[TheDEvilElvis]

The Adaware removal tool wants me to pay $39.95 to remove the junk it came up with. It said there were 89 problems at .60 a solution which equals $53.40 but sense it is my lucky day and they like me, I get a discount of $13.45 which whittles it down to the meager sum of 39.95. How lucky am I?!? I'm a little short today so I was wondering if you would spot me the 40 bucks since they were nice enough to knock the price down....no?

Now what?

[Advertisements]

Wow, I'm sorry but I'm a little short on cash right now

I apologize for sending you to that link, that program was pure rubbish, pretending to be the removal tool. This is why I don't trust cnet anymore, shame on them for hosting such trash.

IF you go to the start menu, and click on all programs is there a listing for Lavasoft in there? If so look for an uninstall option for adaware in there.

If you still can't find the uninstall option, let's try the Revo Uninstaller found here. Make sure to get the free version and not the pro version, as I don't have the cash to lend to you right now

Start Revo, and look for either AdAware, or Lavasoft in the list. Highlight the program and click Uninstall.
Confirm by clicking Yes, then make sure you choose the Moderate option for the Uninstall Mode.
After the 4th step, click the Next button for Revo to check for leftover files, folders and registry entries.
If Revo does find anything, please be careful and select ONLY the BOLDED entries on your screen.
You will have to click on the Delete button to remove the checked bold entries, confirm yes when asked.
Click on Next and if Revo found any leftover files and folders you will be given the option of removing these as well. Check the boxes and click Delete, then click on Next to finish.

After all this, please re-run security check for me and post the log file it creates

Also, please re-run OTL and do a Quick Scan - post that log as well.

[Crowbar]

Wow, I'm sorry but I'm a little short on cash right now

I apologize for sending you to that link, that program was pure rubbish, pretending to be the removal tool. This is why I don't trust cnet anymore, shame on them for hosting such trash.

IF you go to the start menu, and click on all programs is there a listing for Lavasoft in there? If so look for an uninstall option for adaware in there.

If you still can't find the uninstall option, let's try the Revo Uninstaller found here. Make sure to get the free version and not the pro version, as I don't have the cash to lend to you right now

Start Revo, and look for either AdAware, or Lavasoft in the list. Highlight the program and click Uninstall.
Confirm by clicking Yes, then make sure you choose the Moderate option for the Uninstall Mode.
After the 4th step, click the Next button for Revo to check for leftover files, folders and registry entries.
If Revo does find anything, please be careful and select ONLY the BOLDED entries on your screen.
You will have to click on the Delete button to remove the checked bold entries, confirm yes when asked.
Click on Next and if Revo found any leftover files and folders you will be given the option of removing these as well. Check the boxes and click Delete, then click on Next to finish.

After all this, please re-run security check for me and post the log file it creates

Also, please re-run OTL and do a Quick Scan - post that log as well.

[TheDEvilElvis]

No Lavasoft or Adaware that I could find with Revo.

Security check log:

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CA Yahoo! Anti-Spy (remove only)
Spybot - Search & Destroy
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Java™ 6 Update 27
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Google Chrome 13.0.782.112
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

OTL log:

OTL logfile created on: 1/22/2013 1:22:10 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.76 Gb Available Physical Memory | 38.35% Memory free
4.22 Gb Paging File | 2.80 Gb Available in Paging File | 66.33% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.63 Gb Free Space | 60.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\e\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe (VS Revo Group)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
PRC - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe (AVG)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
MOD - C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe (AVG)
SRV - (Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (Realtek11nSU) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrssweep.sys File not found
DRV - (utq1ndux) -- C:\Windows\system32\Drivers\utq1ndux.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\e\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (TrueSight) -- C:\Windows\System32\drivers\TrueSight.sys ()
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\Windows\System32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (mr8980) -- C:\Windows\System32\drivers\mr8980.sys (Mars Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ATMhelpr) -- C:\Windows\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: n:\YhoMsger\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\e\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket\Cricket Broadband\addon\ [2009/11/06 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/12/02 22:55:14 | 000,000,000 | ---D | M]

[2012/12/02 22:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2009/04/19 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/21 05:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/21 05:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/08 04:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

========== Chrome ==========

CHR - homepage: http://yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/01/16 15:59:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Shockwave ActiveX Control)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} Reg Error: Value error. (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE54CE-22E0-4E65-8C54-925F80B3F984}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B16197E-3674-4BD3-8C61-F10550E09101}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E1DA6E-0C90-400E-92DA-796C49374D47}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF319A4F-6A0C-4A3D-B4CD-97CACF9374FF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24E017B-A329-4253-A38E-B028DD43BCB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/22 13:09:58 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\VS Revo Group
[2013/01/22 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/22 13:09:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/01/22 13:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/22 13:03:46 | 007,921,688 | ---- | C] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 10:46:09 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/01/22 10:46:09 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/01/22 10:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware Removal Tool
[2013/01/22 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adaware Removal Tool
[2013/01/22 08:36:51 | 021,138,402 | ---- | C] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
[2013/01/22 07:53:46 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:47:59 | 000,000,000 | ---D | C] -- C:\Users\e\Desktop\RK_Quarantine
[2013/01/21 06:10:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:27:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 13:27:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/20 01:54:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/16 16:04:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\temp
[2013/01/16 15:41:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/16 15:41:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/16 15:41:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/16 15:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/16 15:39:31 | 005,022,302 | R--- | C] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/15 16:17:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/13 03:08:09 | 000,000,000 | ---D | C] -- C:\c05960a737139d671f
[2013/01/09 03:07:48 | 000,000,000 | ---D | C] -- C:\32f0ebe972e95259aa8cc8
[2012/07/30 15:15:35 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\e\SkypeSetup.exe
[2012/05/19 13:52:52 | 004,765,753 | ---- | C] (ffdshow ) -- C:\Users\e\ffdshow_rev4422_20120409.exe
[2012/05/06 01:40:55 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\e\ccsetup318.exe
[2012/04/28 19:26:56 | 001,212,568 | ---- | C] (videoslurp.com ) -- C:\Users\e\vsbrowser-setup.exe

========== Files - Modified Within 30 Days ==========

[2013/01/22 13:25:38 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
[2013/01/22 13:25:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
[2013/01/22 13:15:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
[2013/01/22 13:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 13:09:55 | 000,001,091 | ---- | M] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 13:05:37 | 007,921,688 | ---- | M] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 12:50:37 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:50:37 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/22 12:28:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/22 10:41:09 | 000,643,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/22 10:41:09 | 000,119,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/22 08:51:28 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/22 08:50:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/22 08:50:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/01/22 08:48:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/22 08:37:46 | 021,138,402 | ---- | M] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
[2013/01/22 07:54:00 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:48:17 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/22 07:47:47 | 000,766,464 | ---- | M] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 06:56:30 | 000,169,984 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/21 06:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:57:40 | 000,574,677 | ---- | M] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 17:15:03 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
[2013/01/20 02:26:33 | 000,881,914 | ---- | M] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | M] () -- C:\Users\e\Documents\MBR.dat
[2013/01/20 02:06:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/17 18:06:02 | 000,178,501 | ---- | M] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:37 | 000,063,484 | ---- | M] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:07 | 000,016,293 | ---- | M] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:59 | 000,063,778 | ---- | M] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/16 15:40:37 | 000,000,546 | ---- | M] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 15:39:32 | 005,022,302 | R--- | M] (Swearware) -- C:\Users\e\Documents\ComboFix.exe
[2013/01/16 10:40:39 | 000,038,275 | ---- | M] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 16:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/15 13:00:57 | 000,031,093 | ---- | M] () -- C:\Users\e\Documents\clown.jpg
[2013/01/14 20:33:41 | 000,002,024 | ---- | M] () -- C:\Users\e\Desktop\Google Chrome.lnk
[2013/01/13 04:01:32 | 000,536,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/10 18:58:31 | 000,161,434 | ---- | M] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:54:04 | 000,053,519 | ---- | M] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:39 | 000,315,781 | ---- | M] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:32 | 000,909,167 | ---- | M] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:25 | 000,068,117 | ---- | M] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:09 | 000,129,427 | ---- | M] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 15:55:16 | 000,068,405 | ---- | M] () -- C:\Users\e\Documents\hand.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | M] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | M] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | M] () -- C:\Users\e\Documents\self01.jpg
[2013/01/05 22:24:55 | 000,025,184 | ---- | M] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | M] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:56 | 000,027,461 | ---- | M] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:41 | 000,339,877 | ---- | M] () -- C:\Users\e\Documents\insane1.jpg
[2013/01/04 07:25:15 | 000,445,016 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130115-080926.backup
[2012/12/28 14:00:35 | 000,172,780 | ---- | M] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | M] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:53 | 000,124,112 | ---- | M] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/24 01:22:35 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job

========== Files Created - No Company Name ==========

[2013/01/22 13:09:55 | 000,001,091 | ---- | C] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 07:48:17 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/22 07:47:38 | 000,766,464 | ---- | C] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 05:57:01 | 000,574,677 | ---- | C] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:25:41 | 000,881,914 | ---- | C] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | C] () -- C:\Users\e\Documents\MBR.dat
[2013/01/17 18:06:02 | 000,178,501 | ---- | C] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:36 | 000,063,484 | ---- | C] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:04 | 000,016,293 | ---- | C] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:57 | 000,063,778 | ---- | C] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:41:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/16 15:41:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/16 15:41:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/16 15:41:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/16 15:41:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/16 15:40:37 | 000,000,546 | ---- | C] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:37 | 000,038,275 | ---- | C] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 13:00:54 | 000,031,093 | ---- | C] () -- C:\Users\e\Documents\clown.jpg
[2013/01/10 18:58:31 | 000,161,434 | ---- | C] () -- C:\Users\e\Documents\Kimberblue.jpg
[2013/01/10 18:53:55 | 000,053,519 | ---- | C] () -- C:\Users\e\Documents\getimage.tif
[2013/01/09 15:00:32 | 000,315,781 | ---- | C] () -- C:\Users\e\Documents\Alabama.jpg
[2013/01/08 22:17:25 | 000,909,167 | ---- | C] () -- C:\Users\e\Documents\spaceship.png
[2013/01/07 17:28:24 | 000,068,117 | ---- | C] () -- C:\Users\e\Documents\self05.jpg
[2013/01/07 17:25:07 | 000,129,427 | ---- | C] () -- C:\Users\e\Documents\self03.jpg
[2013/01/07 14:51:02 | 000,448,699 | ---- | C] () -- C:\Users\e\Documents\self04.png
[2013/01/07 14:50:17 | 000,041,000 | ---- | C] () -- C:\Users\e\Documents\self02.jpg
[2013/01/07 14:49:27 | 000,147,783 | ---- | C] () -- C:\Users\e\Documents\self01.jpg
[2013/01/07 14:44:09 | 000,068,405 | ---- | C] () -- C:\Users\e\Documents\hand.jpg
[2013/01/05 22:24:54 | 000,025,184 | ---- | C] () -- C:\Users\e\Documents\insane4.jpg
[2013/01/05 22:24:22 | 000,194,183 | ---- | C] () -- C:\Users\e\Documents\insane3.png
[2013/01/05 22:23:55 | 000,027,461 | ---- | C] () -- C:\Users\e\Documents\insane2.jpg
[2013/01/05 22:23:33 | 000,339,877 | ---- | C] () -- C:\Users\e\Documents\insane1.jpg
[2012/12/28 14:00:30 | 000,172,780 | ---- | C] () -- C:\Users\e\Documents\joey_comicbook.jpg
[2012/12/26 23:39:49 | 000,053,973 | ---- | C] () -- C:\Users\e\Documents\lacey.jpg
[2012/12/26 23:24:45 | 000,124,112 | ---- | C] () -- C:\Users\e\Documents\schwinn.jpg
[2012/12/03 19:31:01 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/11/11 07:22:25 | 010,997,760 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/11/11 00:32:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/10 11:21:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/11/10 11:08:41 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/14 02:59:22 | 000,027,520 | ---- | C] () -- C:\Users\e\AppData\Local\dt.dat
[2012/07/31 09:23:40 | 002,573,120 | ---- | C] ( ) -- C:\Users\e\falert.exe
[2012/06/09 02:37:32 | 024,458,945 | ---- | C] ( ) -- C:\Users\e\3iabwlinstallv.exe
[2012/06/07 21:10:28 | 017,063,936 | ---- | C] () -- C:\Users\e\latex1.mp4
[2012/01/29 19:49:34 | 000,003,594 | ---- | C] () -- C:\Users\e\AppData\Roaming\SAS7_000.DAT
[2011/10/18 05:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/18 05:11:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/15 05:25:22 | 000,003,493 | ---- | C] () -- C:\Windows\memgprep.dll
[2011/10/15 05:25:22 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2011/10/14 05:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/06 16:52:08 | 000,208,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/03/22 00:23:20 | 000,789,006 | ---- | C] () -- C:\Windows\System32\cygstdc++-6.dll
[2011/03/22 00:23:02 | 000,044,558 | ---- | C] () -- C:\Windows\System32\cyggcc_s-1.dll
[2011/03/16 15:09:48 | 001,174,542 | ---- | C] () -- C:\Windows\System32\cygcrypto-0.9.8.dll
[2011/03/16 15:09:48 | 000,268,814 | ---- | C] () -- C:\Windows\System32\cygssl-0.9.8.dll
[2010/10/08 09:34:04 | 000,027,503 | ---- | C] () -- C:\Users\e\AppData\Roaming\UserTile.png
[2010/07/25 12:07:43 | 000,000,034 | ---- | C] () -- C:\Users\e\AppData\Roaming\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/07/25 12:07:41 | 000,000,033 | ---- | C] () -- C:\ProgramData\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/24 19:54:11 | 000,010,582 | -HS- | C] () -- C:\Users\e\AppData\Local\RHpCMfQD4
[2009/11/07 20:26:51 | 000,000,760 | ---- | C] () -- C:\Users\e\AppData\Roaming\setup_ldm.iss
[2009/07/17 01:07:23 | 000,001,356 | ---- | C] () -- C:\Users\e\AppData\Local\d3d9caps.dat
[2009/06/08 09:19:23 | 000,000,632 | RHS- | C] () -- C:\Users\e\ntuser.pol
[2008/12/13 00:27:43 | 000,000,000 | ---- | C] () -- C:\Users\e\AppData\Roaming\wklnhst.dat
[2008/06/10 08:39:51 | 000,169,984 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/09 23:32:12 | 005,242,880 | -HS- | C] () -- C:\Users\e\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/05 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AnvSoft
[2012/10/29 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG
[2011/12/22 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\blekko
[2010/04/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Clone2Go Video Converter Professional
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cribbage
[2009/11/06 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cricket
[2009/10/07 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\funkitron
[2009/12/20 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\GrabPro
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\IObit
[2009/11/07 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2011/01/06 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\NCH Swift Sound
[2012/01/29 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Nuance
[2009/08/01 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\OpenOffice.org
[2009/12/24 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Opera
[2011/01/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Orbit
[2010/10/08 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\PeerNetworking
[2009/09/27 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Pogo Games
[2010/12/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ProgSense
[2009/01/31 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Publish Providers
[2012/07/13 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Research In Motion
[2010/06/20 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Smilebox
[2009/01/31 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Sony
[2008/12/13 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Template
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Uniden Surveillance System
[2011/06/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2011/08/08 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Vso
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\W Photo Studio Viewer
[2011/12/15 06:51:31 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\wargaming.net
[2009/12/11 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WinBatch
[2011/10/13 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Windows Live Writer
[2012/04/24 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WindSolutions
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\youtube-downloader-and-converter

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteenlive.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteen.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\Phil Silvers in Gilligan's Island - (1966).FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys2.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys1.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\9-H_0iGuEnY.FLV:TOC.WMV

< End of report >

[Crowbar]

Don't see any sign of the adaware anti virus now, that's good.
Let's get your AV up and running at this point, so nothing can creep into your system

Please go ahead and install Microsoft Security Essentials, it will want to do an update and a system scan when it's installed, so please oblige it.

After that is done, you can go ahead and remove the AVG tune up program with the Revo Uninstaller, just make sure you choose Moderate when asked, same instructions as I gave before.

I am going to look over your latest log file in the meantime.

after you get MSE installed, please tell me about the computers current symptoms.

[TheDEvilElvis]

Crowbar, so far so good. When I uninstalled the AVG Tune Up Pro their were 22 folders and almost 300 files. I would like to punch who ever is responsible for that little dilly right in the mother board! Thank you for all of your hand holding, baby sitting, and stupendous computer fixability. You were great! You probably wear spandex pants and a cape, and for good reason.

If you got your name from the rock and roll band Crowbar, please remember that they play devil music......and I am TheDevilElvis, so it's all cool and the gang. Rock on, bro-ham!



~TDE~

Edited by TheDEvilElvis, 23 January 2013 - 09:11 PM.

[Crowbar]

Hi again,

Yep, you got me, I'm a big Crowbar fan, a complete metal-head. It's a little cold here in New York for spandex today, and I don't think anyone here would want to see that

Since you are now a fan of the Revo Uninstaller, you can go and use it to remove that awful adaware remover program that I had you download (sorry again). Just remember to use the Moderate option.
I still recommend that you remove that tuneup utility software if you already have not. Registry cleaners can be quite bad for your computer.

Let's clean up a little, and have you to do some updating of a few programs to help keep you secure.
I take it that your original issues are gone, is that correct?

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  DRV - (utq1ndux) -- C:\Windows\system32\Drivers\utq1ndux.sys File not found
  DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
  O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} Reg Error: Value error. (Reg Error: Key error.)
  O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Value error. (Reg Error: Key error.)
  O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} Reg Error: Value error. (SysInfo Class)
  O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} Reg Error: Value error. (Reg Error: Key error.)
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

Step 2
You have some out of date programs, and that is a security risk, so please update the following:
Java - your java is out of date, this is a huge security risk these days. If you don't use Java at all, please go ahead and uninstall it. If you must have Java, please uninstall all Java programs that you see in your Programs and Features first. Then go to Java.com and download the Windows Offline version. Download this to your desktop and install it.

Adobe Flash Player is also out of date, not as much a security risk as outdated Java, but still a risk.
Please visit this page here and select the link Get the Latest Version. Make sure you uncheck the box for installing the Mcafee security scan, or whatever other trash they are bundling with the flash player.

Adobe Reader 8 is very old, please uninstall it, then visit this page here and again make sure to uncheck the box for Mcafee security scan or whatever else they are offering to install with the reader.

In your next reply I would like to see:

• OTL fix log
• Computer still doing ok?

[Crowbar]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

[Crowbar]

User Returned

[TheDEvilElvis]

My anti virus fund 3 win32/Alureon.ct. That's nice. Here is my OTL log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named utq1ndux was found to stop!
Service\Driver key utq1ndux not found.
File C:\Windows\system32\Drivers\utq1ndux.sys File not found not found.
Error: No service named Lavasoft Kernexplorer was found to stop!
Service\Driver key Lavasoft Kernexplorer not found.
File C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found not found.
Starting removal of ActiveX control {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\ not found.
Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Starting removal of ActiveX control {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Starting removal of ActiveX control {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: e
->Temp folder emptied: 105182 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 16315546 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eddy
->Temp folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 145166 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 293126642 bytes

Total Files Cleaned = 295.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02122013_145610

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Crowbar]

Hi,
there are an awful lot of "not found"s in that fix log, and it's been a few days, so I would love to see a fresh OTL scan.
Run OTL

• Right click on the icon and select Run as Administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• Please post the OTL log in your next reply

[TheDEvilElvis]

Here she is:

OTL logfile created on: 2/13/2013 1:33:19 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.76% Memory free
4.21 Gb Paging File | 3.26 Gb Available in Paging File | 77.42% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.10 Gb Free Space | 60.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\e\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe File not found
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (Realtek11nSU) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrssweep.sys File not found
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\e\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\Windows\System32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (mr8980) -- C:\Windows\System32\drivers\mr8980.sys (Mars Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ATMhelpr) -- C:\Windows\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: n:\YhoMsger\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\e\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket\Cricket Broadband\addon\ [2009/11/06 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/11 00:20:54 | 000,000,000 | ---D | M]

[2012/12/02 22:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2009/04/19 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/21 05:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/21 05:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/08 04:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

========== Chrome ==========

CHR - homepage: http://yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/12 01:31:23 | 000,444,240 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15285 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE54CE-22E0-4E65-8C54-925F80B3F984}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B16197E-3674-4BD3-8C61-F10550E09101}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E1DA6E-0C90-400E-92DA-796C49374D47}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF319A4F-6A0C-4A3D-B4CD-97CACF9374FF}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24E017B-A329-4253-A38E-B028DD43BCB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 01:46:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/11 19:21:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013/02/11 01:07:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/11 00:55:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\e\Documents\tdsskiller.exe
[2013/02/10 09:54:40 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/10 09:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/10 09:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/10 01:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/22 13:09:58 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\VS Revo Group
[2013/01/22 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/22 13:09:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/01/22 13:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/22 13:03:46 | 007,921,688 | ---- | C] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 10:46:09 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/01/22 10:46:09 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/01/22 10:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware Removal Tool
[2013/01/22 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adaware Removal Tool
[2013/01/22 08:36:51 | 021,138,402 | ---- | C] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
[2013/01/22 07:53:46 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:47:59 | 000,000,000 | ---D | C] -- C:\Users\e\Desktop\RK_Quarantine
[2013/01/21 06:10:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:27:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 01:54:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\temp
[2013/01/16 15:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/15 16:17:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2012/07/30 15:15:35 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\e\SkypeSetup.exe
[2012/05/19 13:52:52 | 004,765,753 | ---- | C] (ffdshow ) -- C:\Users\e\ffdshow_rev4422_20120409.exe
[2012/05/06 01:40:55 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\e\ccsetup318.exe
[2012/04/28 19:26:56 | 001,212,568 | ---- | C] (videoslurp.com ) -- C:\Users\e\vsbrowser-setup.exe

========== Files - Modified Within 30 Days ==========

[2013/02/13 13:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
[2013/02/13 13:40:00 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
[2013/02/13 13:33:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/13 13:21:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
[2013/02/13 13:18:26 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/13 13:18:03 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 13:18:03 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 13:17:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/13 13:15:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/02/13 12:00:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/02/13 08:35:05 | 000,643,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 08:35:05 | 000,119,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/13 03:04:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/12 15:21:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
[2013/02/12 09:05:08 | 000,033,792 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013/02/12 05:31:47 | 000,168,960 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/12 01:31:23 | 000,444,240 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/11 15:33:13 | 000,054,406 | ---- | M] () -- C:\Users\e\Documents\insane2a.jpg
[2013/02/11 15:30:06 | 000,192,582 | ---- | M] () -- C:\Users\e\Documents\insane1a.jpg
[2013/02/11 01:14:59 | 001,226,512 | ---- | M] () -- C:\Users\e\Documents\DownloadManagerSetup.exe
[2013/02/11 00:57:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\e\Documents\tdsskiller.exe
[2013/02/09 08:51:01 | 000,006,205 | ---- | M] () -- C:\Users\e\Documents\blue light.jpg
[2013/02/04 16:05:18 | 000,039,094 | ---- | M] () -- C:\Users\e\Documents\Hiss.jpg
[2013/02/01 14:34:37 | 000,063,307 | ---- | M] () -- C:\Users\e\Documents\monsterface.jpg
[2013/02/01 13:51:30 | 000,114,994 | ---- | M] () -- C:\Users\e\Documents\missing.jpg
[2013/02/01 13:20:59 | 000,002,024 | ---- | M] () -- C:\Users\e\Desktop\Google Chrome.lnk
[2013/01/29 19:59:19 | 000,009,341 | ---- | M] () -- C:\Users\e\Documents\shutup.jpg
[2013/01/29 19:23:30 | 000,017,406 | ---- | M] () -- C:\Users\e\Documents\pods1.jpg
[2013/01/29 19:23:10 | 000,037,638 | ---- | M] () -- C:\Users\e\Documents\pods.jpg
[2013/01/28 08:17:36 | 000,157,631 | ---- | M] () -- C:\Users\e\Documents\getimage.tif
[2013/01/28 06:47:59 | 000,042,707 | ---- | M] () -- C:\Users\e\Documents\self07.jpg
[2013/01/25 13:14:02 | 000,032,315 | ---- | M] () -- C:\Users\e\Documents\catposter.jpg
[2013/01/22 13:09:55 | 000,001,091 | ---- | M] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 13:05:37 | 007,921,688 | ---- | M] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 08:37:46 | 021,138,402 | ---- | M] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
[2013/01/22 07:54:00 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:47:47 | 000,766,464 | ---- | M] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 06:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:57:40 | 000,574,677 | ---- | M] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:26:33 | 000,881,914 | ---- | M] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | M] () -- C:\Users\e\Documents\MBR.dat
[2013/01/20 02:06:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/17 18:06:02 | 000,178,501 | ---- | M] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:37 | 000,063,484 | ---- | M] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:07 | 000,016,293 | ---- | M] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:59 | 000,063,778 | ---- | M] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130212-013123.backup
[2013/01/16 15:40:37 | 000,000,546 | ---- | M] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:39 | 000,038,275 | ---- | M] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 16:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/15 13:00:57 | 000,031,093 | ---- | M] () -- C:\Users\e\Documents\clown.jpg

========== Files Created - No Company Name ==========

[2013/02/11 15:33:13 | 000,054,406 | ---- | C] () -- C:\Users\e\Documents\insane2a.jpg
[2013/02/11 15:30:06 | 000,192,582 | ---- | C] () -- C:\Users\e\Documents\insane1a.jpg
[2013/02/11 01:13:57 | 001,226,512 | ---- | C] () -- C:\Users\e\Documents\DownloadManagerSetup.exe
[2013/02/09 08:24:04 | 000,006,205 | ---- | C] () -- C:\Users\e\Documents\blue light.jpg
[2013/02/04 16:05:15 | 000,039,094 | ---- | C] () -- C:\Users\e\Documents\Hiss.jpg
[2013/02/01 15:12:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/02/01 14:34:34 | 000,063,307 | ---- | C] () -- C:\Users\e\Documents\monsterface.jpg
[2013/01/31 10:06:54 | 000,114,994 | ---- | C] () -- C:\Users\e\Documents\missing.jpg
[2013/01/29 19:59:18 | 000,009,341 | ---- | C] () -- C:\Users\e\Documents\shutup.jpg
[2013/01/29 19:23:30 | 000,017,406 | ---- | C] () -- C:\Users\e\Documents\pods1.jpg
[2013/01/29 19:23:07 | 000,037,638 | ---- | C] () -- C:\Users\e\Documents\pods.jpg
[2013/01/28 08:17:32 | 000,157,631 | ---- | C] () -- C:\Users\e\Documents\getimage.tif
[2013/01/25 13:13:57 | 000,032,315 | ---- | C] () -- C:\Users\e\Documents\catposter.jpg
[2013/01/22 19:33:11 | 000,042,707 | ---- | C] () -- C:\Users\e\Documents\self07.jpg
[2013/01/22 13:53:24 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/22 13:09:55 | 000,001,091 | ---- | C] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 07:47:38 | 000,766,464 | ---- | C] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 05:57:01 | 000,574,677 | ---- | C] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:25:41 | 000,881,914 | ---- | C] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | C] () -- C:\Users\e\Documents\MBR.dat
[2013/01/17 18:06:02 | 000,178,501 | ---- | C] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:36 | 000,063,484 | ---- | C] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:04 | 000,016,293 | ---- | C] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:57 | 000,063,778 | ---- | C] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:40:37 | 000,000,546 | ---- | C] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:37 | 000,038,275 | ---- | C] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 13:00:54 | 000,031,093 | ---- | C] () -- C:\Users\e\Documents\clown.jpg
[2012/12/03 19:31:01 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/11/11 07:22:25 | 010,997,760 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/11/11 00:32:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/10 11:21:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/11/10 11:08:41 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/14 02:59:22 | 000,027,520 | ---- | C] () -- C:\Users\e\AppData\Local\dt.dat
[2012/07/31 09:23:40 | 002,573,120 | ---- | C] ( ) -- C:\Users\e\falert.exe
[2012/06/09 02:37:32 | 024,458,945 | ---- | C] ( ) -- C:\Users\e\3iabwlinstallv.exe
[2012/06/07 21:10:28 | 017,063,936 | ---- | C] () -- C:\Users\e\latex1.mp4
[2012/01/29 19:49:34 | 000,003,594 | ---- | C] () -- C:\Users\e\AppData\Roaming\SAS7_000.DAT
[2011/10/18 05:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/18 05:11:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/15 05:25:22 | 000,003,493 | ---- | C] () -- C:\Windows\memgprep.dll
[2011/10/15 05:25:22 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2011/10/14 05:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/06 16:52:08 | 000,208,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/03/22 00:23:20 | 000,789,006 | ---- | C] () -- C:\Windows\System32\cygstdc++-6.dll
[2011/03/22 00:23:02 | 000,044,558 | ---- | C] () -- C:\Windows\System32\cyggcc_s-1.dll
[2011/03/16 15:09:48 | 001,174,542 | ---- | C] () -- C:\Windows\System32\cygcrypto-0.9.8.dll
[2011/03/16 15:09:48 | 000,268,814 | ---- | C] () -- C:\Windows\System32\cygssl-0.9.8.dll
[2010/10/08 09:34:04 | 000,027,503 | ---- | C] () -- C:\Users\e\AppData\Roaming\UserTile.png
[2010/07/25 12:07:43 | 000,000,034 | ---- | C] () -- C:\Users\e\AppData\Roaming\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/07/25 12:07:41 | 000,000,033 | ---- | C] () -- C:\ProgramData\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/24 19:54:11 | 000,010,582 | -HS- | C] () -- C:\Users\e\AppData\Local\RHpCMfQD4
[2009/11/07 20:26:51 | 000,000,760 | ---- | C] () -- C:\Users\e\AppData\Roaming\setup_ldm.iss
[2009/07/17 01:07:23 | 000,001,356 | ---- | C] () -- C:\Users\e\AppData\Local\d3d9caps.dat
[2009/06/08 09:19:23 | 000,000,632 | RHS- | C] () -- C:\Users\e\ntuser.pol
[2008/12/13 00:27:43 | 000,000,000 | ---- | C] () -- C:\Users\e\AppData\Roaming\wklnhst.dat
[2008/06/10 08:39:51 | 000,168,960 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/09 23:32:12 | 005,242,880 | -HS- | C] () -- C:\Users\e\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/03 15:24:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Clone2Go Video Converter Professional
[2009/12/16 14:24:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cribbage
[2009/12/17 18:24:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cricket
[2009/12/23 04:19:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DataCast
[2009/12/04 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DiskAid
[2009/12/06 01:04:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDFab
[2009/11/20 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabPro
[2012/08/23 12:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2010/03/08 17:24:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2009/11/12 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010/01/02 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/05/27 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Orbit
[2010/01/20 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2010/01/13 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2010/04/24 18:36:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uniden Surveillance System
[2009/12/05 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2010/01/16 07:58:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xilisoft Corporation
[2010/11/05 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AnvSoft
[2012/10/29 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG
[2011/12/22 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\blekko
[2010/04/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Clone2Go Video Converter Professional
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cribbage
[2009/11/06 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cricket
[2009/10/07 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\funkitron
[2009/12/20 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\GrabPro
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\IObit
[2009/11/07 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2011/01/06 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\NCH Swift Sound
[2012/01/29 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Nuance
[2009/08/01 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\OpenOffice.org
[2009/12/24 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Opera
[2011/01/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Orbit
[2010/10/08 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\PeerNetworking
[2009/09/27 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Pogo Games
[2010/12/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ProgSense
[2009/01/31 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Publish Providers
[2012/07/13 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Research In Motion
[2010/06/20 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Smilebox
[2009/01/31 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Sony
[2008/12/13 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Template
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Uniden Surveillance System
[2011/06/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2011/08/08 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Vso
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\W Photo Studio Viewer
[2011/12/15 06:51:31 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\wargaming.net
[2009/12/11 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WinBatch
[2011/10/13 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Windows Live Writer
[2012/04/24 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WindSolutions
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\youtube-downloader-and-converter
[2010/06/14 13:24:48 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Orbit

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 03:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 01:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 01:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 00:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 00:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 01:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 18:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 00:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 09:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 01:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 00:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 01:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 00:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 00:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 01:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 01:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 01:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 01:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 00:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 08:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 00:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 01:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 00:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 01:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 00:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 10:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 00:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 12:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 00:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 00:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 00:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 01:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 00:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 00:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 00:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 00:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 00:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 00:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 13:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 05:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/19 01:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 03:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 01:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 03:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.INI >
[2011/08/21 04:23:06 | 000,003,193 | ---- | M] () MD5=7688D281F98711C6D2CC79227FF85538 -- C:\Program Files\IObit\Advanced SystemCare 4\services.ini

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/20 01:33:57 | 000,000,351 | ---- | M] () MD5=2D10EDBB05B7FC4A7C7B8B11652EB395 -- C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\2H96YN6E\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2008/08/26 07:12:34 | 000,068,591 | ---- | M] () MD5=1B14D787450BFD63C4FFD990F1200F09 -- C:\Program Files\Spybot - Search & Destroy\Includes(2)\Services.sbs
[2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteenlive.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteen.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\Phil Silvers in Gilligan's Island - (1966).FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys2.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys1.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\9-H_0iGuEnY.FLV:TOC.WMV
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

[TheDEvilElvis]

OTL logfile created on: 2/13/2013 1:33:19 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.76% Memory free
4.21 Gb Paging File | 3.26 Gb Available in Paging File | 77.42% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.10 Gb Free Space | 60.79% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\e\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe File not found
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (Realtek11nSU) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrssweep.sys File not found
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\e\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\Windows\System32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (mr8980) -- C:\Windows\System32\drivers\mr8980.sys (Mars Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ATMhelpr) -- C:\Windows\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: n:\YhoMsger\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\e\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket\Cricket Broadband\addon\ [2009/11/06 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/11 00:20:54 | 000,000,000 | ---D | M]

[2012/12/02 22:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2009/04/19 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/21 05:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/21 05:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/08 04:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

========== Chrome ==========

CHR - homepage: http://yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/12 01:31:23 | 000,444,240 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15285 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2397933872-373845246-1896838716-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE54CE-22E0-4E65-8C54-925F80B3F984}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B16197E-3674-4BD3-8C61-F10550E09101}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E1DA6E-0C90-400E-92DA-796C49374D47}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF319A4F-6A0C-4A3D-B4CD-97CACF9374FF}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24E017B-A329-4253-A38E-B028DD43BCB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 01:46:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/11 19:21:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013/02/11 01:07:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/11 00:55:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\e\Documents\tdsskiller.exe
[2013/02/10 09:54:40 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/10 09:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/10 09:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/10 01:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/22 13:09:58 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\VS Revo Group
[2013/01/22 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/22 13:09:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/01/22 13:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/22 13:03:46 | 007,921,688 | ---- | C] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 10:46:09 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/01/22 10:46:09 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/01/22 10:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware Removal Tool
[2013/01/22 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adaware Removal Tool
[2013/01/22 08:36:51 | 021,138,402 | ---- | C] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
[2013/01/22 07:53:46 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:47:59 | 000,000,000 | ---D | C] -- C:\Users\e\Desktop\RK_Quarantine
[2013/01/21 06:10:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:27:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 01:54:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\temp
[2013/01/16 15:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/15 16:17:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2012/07/30 15:15:35 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\e\SkypeSetup.exe
[2012/05/19 13:52:52 | 004,765,753 | ---- | C] (ffdshow ) -- C:\Users\e\ffdshow_rev4422_20120409.exe
[2012/05/06 01:40:55 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\e\ccsetup318.exe
[2012/04/28 19:26:56 | 001,212,568 | ---- | C] (videoslurp.com ) -- C:\Users\e\vsbrowser-setup.exe

========== Files - Modified Within 30 Days ==========

[2013/02/13 13:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
[2013/02/13 13:40:00 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
[2013/02/13 13:33:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/13 13:21:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
[2013/02/13 13:18:26 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/13 13:18:03 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 13:18:03 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 13:17:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/13 13:15:00 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/02/13 12:00:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/02/13 08:35:05 | 000,643,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 08:35:05 | 000,119,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/13 03:04:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/12 15:21:00 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
[2013/02/12 09:05:08 | 000,033,792 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013/02/12 05:31:47 | 000,168,960 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/12 01:31:23 | 000,444,240 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/11 15:33:13 | 000,054,406 | ---- | M] () -- C:\Users\e\Documents\insane2a.jpg
[2013/02/11 15:30:06 | 000,192,582 | ---- | M] () -- C:\Users\e\Documents\insane1a.jpg
[2013/02/11 01:14:59 | 001,226,512 | ---- | M] () -- C:\Users\e\Documents\DownloadManagerSetup.exe
[2013/02/11 00:57:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\e\Documents\tdsskiller.exe
[2013/02/09 08:51:01 | 000,006,205 | ---- | M] () -- C:\Users\e\Documents\blue light.jpg
[2013/02/04 16:05:18 | 000,039,094 | ---- | M] () -- C:\Users\e\Documents\Hiss.jpg
[2013/02/01 14:34:37 | 000,063,307 | ---- | M] () -- C:\Users\e\Documents\monsterface.jpg
[2013/02/01 13:51:30 | 000,114,994 | ---- | M] () -- C:\Users\e\Documents\missing.jpg
[2013/02/01 13:20:59 | 000,002,024 | ---- | M] () -- C:\Users\e\Desktop\Google Chrome.lnk
[2013/01/29 19:59:19 | 000,009,341 | ---- | M] () -- C:\Users\e\Documents\shutup.jpg
[2013/01/29 19:23:30 | 000,017,406 | ---- | M] () -- C:\Users\e\Documents\pods1.jpg
[2013/01/29 19:23:10 | 000,037,638 | ---- | M] () -- C:\Users\e\Documents\pods.jpg
[2013/01/28 08:17:36 | 000,157,631 | ---- | M] () -- C:\Users\e\Documents\getimage.tif
[2013/01/28 06:47:59 | 000,042,707 | ---- | M] () -- C:\Users\e\Documents\self07.jpg
[2013/01/25 13:14:02 | 000,032,315 | ---- | M] () -- C:\Users\e\Documents\catposter.jpg
[2013/01/22 13:09:55 | 000,001,091 | ---- | M] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 13:05:37 | 007,921,688 | ---- | M] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 08:37:46 | 021,138,402 | ---- | M] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
[2013/01/22 07:54:00 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:47:47 | 000,766,464 | ---- | M] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 06:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:57:40 | 000,574,677 | ---- | M] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:26:33 | 000,881,914 | ---- | M] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | M] () -- C:\Users\e\Documents\MBR.dat
[2013/01/20 02:06:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/17 18:06:02 | 000,178,501 | ---- | M] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:37 | 000,063,484 | ---- | M] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:07 | 000,016,293 | ---- | M] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:59 | 000,063,778 | ---- | M] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130212-013123.backup
[2013/01/16 15:40:37 | 000,000,546 | ---- | M] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:39 | 000,038,275 | ---- | M] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 16:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2013/01/15 13:00:57 | 000,031,093 | ---- | M] () -- C:\Users\e\Documents\clown.jpg

========== Files Created - No Company Name ==========

[2013/02/11 15:33:13 | 000,054,406 | ---- | C] () -- C:\Users\e\Documents\insane2a.jpg
[2013/02/11 15:30:06 | 000,192,582 | ---- | C] () -- C:\Users\e\Documents\insane1a.jpg
[2013/02/11 01:13:57 | 001,226,512 | ---- | C] () -- C:\Users\e\Documents\DownloadManagerSetup.exe
[2013/02/09 08:24:04 | 000,006,205 | ---- | C] () -- C:\Users\e\Documents\blue light.jpg
[2013/02/04 16:05:15 | 000,039,094 | ---- | C] () -- C:\Users\e\Documents\Hiss.jpg
[2013/02/01 15:12:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/02/01 14:34:34 | 000,063,307 | ---- | C] () -- C:\Users\e\Documents\monsterface.jpg
[2013/01/31 10:06:54 | 000,114,994 | ---- | C] () -- C:\Users\e\Documents\missing.jpg
[2013/01/29 19:59:18 | 000,009,341 | ---- | C] () -- C:\Users\e\Documents\shutup.jpg
[2013/01/29 19:23:30 | 000,017,406 | ---- | C] () -- C:\Users\e\Documents\pods1.jpg
[2013/01/29 19:23:07 | 000,037,638 | ---- | C] () -- C:\Users\e\Documents\pods.jpg
[2013/01/28 08:17:32 | 000,157,631 | ---- | C] () -- C:\Users\e\Documents\getimage.tif
[2013/01/25 13:13:57 | 000,032,315 | ---- | C] () -- C:\Users\e\Documents\catposter.jpg
[2013/01/22 19:33:11 | 000,042,707 | ---- | C] () -- C:\Users\e\Documents\self07.jpg
[2013/01/22 13:53:24 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/22 13:09:55 | 000,001,091 | ---- | C] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 07:47:38 | 000,766,464 | ---- | C] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 05:57:01 | 000,574,677 | ---- | C] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:25:41 | 000,881,914 | ---- | C] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | C] () -- C:\Users\e\Documents\MBR.dat
[2013/01/17 18:06:02 | 000,178,501 | ---- | C] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:36 | 000,063,484 | ---- | C] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:04 | 000,016,293 | ---- | C] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:57 | 000,063,778 | ---- | C] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:40:37 | 000,000,546 | ---- | C] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:37 | 000,038,275 | ---- | C] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 13:00:54 | 000,031,093 | ---- | C] () -- C:\Users\e\Documents\clown.jpg
[2012/12/03 19:31:01 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/11/11 07:22:25 | 010,997,760 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/11/11 00:32:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/10 11:21:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/11/10 11:08:41 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/14 02:59:22 | 000,027,520 | ---- | C] () -- C:\Users\e\AppData\Local\dt.dat
[2012/07/31 09:23:40 | 002,573,120 | ---- | C] ( ) -- C:\Users\e\falert.exe
[2012/06/09 02:37:32 | 024,458,945 | ---- | C] ( ) -- C:\Users\e\3iabwlinstallv.exe
[2012/06/07 21:10:28 | 017,063,936 | ---- | C] () -- C:\Users\e\latex1.mp4
[2012/01/29 19:49:34 | 000,003,594 | ---- | C] () -- C:\Users\e\AppData\Roaming\SAS7_000.DAT
[2011/10/18 05:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/18 05:11:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/15 05:25:22 | 000,003,493 | ---- | C] () -- C:\Windows\memgprep.dll
[2011/10/15 05:25:22 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2011/10/14 05:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/06 16:52:08 | 000,208,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/03/22 00:23:20 | 000,789,006 | ---- | C] () -- C:\Windows\System32\cygstdc++-6.dll
[2011/03/22 00:23:02 | 000,044,558 | ---- | C] () -- C:\Windows\System32\cyggcc_s-1.dll
[2011/03/16 15:09:48 | 001,174,542 | ---- | C] () -- C:\Windows\System32\cygcrypto-0.9.8.dll
[2011/03/16 15:09:48 | 000,268,814 | ---- | C] () -- C:\Windows\System32\cygssl-0.9.8.dll
[2010/10/08 09:34:04 | 000,027,503 | ---- | C] () -- C:\Users\e\AppData\Roaming\UserTile.png
[2010/07/25 12:07:43 | 000,000,034 | ---- | C] () -- C:\Users\e\AppData\Roaming\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/07/25 12:07:41 | 000,000,033 | ---- | C] () -- C:\ProgramData\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/24 19:54:11 | 000,010,582 | -HS- | C] () -- C:\Users\e\AppData\Local\RHpCMfQD4
[2009/11/07 20:26:51 | 000,000,760 | ---- | C] () -- C:\Users\e\AppData\Roaming\setup_ldm.iss
[2009/07/17 01:07:23 | 000,001,356 | ---- | C] () -- C:\Users\e\AppData\Local\d3d9caps.dat
[2009/06/08 09:19:23 | 000,000,632 | RHS- | C] () -- C:\Users\e\ntuser.pol
[2008/12/13 00:27:43 | 000,000,000 | ---- | C] () -- C:\Users\e\AppData\Roaming\wklnhst.dat
[2008/06/10 08:39:51 | 000,168,960 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/09 23:32:12 | 005,242,880 | -HS- | C] () -- C:\Users\e\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/03 15:24:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Clone2Go Video Converter Professional
[2009/12/16 14:24:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cribbage
[2009/12/17 18:24:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Cricket
[2009/12/23 04:19:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DataCast
[2009/12/04 21:08:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DiskAid
[2009/12/06 01:04:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDFab
[2009/11/20 17:53:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GrabPro
[2012/08/23 12:19:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2010/03/08 17:24:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LimeWire
[2009/11/12 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010/01/02 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2010/05/27 01:54:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Orbit
[2010/01/20 22:28:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2010/01/13 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thinstall
[2010/04/24 18:36:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Uniden Surveillance System
[2009/12/05 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Vso
[2010/01/16 07:58:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xilisoft Corporation
[2010/11/05 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AnvSoft
[2012/10/29 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG
[2011/12/22 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\blekko
[2010/04/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Clone2Go Video Converter Professional
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cribbage
[2009/11/06 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cricket
[2009/10/07 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\funkitron
[2009/12/20 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\GrabPro
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\IObit
[2009/11/07 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2011/01/06 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\NCH Swift Sound
[2012/01/29 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Nuance
[2009/08/01 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\OpenOffice.org
[2009/12/24 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Opera
[2011/01/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Orbit
[2010/10/08 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\PeerNetworking
[2009/09/27 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Pogo Games
[2010/12/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ProgSense
[2009/01/31 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Publish Providers
[2012/07/13 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Research In Motion
[2010/06/20 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Smilebox
[2009/01/31 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Sony
[2008/12/13 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Template
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Uniden Surveillance System
[2011/06/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2011/08/08 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Vso
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\W Photo Studio Viewer
[2011/12/15 06:51:31 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\wargaming.net
[2009/12/11 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WinBatch
[2011/10/13 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Windows Live Writer
[2012/04/24 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WindSolutions
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\youtube-downloader-and-converter
[2010/06/14 13:24:48 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Orbit

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 03:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/19 01:33:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/19 01:33:01 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 00:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 00:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/19 01:33:49 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/01 18:02:32 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 00:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 09:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/19 01:34:08 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 00:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/19 01:34:34 | 000,288,256 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 00:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2009/04/11 00:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/19 01:34:49 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/19 01:35:36 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/19 01:35:36 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/19 01:35:38 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/19 01:35:57 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 00:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 08:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 00:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/19 01:36:15 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 00:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 00:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/19 01:36:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 08:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 00:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 10:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 00:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 12:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 00:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 05:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 00:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 00:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 00:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/19 01:36:20 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 00:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 00:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 00:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 00:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 00:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 16:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 00:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 13:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 05:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/02/06 13:54:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/19 01:36:13 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006/11/02 03:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\ERDNT\cache\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 00:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=DA551697E34D2B9943C8B1C8EAFFE89A -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16531_none_218b14e6fc62ea9e\qmgr.dll
[2008/02/06 14:02:23 | 000,750,080 | ---- | M] (Microsoft Corporation) MD5=F1148566FA5173A4FD48AF8E8BC09401 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.20647_none_220fe38215833e63\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 15:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 01:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 03:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 00:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 06:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.INI >
[2011/08/21 04:23:06 | 000,003,193 | ---- | M] () MD5=7688D281F98711C6D2CC79227FF85538 -- C:\Program Files\IObit\Advanced SystemCare 4\services.ini

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/20 01:33:57 | 000,000,351 | ---- | M] () MD5=2D10EDBB05B7FC4A7C7B8B11652EB395 -- C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\2H96YN6E\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 15:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 06:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 15:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2008/08/26 07:12:34 | 000,068,591 | ---- | M] () MD5=1B14D787450BFD63C4FFD990F1200F09 -- C:\Program Files\Spybot - Search & Destroy\Includes(2)\Services.sbs
[2011/03/01 08:58:44 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6000.16386_none_fbd6b71e75a2c6c8\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\WINSOCK.DLL
[2006/11/02 01:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteenlive.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteen.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\Phil Silvers in Gilligan's Island - (1966).FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys2.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys1.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\9-H_0iGuEnY.FLV:TOC.WMV
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

[TheDEvilElvis]

Sorry for posting twice. I kept clicking on post because it wouldn't post my log. (That sounded stupid) Anyway thar she blows.

[Crowbar]

Hi -
No problem with the 2 posts, it happens sometimes.

My anti virus fund 3 win32/Alureon.ct.

Can you tell me which 3 files your anti virus found? It should be under the History tab.

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe File not found
  DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
  [2013/01/22 10:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adaware Removal Tool
  [2013/01/22 08:36:51 | 021,138,402 | ---- | C] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
  [2013/01/22 08:37:46 | 021,138,402 | ---- | M] (Security Stronghold ) -- C:\Users\e\Documents\AdawareRemovalTool.exe
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
Please delete all of the RKreport.txt files that are now on your desktop then continue on:

• Download RogueKiller and save it on your desktop. Let it overwright the older version.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:

• OTL fix log
• RKreport.txt files

[TheDEvilElvis]

The trojan info isn't in the history. ME said remove and I removed. I guess I did something wrong.....again. I feel like Charlie Brown.

=============================================================================================================================

OTL Log:

OTL logfile created on: 2/14/2013 3:20:49 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\e\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19400)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.82% Memory free
4.21 Gb Paging File | 3.27 Gb Available in Paging File | 77.59% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 175.14 Gb Free Space | 60.80% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.39 Gb Free Space | 93.94% Space Free | Partition Type: NTFS

Computer Name: SQUEEKYPETE | User Name: e | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Users\e\Documents\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Intel® -- C:\Windows\System32\IPROSetMonitor.exe (Intel Corporation)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (Realtek11nSU) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Program Files\REALTEK\Audio\HDA\AERTSrv.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV - (wrssweep) -- C:\Program Files\Webroot\Washer\wrssweep.sys File not found
DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\e\AppData\Local\Temp\catchme.sys File not found
DRV - (BMLoad) -- system32\drivers\BMLoad.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SWDUMon) -- C:\Windows\System32\drivers\SWDUMon.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (qcusbser) -- C:\Windows\System32\drivers\qcusbser.sys (QUALCOMM Incorporated)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.)
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (ATMFFLT) -- C:\Windows\System32\drivers\ATMFFLT.sys (DEVGURU Co., LTD.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (PzWDM) -- C:\Windows\System32\drivers\PzWDM.sys (Prassi Technology)
DRV - (mr8980) -- C:\Windows\System32\drivers\mr8980.sys (Mars Semiconductor Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (WUSB54GSCv2.NTx86) -- C:\Windows\System32\drivers\WUSB54GSCV2_X86.sys ()
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\rtl8192su.sys (Realtek Semiconductor Corporation )
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ATMhelpr) -- C:\Windows\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{031230F8-EA50-42A9-983C-D22ABC2EED3B}: "URL" = http://www.qemit.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.1: n:\YhoMsger\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\e\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\e\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\e\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket\Cricket Broadband\addon\ [2009/11/06 22:01:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/02/11 00:20:54 | 000,000,000 | ---D | M]

[2012/12/02 22:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions
[2009/04/19 23:40:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/01/21 05:28:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\e\AppData\Roaming\Mozilla\Firefox\extensions
[2013/01/21 05:28:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/08 04:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll

========== Chrome ==========

CHR - homepage: http://yahoo.com/
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Users\e\AppData\Local\Google\Chrome\Application\plugins\npmidas.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/02/12 01:31:23 | 000,444,240 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15285 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {031230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} Reg Error: Value error. (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09BE54CE-22E0-4E65-8C54-925F80B3F984}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B16197E-3674-4BD3-8C61-F10550E09101}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E1DA6E-0C90-400E-92DA-796C49374D47}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF319A4F-6A0C-4A3D-B4CD-97CACF9374FF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F24E017B-A329-4253-A38E-B028DD43BCB4}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\e\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 01:46:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/11 19:21:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2013/02/11 01:07:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/11 00:55:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\e\Documents\tdsskiller.exe
[2013/02/10 09:54:40 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/10 09:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/10 09:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/10 01:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/22 13:09:58 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\VS Revo Group
[2013/01/22 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/22 13:09:53 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/01/22 13:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/22 13:03:46 | 007,921,688 | ---- | C] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 10:46:09 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/01/22 10:46:09 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/01/22 10:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware Removal Tool
[2013/01/22 07:53:46 | 002,586,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:47:59 | 000,000,000 | ---D | C] -- C:\Users\e\Desktop\RK_Quarantine
[2013/01/21 06:10:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:27:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/20 01:54:14 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/16 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\e\AppData\Local\temp
[2013/01/16 15:41:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/15 16:17:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe
[2012/07/30 15:15:35 | 000,946,352 | ---- | C] (Skype Technologies S.A.) -- C:\Users\e\SkypeSetup.exe
[2012/05/19 13:52:52 | 004,765,753 | ---- | C] (ffdshow ) -- C:\Users\e\ffdshow_rev4422_20120409.exe
[2012/05/06 01:40:55 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\e\ccsetup318.exe
[2012/04/28 19:26:56 | 001,212,568 | ---- | C] (videoslurp.com ) -- C:\Users\e\vsbrowser-setup.exe

========== Files - Modified Within 30 Days ==========

[2013/02/14 15:25:45 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{63F04F54-12F7-4D82-A3DB-05E9E4806FF3}.job
[2013/02/14 15:25:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{823A4783-FC4A-4725-B90F-D5124A374120}.job
[2013/02/14 15:21:07 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000UA.job
[2013/02/14 15:21:02 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2397933872-373845246-1896838716-1000Core.job
[2013/02/14 15:17:53 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/14 15:17:49 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/14 15:17:48 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/14 15:16:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/14 15:16:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2013/02/14 15:15:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/02/14 08:33:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/14 05:10:16 | 000,536,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/14 03:04:24 | 000,643,312 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/14 03:04:24 | 000,119,504 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/13 19:44:18 | 000,063,278 | ---- | M] () -- C:\Users\e\Documents\SI.jpeg
[2013/02/13 13:51:01 | 000,000,515 | ---- | M] () -- C:\Users\e\Desktop\OTL.exe - Shortcut.lnk
[2013/02/13 03:04:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/12 09:05:08 | 000,033,792 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013/02/12 05:31:47 | 000,168,960 | ---- | M] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/12 01:31:23 | 000,444,240 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/11 15:33:13 | 000,054,406 | ---- | M] () -- C:\Users\e\Documents\insane2a.jpg
[2013/02/11 15:30:06 | 000,192,582 | ---- | M] () -- C:\Users\e\Documents\insane1a.jpg
[2013/02/11 01:14:59 | 001,226,512 | ---- | M] () -- C:\Users\e\Documents\DownloadManagerSetup.exe
[2013/02/11 00:57:48 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\e\Documents\tdsskiller.exe
[2013/02/09 08:51:01 | 000,006,205 | ---- | M] () -- C:\Users\e\Documents\blue light.jpg
[2013/02/04 16:05:18 | 000,039,094 | ---- | M] () -- C:\Users\e\Documents\Hiss.jpg
[2013/02/01 14:34:37 | 000,063,307 | ---- | M] () -- C:\Users\e\Documents\monsterface.jpg
[2013/02/01 13:51:30 | 000,114,994 | ---- | M] () -- C:\Users\e\Documents\missing.jpg
[2013/02/01 13:20:59 | 000,002,024 | ---- | M] () -- C:\Users\e\Desktop\Google Chrome.lnk
[2013/01/29 19:59:19 | 000,009,341 | ---- | M] () -- C:\Users\e\Documents\shutup.jpg
[2013/01/29 19:23:30 | 000,017,406 | ---- | M] () -- C:\Users\e\Documents\pods1.jpg
[2013/01/29 19:23:10 | 000,037,638 | ---- | M] () -- C:\Users\e\Documents\pods.jpg
[2013/01/28 08:17:36 | 000,157,631 | ---- | M] () -- C:\Users\e\Documents\getimage.tif
[2013/01/28 06:47:59 | 000,042,707 | ---- | M] () -- C:\Users\e\Documents\self07.jpg
[2013/01/25 13:14:02 | 000,032,315 | ---- | M] () -- C:\Users\e\Documents\catposter.jpg
[2013/01/22 13:09:55 | 000,001,091 | ---- | M] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 13:05:37 | 007,921,688 | ---- | M] (VS Revo Group ) -- C:\Users\e\Documents\RevoUninProSetup.exe
[2013/01/22 07:54:00 | 002,586,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\e\Documents\avg_remover_stf_x86_2013_2706.exe
[2013/01/22 07:47:47 | 000,766,464 | ---- | M] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 06:10:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Documents\OTL.exe
[2013/01/21 05:57:40 | 000,574,677 | ---- | M] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:26:33 | 000,881,914 | ---- | M] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | M] () -- C:\Users\e\Documents\MBR.dat
[2013/01/20 02:06:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\e\Documents\aswMBR.exe
[2013/01/17 18:06:02 | 000,178,501 | ---- | M] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:37 | 000,063,484 | ---- | M] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:07 | 000,016,293 | ---- | M] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:59 | 000,063,778 | ---- | M] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130212-013123.backup
[2013/01/16 15:40:37 | 000,000,546 | ---- | M] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:39 | 000,038,275 | ---- | M] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2013/01/15 16:18:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\e\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2013/02/13 19:44:12 | 000,063,278 | ---- | C] () -- C:\Users\e\Documents\SI.jpeg
[2013/02/13 13:51:01 | 000,000,515 | ---- | C] () -- C:\Users\e\Desktop\OTL.exe - Shortcut.lnk
[2013/02/11 15:33:13 | 000,054,406 | ---- | C] () -- C:\Users\e\Documents\insane2a.jpg
[2013/02/11 15:30:06 | 000,192,582 | ---- | C] () -- C:\Users\e\Documents\insane1a.jpg
[2013/02/11 01:13:57 | 001,226,512 | ---- | C] () -- C:\Users\e\Documents\DownloadManagerSetup.exe
[2013/02/09 08:24:04 | 000,006,205 | ---- | C] () -- C:\Users\e\Documents\blue light.jpg
[2013/02/04 16:05:15 | 000,039,094 | ---- | C] () -- C:\Users\e\Documents\Hiss.jpg
[2013/02/01 15:12:52 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/02/01 14:34:34 | 000,063,307 | ---- | C] () -- C:\Users\e\Documents\monsterface.jpg
[2013/01/31 10:06:54 | 000,114,994 | ---- | C] () -- C:\Users\e\Documents\missing.jpg
[2013/01/29 19:59:18 | 000,009,341 | ---- | C] () -- C:\Users\e\Documents\shutup.jpg
[2013/01/29 19:23:30 | 000,017,406 | ---- | C] () -- C:\Users\e\Documents\pods1.jpg
[2013/01/29 19:23:07 | 000,037,638 | ---- | C] () -- C:\Users\e\Documents\pods.jpg
[2013/01/28 08:17:32 | 000,157,631 | ---- | C] () -- C:\Users\e\Documents\getimage.tif
[2013/01/25 13:13:57 | 000,032,315 | ---- | C] () -- C:\Users\e\Documents\catposter.jpg
[2013/01/22 19:33:11 | 000,042,707 | ---- | C] () -- C:\Users\e\Documents\self07.jpg
[2013/01/22 13:53:24 | 000,001,800 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/22 13:09:55 | 000,001,091 | ---- | C] () -- C:\Users\e\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/01/22 13:09:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/22 07:47:38 | 000,766,464 | ---- | C] () -- C:\Users\e\Documents\RogueKiller.exe
[2013/01/21 05:57:01 | 000,574,677 | ---- | C] () -- C:\Users\e\Documents\adwcleaner.exe
[2013/01/20 02:25:41 | 000,881,914 | ---- | C] () -- C:\Users\e\Documents\SecurityCheck.exe
[2013/01/20 02:24:24 | 000,000,512 | ---- | C] () -- C:\Users\e\Documents\MBR.dat
[2013/01/17 18:06:02 | 000,178,501 | ---- | C] () -- C:\Users\e\Documents\hayseedchick.jpg
[2013/01/17 16:50:36 | 000,063,484 | ---- | C] () -- C:\Users\e\Documents\clown2.jpg
[2013/01/17 16:04:04 | 000,016,293 | ---- | C] () -- C:\Users\e\Documents\clown1.jpg
[2013/01/17 07:52:57 | 000,063,778 | ---- | C] () -- C:\Users\e\Documents\self06.jpg
[2013/01/17 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2013/01/16 15:40:37 | 000,000,546 | ---- | C] () -- C:\Users\e\Desktop\ComboFix.exe - Shortcut.lnk
[2013/01/16 10:40:37 | 000,038,275 | ---- | C] () -- C:\Users\e\Documents\APOLOGY-LETTER.jpg
[2012/12/03 19:31:01 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/11/11 07:22:25 | 010,997,760 | ---- | C] ( ) -- C:\Windows\sspro.exe
[2012/11/11 00:32:50 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/11/10 11:21:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/11/10 11:08:41 | 000,013,024 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2012/08/14 02:59:22 | 000,027,520 | ---- | C] () -- C:\Users\e\AppData\Local\dt.dat
[2012/07/31 09:23:40 | 002,573,120 | ---- | C] ( ) -- C:\Users\e\falert.exe
[2012/06/09 02:37:32 | 024,458,945 | ---- | C] ( ) -- C:\Users\e\3iabwlinstallv.exe
[2012/06/07 21:10:28 | 017,063,936 | ---- | C] () -- C:\Users\e\latex1.mp4
[2012/01/29 19:49:34 | 000,003,594 | ---- | C] () -- C:\Users\e\AppData\Roaming\SAS7_000.DAT
[2011/10/18 05:11:32 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/10/18 05:11:32 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/10/15 05:25:22 | 000,003,493 | ---- | C] () -- C:\Windows\memgprep.dll
[2011/10/15 05:25:22 | 000,000,304 | ---- | C] () -- C:\Windows\km32hlpr.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\wnsperf32.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\stdensrv.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisb.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\javexisa.dll
[2011/10/15 05:25:22 | 000,000,000 | ---- | C] () -- C:\Windows\cr2gui32.dll
[2011/10/14 05:12:45 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/06/06 16:52:08 | 000,208,852 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/16 12:31:44 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2011/03/22 00:23:20 | 000,789,006 | ---- | C] () -- C:\Windows\System32\cygstdc++-6.dll
[2011/03/22 00:23:02 | 000,044,558 | ---- | C] () -- C:\Windows\System32\cyggcc_s-1.dll
[2011/03/16 15:09:48 | 001,174,542 | ---- | C] () -- C:\Windows\System32\cygcrypto-0.9.8.dll
[2011/03/16 15:09:48 | 000,268,814 | ---- | C] () -- C:\Windows\System32\cygssl-0.9.8.dll
[2010/10/08 09:34:04 | 000,027,503 | ---- | C] () -- C:\Users\e\AppData\Roaming\UserTile.png
[2010/07/25 12:07:43 | 000,000,034 | ---- | C] () -- C:\Users\e\AppData\Roaming\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/07/25 12:07:41 | 000,000,033 | ---- | C] () -- C:\ProgramData\{031230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/02/24 19:54:11 | 000,010,582 | -HS- | C] () -- C:\Users\e\AppData\Local\RHpCMfQD4
[2009/11/07 20:26:51 | 000,000,760 | ---- | C] () -- C:\Users\e\AppData\Roaming\setup_ldm.iss
[2009/07/17 01:07:23 | 000,001,356 | ---- | C] () -- C:\Users\e\AppData\Local\d3d9caps.dat
[2009/06/08 09:19:23 | 000,000,632 | RHS- | C] () -- C:\Users\e\ntuser.pol
[2008/12/13 00:27:43 | 000,000,000 | ---- | C] () -- C:\Users\e\AppData\Roaming\wklnhst.dat
[2008/06/10 08:39:51 | 000,168,960 | ---- | C] () -- C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/09 23:32:12 | 005,242,880 | -HS- | C] () -- C:\Users\e\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/11/05 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AnvSoft
[2012/10/29 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\AVG
[2011/12/22 09:00:15 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\betonline
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\blekko
[2010/04/07 20:40:02 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Clone2Go Video Converter Professional
[2012/12/02 22:55:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cribbage
[2009/11/06 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Cricket
[2009/10/07 18:10:48 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\funkitron
[2009/12/20 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\GrabPro
[2012/12/02 22:55:39 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\IObit
[2009/11/07 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Leadertech
[2011/01/06 18:16:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\NCH Swift Sound
[2012/01/29 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Nuance
[2009/08/01 07:30:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\OpenOffice.org
[2009/12/24 17:46:18 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Opera
[2011/01/02 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Orbit
[2010/10/08 09:34:04 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\PeerNetworking
[2009/09/27 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Pogo Games
[2010/12/02 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\ProgSense
[2009/01/31 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Publish Providers
[2012/07/13 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Research In Motion
[2010/06/20 14:46:55 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Smilebox
[2009/01/31 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Sony
[2008/12/13 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Template
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Uniden Surveillance System
[2011/06/06 15:56:07 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Unity
[2011/08/08 04:53:16 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Vso
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\W Photo Studio Viewer
[2011/12/15 06:51:31 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\wargaming.net
[2009/12/11 23:40:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WinBatch
[2011/10/13 10:23:35 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\Windows Live Writer
[2012/04/24 14:35:21 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\WindSolutions
[2012/12/02 22:55:40 | 000,000,000 | ---D | M] -- C:\Users\e\AppData\Roaming\youtube-downloader-and-converter

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteenlive.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\wildteen.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\Phil Silvers in Gilligan's Island - (1966).FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys2.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\deadboys1.FLV:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\e\Documents\9-H_0iGuEnY.FLV:TOC.WMV
@Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >


========================================================================================


RK Report:

RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : e [Admin rights]
Mode : Scan -- Date : 02/14/2013 17:09:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD321KJ ATA Device +++++
--- User ---
[MBR] c0e8f4d3affc08ab8ecd80c73838cbe3
[BSP] 2e5d4a1ea6b3b9025546ffd9a38bd020 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 98304 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21069824 | Size: 294956 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02142013_02d1709.txt >>
RKreport[1]_S_02142013_02d1709.txt