:44 | 000,192,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/07/16 20:04:40 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/07/16 20:04:38 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/07/14 12:24:48 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2014/07/14 12:24:48 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2014/07/13 16:50:19 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\Nanthawan Bungalows (Chaloklum).lnk
[2014/07/13 13:06:26 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\2014 umm.lnk
[2014/07/11 20:13:44 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2014/07/10 16:01:55 | 000,000,464 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\00 NET IMAGES.lnk
[2014/07/07 17:19:43 | 000,001,672 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk
[2014/07/07 17:19:42 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2014/07/07 10:50:12 | 001,805,692 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Pen.exe
[2014/07/07 10:48:42 | 007,720,252 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD.exe
[2014/07/06 19:14:48 | 079,678,680 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\Game.of.Thrones.S04E11.HDTV.x264-KILLERS.mp4
[2014/07/04 14:45:05 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\WEBSITES 2.lnk
[2014/06/30 20:12:58 | 000,494,270 | ---- | C] () -- C:\Documents and Settings\Pen\Desktop\2014 - 06 Accounts.jpg
[2014/05/17 18:58:53 | 000,194,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014/04/30 19:47:48 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014/04/10 14:07:05 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2013/11/28 04:02:34 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/09/15 05:21:39 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2013/09/15 05:21:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2013/08/27 05:48:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/02/18 01:30:08 | 000,000,444 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\wklnhst.dat
[2008/02/24 18:37:19 | 000,001,955 | ---- | C] () -- C:\Documents and Settings\Pen\Application Data\SAS7_000.DAT
[2007/12/06 00:25:45 | 000,846,504 | ---- | C] () -- C:\Documents and Settings\Pen\JNativeCpp.dll
[2007/08/22 18:16:22 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Pen\default.pls
[2007/05/30 06:15:44 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/26 15:47:16 | 021,822,168 | ---- | C] (                            ) -- C:\Program Files\AdbeRdr80_en_US.exe
[2007/05/25 17:56:36 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Pen\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2004/08/11 23:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 19:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/09/21 13:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2008/08/16 02:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
[2008/08/15 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 YPack Trial
[2010/06/02 16:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2014/07/15 11:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/07/16 19:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/01/03 21:00:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2013/09/15 05:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2007/05/26 04:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2013/08/27 00:38:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/09/15 05:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2014/04/18 18:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/06/02 01:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2014/01/23 15:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\House Of Soft
[2014/01/23 15:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/01 22:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2014/07/13 18:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/31 22:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2013/12/26 02:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2013/12/26 02:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2008/02/19 17:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/12/26 02:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2013/10/21 01:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2014/07/18 10:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/02 15:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/03/21 04:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2014/07/07 17:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2008/02/26 17:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/09/21 15:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2007/05/24 00:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2013/09/07 21:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2009/04/22 05:31:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/25 00:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/02/18 06:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2014/03/01 23:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2009/04/06 20:39:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE032019-B933-4DF4-9174-48C52613DA13}
[2009/04/09 21:28:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pen\Application Data\.#
[2010/06/01 22:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Alawar
[2009/03/17 19:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Any Video Converter
[2014/07/16 20:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\AVAST Software
[2009/04/20 12:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\AVGTOOLBAR
[2010/08/11 01:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\avidemux
[2014/07/18 12:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Azureus
[2009/10/18 03:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2007/07/22 05:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\BitTorrent
[2009/01/08 01:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Bytemobile
[2014/06/23 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\calibre
[2014/07/13 11:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Dropbox
[2014/07/13 11:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\DropboxMaster
[2014/02/23 21:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\DVDVideoSoft
[2009/02/18 07:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\EPSON
[2010/06/02 16:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\ERS G-Studio
[2010/06/25 14:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Foxit
[2013/10/24 23:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Foxit Software
[2014/05/17 18:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Fractron 9000
[2008/07/12 03:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\gtk-2.0
[2009/01/08 01:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\HCM Updater
[2007/06/16 23:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Leadertech
[2014/06/24 20:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\MCommon
[2009/06/11 05:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Movie Torrent
[2013/09/01 16:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\MSNInstaller
[2013/12/26 02:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Nokia
[2008/02/19 18:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Nuance
[2013/12/26 02:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PC Suite
[2013/10/21 01:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PCDr
[2014/07/07 10:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Pen
[2014/07/07 10:54:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pen\Application Data\PEN-NOMAD
[2010/06/02 15:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PlayFirst
[2014/07/03 14:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PrimoPDF
[2014/04/17 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\PrivateTunnel
[2009/03/21 04:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\RapidTyping
[2014/07/07 17:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Samsung
[2014/01/20 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\SecureSearch
[2007/09/07 05:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Slide
[2007/12/16 20:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\SpinTop
[2007/09/23 18:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Swarm Racer
[2009/02/18 01:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Template
[2007/07/28 16:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Thunderbird
[2013/08/27 14:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\TuneUp Software
[2009/06/16 04:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\VoipCheap
[2007/08/24 17:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pen\Application Data\Zen Puzzle Garden
 
========== Purity Check ==========
 
 
 
< End of report >
 
Sorry, I seem to have lost the other 'moved files' report and can't find where OTL saved it  :oops:
I ran OTL as it opened, (screenshot), and wasn't sure if you wanted to tick the all in extra registry.
Best Wishes
Pen
 

Attached Thumbnails

  • ScreenShot002.jpg

Edited by pen_nomad, 25 July 2014 - 06:55 AM.

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Pen,

Can you do this next,

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Thanks
    Joe :)

  • 0

Advertisements


#11
pen_nomad

pen_nomad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Hi Joe.

Am struggling a little with this:

ran the ADW and got 10 of these boxes S/shot 1

then the box in S/shot 2.

on clicking ok, ADW closed............

Best Wishes

Pen

Attached Thumbnails

  • ScreenShot001.jpg
  • ScreenShot002.jpg

Edited by pen_nomad, 27 July 2014 - 12:22 AM.

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Right click on the adwcleaner Icon on the desktop, choose delete. Reboot the computer, redownload adwCleaner. Try running in again.

Joe
  • 0

#13
pen_nomad

pen_nomad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

2nd download  :oops:

Attached Thumbnails

  • ScreenShot003.jpg

  • 0

#14
pen_nomad

pen_nomad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts

Deleted it, reboot and then 3rd download..   :oops:

 

Attached Thumbnails

  • ScreenShot001.jpg

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Lets try running Malwarebytes and see how that goes for you.

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop

Post that log.

Joe
  • 0






Similar Topics


Also tagged with one or more of these keywords: dell, inspiron, slow

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP