My Browsers are infected with some kind of click fraud

ok well for some reason everytime i click on a link or a search result my browser opens a new tabs with advertisments i have runned malware bytes but i doesnt remove it i have run spyware tool that dont help either
maybe someone can assist me on cleaning my pc from this junk and so i can feel more secure while using this pc

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

• Please download DeFogger to your desktop.
  
  Double click DeFogger to run the tool.
  
• The application window will appear
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.


Security Check

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download DDS:

• Please download DDS by sUBs from one of the links below and save it to your desktop:
  
  
  Download DDS and save it to your desktop
  
  Link1
  Link2
  Link3
  
  Please disable any anti-malware program that will block scripts from running before running DDS.
  
  
  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

information and logs:

• In your next post I need the following
  
  
• .logs from DDS
• let me know of any problems you may have had

Gringo

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 26
Java version out of date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

Greetings


I need you to also to send me the report from DDS


gringo

i ran the ddns 3 times everytime my pc freezes completly i even ran it over night thinking maybe it was just taking long but no report comes out it simply shows some ################## in the c box then my pc freezes up and i must turn off and on my pc manually

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  
  • OTL.txt <-- Will be opened and the that I need posted back here
  • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt in your next reply.

Gringo

OTL logfile created on: 18/06/2012 2:34:32 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

750.73 Mb Total Physical Memory | 372.65 Mb Available Physical Memory | 49.64% Memory free
1.04 Gb Paging File | 0.74 Gb Available in Paging File | 70.86% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.92 Gb Total Space | 14.85 Gb Free Space | 20.65% Space Free | Partition Type: NTFS
Drive D: | 2.59 Gb Total Space | 0.85 Gb Free Space | 32.85% Space Free | Partition Type: FAT32

Computer Name: YOUR-7E3633C8EC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\fastsrch.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()


========== Win32 Services (SafeList) ==========

SRV - (videoacceleratorengine) -- %systemroot%\system32\LC7981.dll File not found
SRV - (viagfx) -- %systemroot%\system32\elnkfwppservice.dll File not found
SRV - (utscsi) -- %systemroot%\system32\catchme.dll File not found
SRV - (U3sHlpDr) -- %systemroot%\system32\ntsecure.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (avgclean) -- %systemroot%\system32\mysql.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AEADIFilters) -- %systemroot%\system32\spkrmon.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (ZDPSp50) -- C:\WINDOWS\system32\wg3n.dll (Oak Technology Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (vtrmhwu) -- System32\drivers\lltjy.sys File not found
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- system32\DRIVERS\LV561AV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (LVPr2Mon) -- system32\DRIVERS\LVPr2Mon.sys File not found
DRV - (LVMVDrv) -- system32\DRIVERS\LVMVDrv.sys File not found
DRV - (LVcKap) -- system32\DRIVERS\LVcKap.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (DefragFS) -- File not found
DRV - (Changer) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SndTAudio) -- C:\WINDOWS\system32\drivers\SndTAudio.sys (Windows ® Codename Longhorn DDK provider)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=Mq.mDWtJ050arVihnttC8w&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=Mq.mDWtJ050arVihnttC8w&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/ie

IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\SearchScopes\{5EED9E92-4452-4164-A08B-9E5895BA2705}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7GGLD_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\SearchScopes\{74B10959-7B5A-4792-A9F2-52AD31C021C6}: "URL" = http://www.ctvolympics.ca/search/results.htmx?q={searchTerms}
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\SearchScopes\{A7489070-7912-483C-BC7F-A36A50E15247}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\SearchScopes\{E1FFB4C4-6885-4BC9-9068-A96CB542369B}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\SearchScopes\{F3B92723-0B45-4AAF-B991-4C5E217180CC}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/15 09:43:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/15 10:00:31 | 000,000,000 | ---D | M]

[2012/06/15 09:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/06/15 09:43:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/04/13 21:27:43 | 000,001,213 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fileserve.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {8CA688ED-C3F5-4B78-B4CD-B1E5A4F4F782} - C:\WINDOWS\system32\fastsrch.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003..\Run: [BigToeGames] C:\Documents and Settings\Owner\Local Settings\Application Data\BigToeGames\ubxwkgpi.dll (Cyberlink)
O4 - HKU\.DEFAULT..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1163633.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1163633.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.ca/s/v/36.15/uploader2.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://bl144fd.blu144.hotmail.msn.com/activex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EAA87CD-280E-4492-ABC7-A5D058FA1D93}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop Components:0 () - http://www.lbpsb.qc.ca/Login/F0000DB92/C135F137-3B9ACA00-0111AF97.0/Email0017.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/27 03:23:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\{64bb4d54-d200-11dd-ab29-001111de2d29}\Shell - "" = AutoRun
O33 - MountPoints2\{64bb4d54-d200-11dd-ab29-001111de2d29}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64bb4d54-d200-11dd-ab29-001111de2d29}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{64bb4d55-d200-11dd-ab29-001111de2d29}\Shell - "" = AutoRun
O33 - MountPoints2\{64bb4d55-d200-11dd-ab29-001111de2d29}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64bb4d55-d200-11dd-ab29-001111de2d29}\Shell\AutoRun\command - "" = F:\DPFMate.exe
O33 - MountPoints2\{7c0ebdd2-5b04-11de-ac36-001111de2d29}\Shell\open\command - "" = C:\WINDOWS\Explorer.exe -- [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 14:32:49 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/18 07:54:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2012/06/18 01:17:34 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/06/17 19:46:07 | 000,000,000 | -H-D | C] -- C:\VJVod_Cache
[2012/06/16 01:00:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2012/06/15 16:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\PSCS6.13.ext.Portable
[2012/06/15 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/15 09:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\BigToeGames
[2012/06/15 02:10:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CS6 Master Collection
[2012/06/15 01:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/15 01:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012/06/15 00:55:36 | 000,000,000 | ---D | C] -- C:\Common Files
[2012/06/15 00:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Adobe Master Collection Working Crack
[2012/06/15 00:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/06/13 17:17:39 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/13 17:14:57 | 000,000,000 | ---D | C] -- C:\04a8e78eed7a4420bded4b5599
[2012/06/13 17:10:05 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/13 14:55:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\poplio
[2012/06/13 14:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\FileTypeAssistant
[2012/06/13 14:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/06/09 22:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\design
[2012/06/08 17:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bell Internet Security Services
[2012/06/08 17:15:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/18 15:41:00 | 000,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2012/06/18 15:32:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/06/18 15:30:13 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1608027801-3685476218-1747947367-1003UA.job
[2012/06/18 15:02:09 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 15:00:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/06/18 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/06/18 14:57:25 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/18 14:32:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/06/18 14:31:45 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 14:30:47 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 14:30:45 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1608027801-3685476218-1747947367-1003.job
[2012/06/18 14:30:43 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_trash_log.cmd
[2012/06/18 14:30:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/18 14:30:25 | 787,271,680 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 07:54:53 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/06/18 07:54:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2012/06/18 01:35:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1608027801-3685476218-1747947367-1003UA.job
[2012/06/18 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/06/18 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/06/18 00:55:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/06/18 00:12:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/06/17 23:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/06/17 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/06/17 22:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2012/06/17 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/06/17 21:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/06/17 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/06/17 20:03:34 | 000,853,862 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2012/06/17 20:02:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/06/17 20:01:11 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/06/17 20:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/06/17 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/06/17 19:54:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/17 19:54:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/17 19:46:24 | 003,709,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/15 19:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/06/15 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/06/15 18:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/06/15 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/06/15 17:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/06/15 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/06/15 16:50:06 | 032,169,720 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Layer 0.eps
[2012/06/15 16:49:47 | 004,797,851 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Layer 0.psb
[2012/06/15 16:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/06/15 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/06/15 14:21:18 | 217,348,123 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\PSCS6.13.ext.Portable.rar
[2012/06/15 14:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/06/15 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/06/15 13:35:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1608027801-3685476218-1747947367-1003Core.job
[2012/06/15 13:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/06/15 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/06/15 12:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/06/15 12:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/06/15 11:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/06/15 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/06/15 10:00:01 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/06/15 10:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/06/15 09:44:17 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/15 09:44:15 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/15 09:24:37 | 000,123,392 | ---- | M] () -- C:\WINDOWS\System32\fastsrch.dll
[2012/06/15 09:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/06/15 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/06/15 08:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/06/15 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/06/15 07:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/06/15 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/06/15 06:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/06/15 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/06/15 05:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/06/15 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/06/15 04:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/06/15 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/06/15 03:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/06/15 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/06/15 02:34:00 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Facebook Blaster Pro.lnk
[2012/06/15 02:33:22 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FBP - Facebook Blaster Pro.lnk
[2012/06/15 02:30:44 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1608027801-3685476218-1747947367-1003Core.job
[2012/06/15 02:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/06/15 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/06/15 01:07:02 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/06/15 00:18:43 | 000,072,225 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\alumplatrev2[1].pdf
[2012/06/14 00:40:33 | 000,604,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 00:40:33 | 000,114,698 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 00:32:31 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/13 17:17:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/06/13 15:16:35 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/06/13 15:06:47 | 023,748,901 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\poplio.rar
[2012/06/10 01:49:10 | 000,109,132 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shuffleup_v1_11.zip
[2012/06/10 01:48:44 | 000,107,502 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\flytonictheme_v2_01.zip
[2012/06/10 00:19:20 | 000,317,886 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tt.bmp
[2012/06/09 23:43:00 | 000,054,516 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\logo.png
[2012/06/05 17:44:12 | 002,476,262 | ---- | M] () -- C:\50jam.pdf
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/23 02:35:30 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/17 20:03:30 | 000,853,862 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2012/06/17 20:02:37 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable
[2012/06/17 20:01:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Defogger.exe
[2012/06/15 16:50:02 | 032,169,720 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Layer 0.eps
[2012/06/15 16:49:44 | 004,797,851 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Layer 0.psb
[2012/06/15 13:22:25 | 217,348,123 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\PSCS6.13.ext.Portable.rar
[2012/06/15 09:44:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/06/15 09:44:15 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/06/15 09:44:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/15 09:24:37 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll
[2012/06/15 01:07:02 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/06/15 01:07:02 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Download Assistant.lnk
[2012/06/15 00:18:41 | 000,072,225 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\alumplatrev2[1].pdf
[2012/06/13 15:04:46 | 023,748,901 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\poplio.rar
[2012/06/10 01:49:17 | 000,109,132 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shuffleup_v1_11.zip
[2012/06/10 01:48:58 | 000,107,502 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\flytonictheme_v2_01.zip
[2012/06/10 00:19:20 | 000,317,886 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tt.bmp
[2012/06/09 23:43:00 | 000,054,516 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\logo.png
[2012/06/05 17:44:12 | 002,476,262 | ---- | C] () -- C:\50jam.pdf
[2012/05/04 06:54:23 | 000,005,729 | ---- | C] () -- C:\WINDOWS\System32\EPSTP32U.DAT
[2012/03/20 02:21:06 | 000,823,637 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\5466956.zip
[2012/01/16 09:32:32 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/01/16 00:23:17 | 000,000,280 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~iApAaG3s6ABKaO
[2012/01/16 00:23:17 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~iApAaG3s6ABKaOr
[2012/01/16 00:23:10 | 000,000,432 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\iApAaG3s6ABKaO
[2012/01/02 22:18:59 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/10/24 23:38:55 | 000,004,446 | ---- | C] () -- C:\Program Files\latest.cbp.proxy
[2011/10/24 23:38:55 | 000,000,414 | ---- | C] () -- C:\Program Files\latest.cbp
[2011/10/24 23:38:55 | 000,000,207 | ---- | C] () -- C:\Program Files\latest.cbp.profile
[2011/08/16 13:06:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/26 03:14:09 | 000,465,214 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/12 13:23:11 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2011/01/12 13:23:06 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2011/01/12 13:23:06 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/03 01:27:42 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe PNG Format CS5 Prefs
[2010/09/18 00:32:30 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/08/15 03:43:00 | 000,000,132 | -H-- | C] () -- C:\Documents and Settings\Owner\Application Data\Adobe GIF Format CS5 Prefs
[2010/08/14 18:10:55 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/14 18:01:48 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/07/02 17:55:24 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2010/07/02 17:55:24 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2010/07/02 17:55:24 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB23946$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6C77675
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D16E7091
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D9D2CAF
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75714345
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07B14078
@Alternate Data Stream - 227 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:409A775B
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:90D89144
@Alternate Data Stream - 221 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F42B5B0E
@Alternate Data Stream - 219 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C6EBC69
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
@Alternate Data Stream - 210 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CA7BED1
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB16385F
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDDD8917
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9000539
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A875255B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6FA4C6D0
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7AD9690
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3F5D210
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C841C093
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C46995DA
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EE5EBE9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07D3634B
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE4589FE
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C1EFF69
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7CACEF61
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:340E7CCA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A7901A9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A2F483A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B00070D
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:621BEE66
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3CE43109
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:798A3728
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54272E15
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E55CE2D1
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F82297CD
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E342738F
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51EA9E41
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CF3212DD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0951C4CC
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1419F1F4
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEF96BC8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F01E7F17
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:618BF152
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB384C06
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C17FCA88
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D066AD2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50823280
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370EF5E8
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7F04040
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1A5D64BE

< End of report >

OTL Extras logfile created on: 18/06/2012 2:34:32 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

750.73 Mb Total Physical Memory | 372.65 Mb Available Physical Memory | 49.64% Memory free
1.04 Gb Paging File | 0.74 Gb Available in Paging File | 70.86% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.92 Gb Total Space | 14.85 Gb Free Space | 20.65% Space Free | Partition Type: NTFS
Drive D: | 2.59 Gb Total Space | 0.85 Gb Free Space | 32.85% Space Free | Partition Type: FAT32

Computer Name: YOUR-7E3633C8EC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
"C:\Program Files\Picasa2\Picasa2.exe" = C:\Program Files\Picasa2\Picasa2.exe:*:Enabled:Picasa2
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare
"C:\Program Files\Phantom EFX\OnlineCasino\bin\OnlineCasino.exe" = C:\Program Files\Phantom EFX\OnlineCasino\bin\OnlineCasino.exe:*:Enabled:OnlineCasino
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
"C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4
"C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS4
"C:\Program Files\Free SMTP Server\localsrv.exe" = C:\Program Files\Free SMTP Server\localsrv.exe:*:Enabled:localsrv
"C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe" = C:\Program Files\Adobe\Adobe Flash CS4\Flash.exe:*:Enabled:Adobe Flash CS4
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\EPCTV\Internet TV & Radio Player\TVPlayer.exe" = C:\Program Files\EPCTV\Internet TV & Radio Player\TVPlayer.exe:*:Enabled:TVPlayer
"C:\Program Files\CoreFTP\coreftp.exe" = C:\Program Files\CoreFTP\coreftp.exe:*:Enabled:Core FTP App
"C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" = C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe" = C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS5
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb -- ()
"C:\Program Files\Veetle\Player\VeetleNet.exe" = C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet -- ()
"C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface
"C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome
"C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe" = C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe:*:Enabled:Servicepoint Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F9AA362-8EBE-4B70-AAD4-39DB7B73BF4B}" = TwitterBlasterPro
"{0FC35CF8-8039-4C79-9C9B-F055F17BB8C3}" = YFB - Youtube Friend Bomber
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{13F864A8-B7AF-4D36-8F23-08C58C7E685B}" = FBP - Facebook Blaster Pro
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 26
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B400A641-5F10-4E10-BD40-C1C7F91A4A94}" = FBP - Facebook Blaster Pro
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE246151-F0E8-ABC8-AEB2-7F3E188EFBF5}" = TweetDeck
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92AD491-3492-41A9-9519-30246440E6B8}" = MFB-MyspaceFriendBomber
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{ECC69E86-3B0E-4010-AA37-414C5D71B7B9}" = RPS CRT
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"FileZilla Client" = FileZilla Client 3.5.3
"Free Mailing List Splitter_is1" = Free Mailing List Splitter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LogoMaker_is1" = LogoMaker 2.0
"Magic Traffic Bot" = Magic Traffic Bot
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Adapters and Drivers
"QcDrv" = Logitech® Camera Driver
"thecasino" = Players Palace
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Veetle TV" = Veetle TV
"Veoh Video Compass" = Veoh Video Compass
"vShare" = vShare Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1608027801-3685476218-1747947367-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Email Sender Deluxe" = Email Sender Deluxe
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/06/2012 2:39:25 PM | Computer Name = YOUR-7E3633C8EC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 13/06/2012 4:38:45 PM | Computer Name = YOUR-7E3633C8EC | Source = Application Error | ID = 1000
Description = Faulting application logomaker.exe, version 1.2.0.1, faulting module
logomaker.exe, version 1.2.0.1, fault address 0x0009c795.

Error - 13/06/2012 11:49:07 PM | Computer Name = YOUR-7E3633C8EC | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 1.1 -- Error 1704.An installation
for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended. You must
undo the changes made by that installation to continue. Do you want to undo those
changes?

Error - 14/06/2012 12:45:42 AM | Computer Name = YOUR-7E3633C8EC | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 15/06/2012 2:35:36 AM | Computer Name = YOUR-7E3633C8EC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 fbp.exe, P2 10.0.0.0, P3 4f1304db, P4 fbp, P5
10.0.0.0, P6 4f1304db, P7 1c, P8 b, P9 system.typeinitialization, P10 NIL.

Error - 15/06/2012 2:35:36 AM | Computer Name = YOUR-7E3633C8EC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 fbp.exe, P2 10.0.0.0, P3 4f1304db, P4 fbp, P5
10.0.0.0, P6 4f1304db, P7 1c, P8 b, P9 system.typeinitialization, P10 NIL.

Error - 15/06/2012 2:40:23 AM | Computer Name = YOUR-7E3633C8EC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 fbp.exe, P2 10.0.0.0, P3 4f1304db, P4 mscorlib,
P5 2.0.0.0, P6 4ef6c16f, P7 f51, P8 0, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 15/06/2012 2:40:23 AM | Computer Name = YOUR-7E3633C8EC | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 fbp.exe, P2 10.0.0.0, P3 4f1304db, P4 mscorlib,
P5 2.0.0.0, P6 4ef6c16f, P7 f51, P8 0, P9 n3ctrye2kn3c34sgl4zqyrbfte4m13nb, P10
NIL.

Error - 15/06/2012 2:43:32 AM | Computer Name = YOUR-7E3633C8EC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/06/2012 11:48:51 PM | Computer Name = YOUR-7E3633C8EC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

[ System Events ]
Error - 18/06/2012 3:09:32 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:16:50 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:17:50 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:19:01 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:25:17 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:26:41 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:27:39 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:35:31 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:38:31 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 18/06/2012 3:39:34 PM | Computer Name = YOUR-7E3633C8EC | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Hey everytime I run combofix it says I have a rootkit.zeroaccess infection and it hard to get out please be patient and I click ok it just does it but always freezes up my pc
Then I must reboot and try again but same ting
I never get a report to show u either
And also just to let u know it might help but everytime I reboot my pc the iexplorer.exe always runs on its own when I loolk at me task manager processes
This is not normal

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.
• Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

And by the way I also habe no internet I get a local area contection limited activity and when I click repair I get immediately windows cannot find an ip or something as error ever since I ran the combo fix

try running combofix in safe mode and see if it will complete - the internet should come back once it runs


gringo

Ok I ran comboxfix in safemode and it froze also it never completed and then I turned on my pc and I got a error windows could not locate comboxfix.bat or someting and no my internet is still not working
Wow it keep getting worse well besides my pc moves faster but everytime I load windows for some reason Iexplorer.exe runs immeadiately

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

• Double click the aswMBR.exe icon to run it
• it will ask to download extra definitions - ALLOW IT
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo