Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS scan results. infected windows xp


  • This topic is locked This topic is locked
25 replies to this topic

#1 dehoo

dehoo

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 27 January 2013 - 04:28 PM

Here is the DDS scan result. Attached File  dds.txt   14.65KB   2 downloads

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.11.2
Run by me at 12:17:48 on 2013-01-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2032 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\WinArchiver Virtual Drive\WAService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\MICROS~4\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = <local>
BHO: Savings Sidekick: {11111111-1111-1111-1111-110011501160} - LocalServer32 - <no file>
BHO: <No Name>: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Evidence Eliminator] c:\program files\evidence eliminator\ee.exe /m
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\me\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{7E75818D-7645-4EE2-B519-1DE6440C87C2} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 WAEMU;waemu;c:\windows\system32\drivers\waemu.sys [2011-7-6 92034]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-1-24 20624]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-24 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-24 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-1-24 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-24 44808]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-7-15 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-13 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-3-25 682344]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2009-12-8 5241448]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-12-21 625304]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2011-7-19 66944]
R2 WinArchiver Service;WinArchiver Service;c:\program files\winarchiver virtual drive\WAService.exe [2011-7-6 196608]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-6-15 242240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-25 21104]
S1 SBRE;SBRE; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-11-23 21504]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-1-1 35144]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-2-5 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2013-01-24 21:19:41 -------- d-----w- c:\documents and settings\me\application data\HTML Executable
2013-01-24 21:15:59 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-24 21:15:59 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-01-24 21:14:06 41224 ----a-w- c:\windows\avastSS.scr
2013-01-24 21:13:23 -------- d-----w- c:\program files\AVAST Software
2013-01-24 21:13:23 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-01-24 19:04:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-24 17:14:36 -------- d-----w- c:\windows\system32\Adobe
2013-01-24 16:20:56 -------- d-----w- C:\RegBackup
2013-01-24 16:19:15 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2013-01-24 04:14:46 -------- d-----w- c:\documents and settings\me\application data\SUPERAntiSpyware.com
2013-01-24 04:14:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-24 04:14:34 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-01-23 17:31:17 -------- d-----w- c:\documents and settings\me\application data\ParetoLogic
2013-01-23 17:31:02 -------- d-----w- c:\program files\common files\ParetoLogic
2013-01-23 17:30:55 -------- d-----w- c:\program files\ParetoLogic
2013-01-23 17:30:55 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2013-01-23 15:56:37 -------- d-----w- c:\documents and settings\all users\application data\ErrorEND
2013-01-23 15:30:12 -------- d-----w- c:\program files\MSXML 6.0
2013-01-22 18:08:01 -------- d-----w- C:\CAT-Logs
2013-01-14 19:12:33 -------- d-----w- c:\program files\uTorrent
2013-01-14 19:11:46 -------- d-----w- c:\documents and settings\me\application data\uTorrent
2013-01-09 11:32:27 -------- d-----w- c:\windows\SDold
2013-01-01 18:34:28 138864 ----a-w- c:\windows\system32\drivers\63391749.sys
2013-01-01 18:32:31 138864 ----a-w- c:\windows\system32\drivers\732D12F4.sys
2013-01-01 18:26:19 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-31 06:14:39 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2012-12-31 06:14:38 -------- d-----w- c:\program files\Belarc
.
==================== Find3M ====================
.
2013-01-13 02:49:58 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-13 02:49:58 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-09 04:27:41 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 04:27:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01:39 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 12:18:53.76 ===============

Edited by nasdaq, 30 January 2013 - 11:37 AM.
dds log posted.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:52 AM

Posted 30 January 2013 - 11:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Posted Image
  • Select All Users
  • Under the Custom Scan box paste this text in bold in
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search for AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

Let me know what problem persists.

Please paste the logs in your next topic, DO NOT attach them.

#3 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 30 January 2013 - 01:43 PM

Hi nasdaq,
thanks for your reply, I will follow instructions given. One question though on the OTL download, I cannot download or find the version that you have shown...No much of a differnec however the OTL I download does not have the "Include 64bit Scans" option. Is this ok or should I just continue on with the OTL your link leads too?

Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:52 AM

Posted 30 January 2013 - 01:53 PM

Yes continue, my image may not be the latest version.
Scan all users.

#5 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 30 January 2013 - 01:54 PM

Thanks! Will do.

#6 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 31 January 2013 - 02:32 PM

Hi,
Here are the scans logs requested. I was not able to get the "Extras" log for OTL.
Thank you very much, I hope you are able to find something!


OTL SCAN:

OTL logfile created on: 1/30/2013 11:51:22 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\me\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 70.95% Memory free
5.84 Gb Paging File | 5.07 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070L:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 88.04 Gb Free Space | 57.40% Space Free | Partition Type: NTFS
Drive L: | 232.88 Gb Total Space | 44.32 Gb Free Space | 19.03% Space Free | Partition Type: NTFS

Computer Name: 5D9C77FDF23248E | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 10:55:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
PRC - [2013/01/14 11:12:38 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/06 15:35:06 | 004,032,968 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2012/11/01 11:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/11/16 12:00:06 | 002,535,232 | ---- | M] (Robin Hood Software Ltd.) -- C:\Program Files\Evidence Eliminator\Ee.exe
PRC - [2011/08/10 19:26:18 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/07/06 17:52:28 | 000,196,608 | ---- | M] () -- C:\Program Files\WinArchiver Virtual Drive\WAService.exe
PRC - [2010/01/21 00:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2009/12/08 06:14:28 | 005,241,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/04/13 16:12:19 | 001,598,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/30 00:23:42 | 002,049,536 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13013000\algo.dll
MOD - [2012/10/22 11:15:10 | 001,277,952 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
MOD - [2012/07/09 17:57:30 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
MOD - [2012/03/23 10:07:34 | 000,224,768 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\libupnp.dll
MOD - [2012/02/15 03:32:06 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/15 03:31:25 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/15 03:25:38 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
MOD - [2012/02/15 03:21:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 03:21:30 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/15 03:21:01 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/15 03:18:14 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/12/06 16:19:48 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/13 02:13:50 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/06 17:52:28 | 000,196,608 | ---- | M] () -- C:\Program Files\WinArchiver Virtual Drive\WAService.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/08 06:14:28 | 005,241,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
MOD - [2008/11/19 15:02:54 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [1996/05/03 22:05:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\MSGHOO32.OCX


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/08 20:27:43 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/06 17:52:28 | 000,196,608 | ---- | M] () [Auto | Running] -- C:\Program Files\WinArchiver Virtual Drive\WAService.exe -- (WinArchiver Service)
SRV - [2011/05/25 18:46:28 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/08 06:14:28 | 005,241,448 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/10/20 10:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (asvo8t6p)
DRV - [2013/01/01 10:26:19 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 15:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/06/15 16:41:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/24 09:17:45 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/23 09:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 17:57:28 | 000,092,034 | ---- | M] (WinArchiver Computing, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\waemu.sys -- (WAEMU)
DRV - [2011/04/30 04:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 04:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 03:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/12/20 02:52:04 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2009/12/30 09:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/28 09:40:18 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/10/28 09:40:14 | 000,070,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/08/04 15:40:04 | 000,165,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2006/03/31 13:38:00 | 003,960,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/12 14:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzytBtCtAyB0DzyzztAzztC0BzytN0D0Tzu0CtBtCyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1313756871
IE - HKLM\..\SearchScopes\{5435D481-3560-4B88-6A45-66859DAFA6D5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{5b50c4e8-dbbf-4810-8ddb-494b10f695bb}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=0Fxdm017YYca&ptnrS=0Fxdm017YYca&si=189286&ptb=C58D83E4-7DA0-4034-A220-CA1C7D6C5D7A&ind=2012083111&n=77edf3a7&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes\{5b50c4e8-dbbf-4810-8ddb-494b10f695bb}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=0Fxdm017YYca&ptnrS=0Fxdm017YYca&si=189286&ptb=C58D83E4-7DA0-4034-A220-CA1C7D6C5D7A&ind=2012083111&n=77edf3a7&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLD_en
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom14.xpi [2012/03/22 16:40:42 | 000,102,505 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/01 11:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\


========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.4_0\
CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2013/01/24 08:33:09 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - Reg Error: Value error. File not found
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe (Robin Hood Software Ltd.)
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\me\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E75818D-7645-4EE2-B519-1DE6440C87C2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/04/18 17:25:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/01/15 13:38:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 01:52:18 | 000,000,080 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e8668b3a-07ec-11e1-a993-00192137d983}\Shell - "" = AutoRun
O33 - MountPoints2\{e8668b3a-07ec-11e1-a993-00192137d983}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 10:55:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2013/01/24 13:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\My Documents\Keys
[2013/01/24 13:26:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/24 13:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\HTML Executable
[2013/01/24 13:16:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/01/24 13:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2013/01/24 13:16:06 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/01/24 13:16:01 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/01/24 13:16:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/01/24 13:15:59 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/01/24 13:15:59 | 000,020,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2013/01/24 13:15:58 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/01/24 13:15:58 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/01/24 13:15:57 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/01/24 13:14:06 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/01/24 13:14:04 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/01/24 13:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/24 13:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/24 11:04:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/24 11:04:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/24 11:04:28 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/24 09:14:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/01/24 08:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\fixes
[2013/01/24 08:33:05 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/24 08:20:56 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/01/24 08:19:15 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/01/24 08:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/01/23 20:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
[2013/01/23 20:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/01/23 20:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/01/23 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/23 14:28:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/01/23 11:46:48 | 070,674,496 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\me\My Documents\mpam-fe.exe
[2013/01/23 09:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\ParetoLogic
[2013/01/23 09:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Start Menu\Programs\ParetoLogic
[2013/01/23 09:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013/01/23 09:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013/01/23 09:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/01/23 07:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/01/23 07:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/01/22 10:08:01 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2013/01/14 11:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2013/01/14 11:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\uTorrent
[2013/01/12 18:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/12 18:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/09 03:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SDold
[2013/01/01 11:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\My Documents\cham
[2013/01/01 10:34:28 | 000,138,864 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\63391749.sys
[2013/01/01 10:32:31 | 000,138,864 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\732D12F4.sys
[2013/01/01 10:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\My Documents\mbar
[2011/02/15 23:04:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\me\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 11:27:05 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/30 11:23:58 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/30 10:55:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2013/01/30 10:12:51 | 000,580,235 | ---- | M] () -- C:\Documents and Settings\me\Desktop\adwcleaner.exe
[2013/01/30 10:12:32 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\me\Desktop\SecurityCheck.exe
[2013/01/30 09:45:11 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/30 09:43:24 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/01/30 09:43:21 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 09:43:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/30 09:39:50 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Pro.job
[2013/01/30 09:39:49 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8CDD45F6-6CDD-4292-8E22-3E37AA88A3BD}.job
[2013/01/30 04:15:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 6467501e-bf07-4591-88e9-6b54b30065d0.job
[2013/01/30 04:00:01 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c548ff7c-a61a-4058-ad5a-ae84e0d03929.job
[2013/01/29 18:00:01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/01/25 10:51:50 | 000,000,352 | ---- | M] () -- C:\0
[2013/01/25 07:47:24 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2013/01/24 13:27:23 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/24 13:16:07 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2013/01/24 13:15:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/24 08:33:48 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/24 08:33:09 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/24 08:16:33 | 005,419,212 | ---- | M] () -- C:\Documents and Settings\me\My Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/01/23 20:14:40 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/01/23 12:31:00 | 000,008,515 | ---- | M] () -- C:\Documents and Settings\me\My Documents\drivers abstract 2013.pdf
[2013/01/23 11:46:17 | 070,674,496 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\me\My Documents\mpam-fe.exe
[2013/01/23 09:31:06 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\me\Desktop\RegCure Pro.lnk
[2013/01/19 17:46:49 | 000,195,072 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 01:12:08 | 001,564,672 | ---- | M] (Tweaking.com) -- C:\Documents and Settings\me\Desktop\Repair_Windows.exe
[2013/01/17 07:28:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/14 11:12:39 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/14 11:12:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/01/13 17:40:21 | 000,032,919 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Home Maintenance Handyman.pdf
[2013/01/12 18:49:58 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/01/12 18:49:58 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/01/09 01:02:49 | 000,000,009 | ---- | M] () -- C:\END
[2013/01/08 20:27:41 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/08 20:27:41 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/05 21:34:35 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/01/01 10:34:28 | 000,138,864 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\63391749.sys
[2013/01/01 10:32:31 | 000,138,864 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\732D12F4.sys
[2013/01/01 10:26:19 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/01/01 02:03:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/30 10:12:47 | 000,580,235 | ---- | C] () -- C:\Documents and Settings\me\Desktop\adwcleaner.exe
[2013/01/30 10:12:27 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\me\Desktop\SecurityCheck.exe
[2013/01/26 12:22:21 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c548ff7c-a61a-4058-ad5a-ae84e0d03929.job
[2013/01/24 13:16:07 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2013/01/24 13:15:51 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/24 08:16:31 | 005,419,212 | ---- | C] () -- C:\Documents and Settings\me\My Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/01/23 20:15:15 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 6467501e-bf07-4591-88e9-6b54b30065d0.job
[2013/01/23 20:14:40 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/01/23 12:31:00 | 000,008,515 | ---- | C] () -- C:\Documents and Settings\me\My Documents\drivers abstract 2013.pdf
[2013/01/23 09:31:25 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/01/23 09:31:06 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\me\Desktop\RegCure Pro.lnk
[2013/01/23 09:31:06 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/01/23 09:31:05 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2013/01/23 09:31:04 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Pro.job
[2013/01/14 11:12:39 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/14 11:12:39 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/01/13 17:40:21 | 000,032,919 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Home Maintenance Handyman.pdf
[2013/01/09 01:02:21 | 000,000,009 | ---- | C] () -- C:\END
[2013/01/01 10:26:19 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/30 22:14:39 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/06/07 14:59:37 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\me\log.html
[2012/04/02 18:26:31 | 000,009,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/04/02 18:16:49 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/02 18:16:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/02 18:16:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/02 18:16:22 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/02/14 19:57:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 19:08:50 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF325.ini
[2011/12/19 18:44:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/12/19 18:44:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/12/19 18:44:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/12/19 18:44:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/12/19 18:44:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/12/19 18:44:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/12/19 18:44:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/12/19 18:44:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/12/19 18:44:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/12/19 18:44:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/12/19 18:44:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/12/19 18:44:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/12/19 18:44:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/12/19 18:44:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/12/19 18:44:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/12/19 18:44:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/12/19 18:41:38 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2011/12/19 18:41:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2011/12/10 10:42:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/10/10 09:39:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2011/10/10 09:14:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/24 16:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imwords.dat
[2011/09/24 16:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\im_markovian.dat
[2011/09/24 16:19:39 | 000,001,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/09/24 12:59:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/09/24 07:13:37 | 000,608,552 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/08/27 11:27:12 | 000,984,190 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\census.cache
[2011/08/27 11:27:05 | 000,196,885 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\ars.cache
[2011/08/27 11:18:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\housecall.guid.cache
[2011/08/09 08:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/08/04 15:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/19 22:21:53 | 000,611,840 | ---- | C] () -- C:\WINDOWS\System32\DVD43.dll
[2011/07/16 18:47:01 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2011/07/14 14:07:50 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2011/06/30 10:19:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/06/24 08:37:38 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\me\default.pls
[2011/05/21 17:32:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2011/03/15 23:33:56 | 000,000,478 | RHS- | C] () -- C:\Documents and Settings\me\ntuser.pol
[2011/02/28 22:56:56 | 000,000,106 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/02/28 21:53:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/26 16:47:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/02/26 16:42:03 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2011/02/15 23:04:51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\me\Application Data\inst.exe
[2011/02/15 23:04:51 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\me\Application Data\pcouffin.cat
[2011/02/15 23:04:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\me\Application Data\pcouffin.inf
[2011/02/15 22:59:30 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\me\Application Data\vso_ts_preview.xml
[2011/02/13 23:56:48 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2011/02/13 17:49:12 | 000,195,072 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 12:16:09 | 000,037,907 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Comma Separated Values (Windows).ADR
[2011/01/15 14:08:38 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2011/01/15 13:35:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 08:09:07 | 001,555,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 16:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 16:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 16:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 05:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 16:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 16:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 09:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 16:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 16:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 16:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 16:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 16:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 16:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 16:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 16:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 05:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 16:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 16:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 04:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 16:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 16:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 16:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 16:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/26 21:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 16:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 16:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 16:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 16:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 16:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 15:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 16:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 16:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 16:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 16:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 16:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 04:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 16:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 16:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/09 22:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\8 Skin Pack\Backup\explorer.exe
[2008/04/13 16:12:19 | 001,598,464 | ---- | M] (Microsoft Corporation) MD5=3CBD21AF59C88873B1A0D427E11AE276 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,598,464 | ---- | M] (Microsoft Corporation) MD5=3CBD21AF59C88873B1A0D427E11AE276 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/03/15 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2006/03/15 04:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.ASFX >
[2010/10/25 14:15:46 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2010/10/25 14:15:46 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2010/10/25 14:13:46 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 03:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 16:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 02:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 03:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/03/15 04:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2011/02/26 11:48:05 | 000,001,602 | ---- | M] () MD5=D7642F19295C5E3D304C85CFCFF7F0FC -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2006/03/15 04:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/03/15 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Documents and Settings\me\My Documents\cham\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/15 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/15 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Documents and Settings\me\My Documents\cham\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2006/03/15 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2006/03/15 04:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\0:SummaryInformation
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD

< End of report >



SECURITY CHECK SCAN:

Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 11
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````


ADWCLEANER SCAN:

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 11:23:06
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : me - 5D9C77FDF23248E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\me\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files\Smartdl

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Savings Sidekick
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\PIP
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[R1].txt - [6420 octets] - [29/09/2012 17:12:05]
AdwCleaner[R2].txt - [6480 octets] - [29/09/2012 22:08:18]
AdwCleaner[R3].txt - [3243 octets] - [30/09/2012 09:16:02]
AdwCleaner[R4].txt - [2989 octets] - [31/01/2013 11:23:06]
AdwCleaner[S1].txt - [7295 octets] - [29/09/2012 22:08:52]
AdwCleaner[S2].txt - [3472 octets] - [30/09/2012 09:16:14]

########## EOF - C:\AdwCleaner[R4].txt - [3169 octets] ##########

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:52 AM

Posted 01 February 2013 - 09:58 AM

Run OTL - Double-click OTL.exe Posted Image to start it.


===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Let me know what problem persists on this computer.

#8 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 01 February 2013 - 01:45 PM

Hi,
Thanks for your reply and instructions! I have posted the new OLT quick scan log as well as the adwcleaner log. I hope that this helps all issues. Was there anything very serious?
Anyhow, Thank you very much for your help. I will keep you posted wth in the next few days with and issues or if all is well.

Greatly appreciated!
Dehoo

OTL logfile created on: 2/1/2013 10:26:32 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\me\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 71.58% Memory free
5.84 Gb Paging File | 4.89 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070L:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 87.75 Gb Free Space | 57.21% Space Free | Partition Type: NTFS
Drive L: | 232.88 Gb Total Space | 44.32 Gb Free Space | 19.03% Space Free | Partition Type: NTFS

Computer Name: 5D9C77FDF23248E | User Name: me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 10:55:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
PRC - [2013/01/14 11:12:38 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/06 15:35:06 | 004,032,968 | ---- | M] (Binary Fortress Software) -- C:\Program Files\DisplayFusion\DisplayFusion.exe
PRC - [2012/11/01 11:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/11/16 12:00:06 | 002,535,232 | ---- | M] (Robin Hood Software Ltd.) -- C:\Program Files\Evidence Eliminator\Ee.exe
PRC - [2011/08/10 19:26:18 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2011/07/06 17:52:28 | 000,196,608 | ---- | M] () -- C:\Program Files\WinArchiver Virtual Drive\WAService.exe
PRC - [2010/01/21 00:18:38 | 000,226,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2009/12/08 06:14:28 | 005,241,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/04/13 16:12:19 | 001,598,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/01 01:48:41 | 002,049,536 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13020100\algo.dll
MOD - [2012/10/22 11:15:10 | 001,277,952 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
MOD - [2012/07/09 17:57:30 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
MOD - [2012/03/23 10:07:34 | 000,224,768 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\libupnp.dll
MOD - [2012/02/15 03:32:06 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/15 03:31:25 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/15 03:25:38 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
MOD - [2012/02/15 03:21:43 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/15 03:21:30 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/15 03:21:01 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/15 03:18:14 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011/12/06 16:19:48 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
MOD - [2011/11/03 07:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/13 02:13:50 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/06 17:52:28 | 000,196,608 | ---- | M] () -- C:\Program Files\WinArchiver Virtual Drive\WAService.exe
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/01/21 00:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 19:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/12/08 06:14:28 | 005,241,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
MOD - [2008/11/19 15:02:54 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\custmon32.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [1996/05/03 22:05:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\MSGHOO32.OCX


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2013/01/12 03:27:33 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/08 20:27:43 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/07/11 10:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/07/06 17:52:28 | 000,196,608 | ---- | M] () [Auto | Running] -- C:\Program Files\WinArchiver Virtual Drive\WAService.exe -- (WinArchiver Service)
SRV - [2011/05/25 18:46:28 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/02 21:34:12 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/01/21 16:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/08 06:14:28 | 005,241,448 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2009/10/20 10:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2005/09/23 06:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a9qtj1nf)
DRV - [2013/01/01 10:26:19 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 15:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/06/15 16:41:31 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/03/24 09:17:45 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/11/23 09:37:48 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2011/08/09 16:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 08:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 13:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 17:57:28 | 000,092,034 | ---- | M] (WinArchiver Computing, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\waemu.sys -- (WAEMU)
DRV - [2011/04/30 04:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 04:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 03:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/12/20 02:52:04 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf)
DRV - [2009/12/30 09:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/28 09:40:18 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/10/28 09:40:14 | 000,070,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/10/20 10:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/08/04 15:40:04 | 000,165,920 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2006/03/31 13:38:00 | 003,960,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/08/12 14:31:12 | 000,098,432 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5435D481-3560-4B88-6A45-66859DAFA6D5}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.londondrugs.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AURU_en
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom14.xpi [2012/03/22 16:40:42 | 000,102,505 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/04/01 11:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\


========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.4_0\
CHR - Extension: No name found = C:\Documents and Settings\me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2013/01/24 08:33:09 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [DisplayFusion] C:\Program Files\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe (Robin Hood Software Ltd.)
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\me\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3582242982-3851030550-3400347935-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E75818D-7645-4EE2-B519-1DE6440C87C2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2011/04/18 17:25:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/01/15 13:38:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 01:52:18 | 000,000,080 | ---- | M] () - L:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{e8668b3a-07ec-11e1-a993-00192137d983}\Shell - "" = AutoRun
O33 - MountPoints2\{e8668b3a-07ec-11e1-a993-00192137d983}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 10:11:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/30 10:55:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2013/01/24 13:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\My Documents\Keys
[2013/01/24 13:26:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/24 13:19:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\HTML Executable
[2013/01/24 13:16:07 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/01/24 13:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2013/01/24 13:16:06 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/01/24 13:16:01 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/01/24 13:16:00 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/01/24 13:15:59 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/01/24 13:15:59 | 000,020,624 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2013/01/24 13:15:58 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/01/24 13:15:58 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/01/24 13:15:57 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/01/24 13:14:06 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/01/24 13:14:04 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/01/24 13:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/24 13:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/01/24 09:14:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2013/01/24 08:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Desktop\fixes
[2013/01/24 08:33:05 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/24 08:20:56 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/01/24 08:19:15 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2013/01/24 08:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/01/23 20:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\SUPERAntiSpyware.com
[2013/01/23 20:14:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/01/23 20:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/01/23 20:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/23 14:28:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/01/23 09:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\ParetoLogic
[2013/01/23 09:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Start Menu\Programs\ParetoLogic
[2013/01/23 09:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2013/01/23 09:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2013/01/23 09:30:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/01/23 07:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2013/01/23 07:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2013/01/22 10:08:01 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2013/01/14 11:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2013/01/14 11:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\me\Application Data\uTorrent
[2013/01/12 18:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/01/12 18:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/01/09 03:32:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SDold
[2011/02/15 23:04:51 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\me\Application Data\pcouffin.sys
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/01 10:27:10 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/01 10:22:01 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/01 10:19:29 | 000,000,308 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/01 10:17:24 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/02/01 10:17:21 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 10:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/01 09:26:08 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2013/02/01 04:15:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 6467501e-bf07-4591-88e9-6b54b30065d0.job
[2013/02/01 04:00:02 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c548ff7c-a61a-4058-ad5a-ae84e0d03929.job
[2013/01/31 22:06:33 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8CDD45F6-6CDD-4292-8E22-3E37AA88A3BD}.job
[2013/01/31 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/01/30 20:56:08 | 001,227,118 | ---- | M] () -- C:\Documents and Settings\me\Desktop\pag_ULKA_web.pdf
[2013/01/30 10:55:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\me\Desktop\OTL.exe
[2013/01/30 10:12:51 | 000,580,235 | ---- | M] () -- C:\Documents and Settings\me\Desktop\adwcleaner.exe
[2013/01/30 10:12:32 | 000,881,914 | ---- | M] () -- C:\Documents and Settings\me\Desktop\SecurityCheck.exe
[2013/01/30 09:39:50 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Pro.job
[2013/01/25 10:51:50 | 000,000,352 | ---- | M] () -- C:\0
[2013/01/24 13:27:23 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/01/24 13:16:07 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2013/01/24 13:15:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/01/24 08:33:48 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/01/24 08:33:09 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/01/24 08:16:33 | 005,419,212 | ---- | M] () -- C:\Documents and Settings\me\My Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/01/23 20:14:40 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/01/23 12:31:00 | 000,008,515 | ---- | M] () -- C:\Documents and Settings\me\My Documents\drivers abstract 2013.pdf
[2013/01/23 09:31:06 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\me\Desktop\RegCure Pro.lnk
[2013/01/19 17:46:49 | 000,195,072 | ---- | M] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 01:12:08 | 001,564,672 | ---- | M] (Tweaking.com) -- C:\Documents and Settings\me\Desktop\Repair_Windows.exe
[2013/01/17 07:28:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/14 11:12:39 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/14 11:12:39 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/01/13 17:40:21 | 000,032,919 | ---- | M] () -- C:\Documents and Settings\me\Desktop\Home Maintenance Handyman.pdf
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/30 20:56:08 | 001,227,118 | ---- | C] () -- C:\Documents and Settings\me\Desktop\pag_ULKA_web.pdf
[2013/01/30 10:12:47 | 000,580,235 | ---- | C] () -- C:\Documents and Settings\me\Desktop\adwcleaner.exe
[2013/01/30 10:12:27 | 000,881,914 | ---- | C] () -- C:\Documents and Settings\me\Desktop\SecurityCheck.exe
[2013/01/26 12:22:21 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task c548ff7c-a61a-4058-ad5a-ae84e0d03929.job
[2013/01/24 13:16:07 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2013/01/24 13:15:51 | 000,000,308 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/01/24 08:16:31 | 005,419,212 | ---- | C] () -- C:\Documents and Settings\me\My Documents\tweaking.com_windows_repair_aio_setup.exe
[2013/01/23 20:15:15 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 6467501e-bf07-4591-88e9-6b54b30065d0.job
[2013/01/23 20:14:40 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2013/01/23 12:31:00 | 000,008,515 | ---- | C] () -- C:\Documents and Settings\me\My Documents\drivers abstract 2013.pdf
[2013/01/23 09:31:25 | 000,000,438 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/01/23 09:31:06 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\me\Desktop\RegCure Pro.lnk
[2013/01/23 09:31:06 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/01/23 09:31:05 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2013/01/23 09:31:04 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Pro.job
[2013/01/14 11:12:39 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/01/14 11:12:39 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2013/01/13 17:40:21 | 000,032,919 | ---- | C] () -- C:\Documents and Settings\me\Desktop\Home Maintenance Handyman.pdf
[2013/01/01 10:26:19 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2012/12/30 22:14:39 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2012/06/07 14:59:37 | 000,000,418 | ---- | C] () -- C:\Documents and Settings\me\log.html
[2012/04/02 18:26:31 | 000,009,548 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012/04/02 18:16:49 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/02 18:16:45 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/02 18:16:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/02 18:16:22 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012/02/14 19:57:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 19:08:50 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF325.ini
[2011/12/19 18:44:00 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/12/19 18:44:00 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/12/19 18:44:00 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/12/19 18:44:00 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/12/19 18:44:00 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/12/19 18:44:00 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/12/19 18:44:00 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/12/19 18:44:00 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/12/19 18:44:00 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/12/19 18:44:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/12/19 18:44:00 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/12/19 18:44:00 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/12/19 18:44:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/12/19 18:44:00 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/12/19 18:44:00 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/12/19 18:44:00 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/12/19 18:41:38 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2011/12/19 18:41:29 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2011/12/10 10:42:25 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/10/10 09:39:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2011/10/10 09:14:27 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/09/24 16:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imwords.dat
[2011/09/24 16:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\im_markovian.dat
[2011/09/24 16:19:39 | 000,001,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\search_result.xml
[2011/09/24 12:59:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\imblacklist.dat
[2011/09/24 07:13:37 | 000,608,552 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/08/27 11:27:12 | 000,984,190 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\census.cache
[2011/08/27 11:27:05 | 000,196,885 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\ars.cache
[2011/08/27 11:18:14 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\housecall.guid.cache
[2011/08/09 08:41:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/08/04 15:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/19 22:21:53 | 000,611,840 | ---- | C] () -- C:\WINDOWS\System32\DVD43.dll
[2011/07/16 18:47:01 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2011/07/14 14:07:50 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2011/06/30 10:19:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2011/06/24 08:37:38 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\me\default.pls
[2011/05/21 17:32:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2011/03/15 23:33:56 | 000,000,478 | RHS- | C] () -- C:\Documents and Settings\me\ntuser.pol
[2011/02/28 22:56:56 | 000,000,106 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/02/28 21:53:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/26 16:47:44 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/02/26 16:42:03 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2011/02/15 23:04:51 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\me\Application Data\inst.exe
[2011/02/15 23:04:51 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\me\Application Data\pcouffin.cat
[2011/02/15 23:04:51 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\me\Application Data\pcouffin.inf
[2011/02/15 22:59:30 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\me\Application Data\vso_ts_preview.xml
[2011/02/13 23:56:48 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2011/02/13 17:49:12 | 000,195,072 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 12:16:09 | 000,037,907 | ---- | C] () -- C:\Documents and Settings\me\Application Data\Comma Separated Values (Windows).ADR
[2011/01/15 14:08:38 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\me\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2011/01/15 13:35:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 08:09:07 | 001,555,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 16:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/18 17:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alias
[2013/01/24 13:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/24 07:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\b9420000-4900-4ab8-cd2e-bfd4633b6b3
[2011/01/15 15:05:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/06/15 16:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/25 19:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2012/01/08 19:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/01/23 10:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ErrorEND
[2011/01/20 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2012/11/15 13:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2011/07/14 21:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/02/16 17:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2013/01/23 09:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/03/14 12:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/03/18 10:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/04/18 17:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/08 19:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2011/02/16 11:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/04/18 17:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Autodesk
[2012/11/11 16:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\calibre
[2012/11/20 15:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\DAEMON Tools Lite
[2011/05/25 19:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\DassaultSystemes
[2011/07/14 14:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\deskDOC DWG to PDF Professional
[2013/01/23 09:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\DisplayFusion
[2012/03/26 17:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\DriverCure
[2012/06/15 12:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\ElevatedDiagnostics
[2012/08/20 13:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Epson
[2013/01/24 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\HTML Executable
[2012/11/15 13:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Individual Software
[2011/09/03 13:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Leadertech
[2011/05/25 21:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Luxology
[2012/07/10 19:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Oracle
[2013/01/23 09:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\ParetoLogic
[2012/02/09 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Passware
[2011/09/24 07:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\QuickScan
[2011/12/27 17:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Rovio
[2011/01/15 14:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Simple Star
[2011/07/03 19:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\SmartDraw
[2011/01/15 14:35:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Snapfish
[2012/10/07 17:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Thinstall
[2013/02/01 10:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\uTorrent
[2013/01/30 09:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Vso
[2012/12/11 00:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Windows Desktop Search
[2011/12/04 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Windows Search
[2012/10/26 09:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\me\Application Data\Xilisoft
[2011/09/24 08:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\QuickScan

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\0:SummaryInformation

< End of report >


ADWCLEANER LOG


# AdwCleaner v2.109 - Logfile created 02/01/2013 at 10:14:20
# Updated 26/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : me - 5D9C77FDF23248E
# Boot Mode : Normal
# Running from : C:\Documents and Settings\me\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files\Smartdl

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Savings Sidekick
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022502260}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[R1].txt - [6420 octets] - [29/09/2012 17:12:05]
AdwCleaner[R2].txt - [6480 octets] - [29/09/2012 22:08:18]
AdwCleaner[R3].txt - [3243 octets] - [30/09/2012 09:16:02]
AdwCleaner[R4].txt - [3238 octets] - [31/01/2013 11:23:06]
AdwCleaner[S1].txt - [7295 octets] - [29/09/2012 22:08:52]
AdwCleaner[S2].txt - [3472 octets] - [30/09/2012 09:16:14]
AdwCleaner[S3].txt - [2540 octets] - [01/02/2013 10:14:20]

########## EOF - C:\AdwCleaner[S3].txt - [2600 octets] ##########

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:52 AM

Posted 01 February 2013 - 02:03 PM

Nothing very bad was removed.

Most were of the PUP (Potentially Unwanted Program) that are installed without you consent.

Any remaining issues?

#10 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 01 February 2013 - 02:19 PM

Hi,
Still cannot update windows (previous post) Checks computer for required updates, asks me to download either express or custom, I use express and it will not download, it wiil show the following error below. This also happens when I click on custom.


X Files required to use Windows Update are no longer registered or installed on your computer. To continue:


Register or reinstall the files for me now (Recommended)
Let me read about more steps that might be required to solve the problem

After I click to register or reinstall it will continually loop to download and then re-register and so on...

I will continue to see what is not working.
Thanks again!

Edited by dehoo, 01 February 2013 - 02:21 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:52 AM

Posted 02 February 2013 - 08:49 AM

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#12 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 02 February 2013 - 01:44 PM

Thanks for your reply, Here are the scan results for Farbar:

Farbar Service Scanner Version: 30-01-2013
Ran by me (administrator) on 02-02-2013 at 10:41:49
Running from "C:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5\1BR8L946"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2011-01-15 13:36] - [2008-04-13 16:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2006-03-15 04:00] - [2009-02-06 03:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315


Extra List:
=======
aswTdi(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0C00000004000000030000000B0000000C0000000A00000002000000080000000600000007000000050000000100000009000000
IpSec Tag value is correct.

**** End of log ****

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:52 AM

Posted 02 February 2013 - 02:47 PM

How do I reset Windows Update components?
http://support.microsoft.com/kb/971058
===

If still no joy, navigate to this page.
http://answers.microsoft.com/en-us/windows/forum/windows_xp-windows_update/windows-xp-will-not-update-automatically-from/d702a14e-001a-4a59-a301-b99d72ad159c

Execute the instructions to register the files as per the 3rd post.

A. User replied on January 19, 2010

Restart the computer when all files are registered.

Keep me posted.

#14 dehoo

dehoo
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia
  • Local time:07:52 AM

Posted 02 February 2013 - 11:42 PM

Hi,
Neither worked....
In the first try to reset windows components, in cmd prompt, I cannot load ◦regsvr32.exe mshtml.dll
In the second "no joy section"
Cannot load "regsvr32 MSXML3.dll" comes back with a error code of 0x80070005

Tried the Hotfix as well and it will come back with a "Troubleshooting cannot continue because an error has occured" Please try again later....after it tries to load MSXML 6.0...
Frustrating!

Thanks
dehoo

Edited by dehoo, 02 February 2013 - 11:57 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:52 AM

Posted 03 February 2013 - 11:09 AM

Download and run this Microsoft Safety Scanner
You will find the instruction under Method 2: Scan for malware on this page.

http://support.microsoft.com/kb/968003#method4

Try the update now.

p.s. If you have many updates to do, just do one at a time. It might help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users