Infected with apype browser hacker virus

Solved
By vicky279
Sep 18, 2012
Topic Status:
Not open for further replies.
  1. I am infected with a browser hacker virus for a day now. It probably came from a software called YuoTubeDownloader. I cannot uninstall it and I also have an extention in firefox called YuoTubeDownloader 3.0.0.0. I cannot disable it either. It re-enables itself after I start firefox the next time after I 'Restart now' when I disable it. I have scanned my computer with Bitdefender Internet Security 2011 but it didn't find any viruses. I also have a free version of MalwareBytes AntiMalware but it didn't catch any viruses either. I had even updated both the softwares before scanning. I don't know what to do. I don't want any information to be compromised from my computer. I am using Windows 7 Professional 32-bit version. Please help!
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    Thanks a lot for replying. Sorry for writing 'please help' in the topic name. Out of frustration I had searched on google for tools to remove this malware and I came across a malware remover called PC Tools so I downloaded, installed and used it but my browser was still affected so I uninstalled it. I didn't uninstall my current antivirus Bitdefender Internet Security 2011 though. I also scanned my pc with regclean pro after I uninstalled it. I apologize for doing so but I didn't know I was not allowed to make changes to my computer before the malware was removed. My system restore is disabled for all drives so its useless. I am posting all the log results as asked. I performed all the scans as described. Here are the results
    (I have removed the programs list from Attach log of DDS but I can provide it if its very important)

    # AdwCleaner v2.002 - Logfile created 09/19/2012 at 03:40:30
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : Vicky - VICKY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Vicky\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Users\Vicky\AppData\Local\Temp\Uninstall.exe
    Folder Found : C:\ProgramData\Trymedia
    Folder Found : C:\Users\House\AppData\LocalLow\AskToolbar
    Folder Found : C:\Users\House\AppData\LocalLow\Search Settings
    Folder Found : C:\Users\Vicky\AppData\Local\APN
    Folder Found : C:\Users\Vicky\AppData\Local\Temp\AskSearch
    Folder Found : C:\Users\Vicky\AppData\Local\Temp\TempDir
    Folder Found : C:\Users\Vicky\AppData\Local\TempDir
    Folder Found : C:\Users\Vicky\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Vicky\AppData\Roaming\OpenCandy
    Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Folder Found : C:\Windows\system32\TempDir

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Found : HKLM\Software\GamePlayLabs
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Found : HKU\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\House\AppData\Roaming\Mozilla\Firefox\Profiles\asu9wrvh.default\prefs.js

    Found : user_pref("browser.search.defaultengine", "Ask.com");
    Found : user_pref("browser.search.order.1", "Ask.com");
    Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://in.search.yahoo.com/search?fr=greentre[...]

    *************************

    AdwCleaner[R1].txt - [3208 octets] - [19/09/2012 03:40:30]

    ########## EOF - C:\AdwCleaner[R1].txt - [3268 octets] ##########




    Malwarebytes Log

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.09.18.08

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Vicky :: VICKY-PC [administrator]

    19-Sep-12 3:01:53 AM
    mbam-log-2012-09-19 (03-01-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 263279
    Time elapsed: 7 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)




    GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-09-19 03:22:06
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD2500AAJS-07M0A0 rev.01.03E01
    Running: szpxx73d.exe; Driver: C:\Users\Vicky\AppData\Local\Temp\fgloypoc.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdePort0 856701E8
    Device \Driver\atapi \Device\Ide\IdePort1 856701E8
    Device \Driver\atapi \Device\Ide\IdePort2 856701E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 856701E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 856701E8
    Device \Driver\a04vod8m \Device\Scsi\a04vod8m1 8699D430
    Device \Driver\a04vod8m \Device\Scsi\a04vod8m1Port4Path0Target0Lun0 8699D430
    Device \FileSystem\Ntfs \Ntfs 856721E8

    ---- EOF - GMER 1.0.15 ----




    DDS Logs


    DDS Log

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Vicky at 3:23:17 on 2012-09-19
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2046 [GMT 5.5:30]
    .
    AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
    C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\BinarySense\hldasvc.exe
    C:\Program Files\Common Files\BinarySense\hldasvc.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Process Lasso\processlasso.exe
    C:\Program Files\Process Lasso\processgovernor.exe
    C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
    C:\Windows\system32\nlssrv32.exe
    C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Chameleon Folder 2\chfolder.exe
    C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\ElectraSoft\mbc\MBC.EXE
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://apype.com
    mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
    mDefault_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
    uURLSearchHooks: H - No File
    uURLSearchHooks: YuoTubeDownloader: {3d175337-41e3-48eb-a754-493577f658b9} - c:\windows\system32\YuoTubeDownloader.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {0E7B5242-346E-652E-0A16-3BF61F895702} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: YuoTubeDownloader: {3d175337-41e3-48eb-a754-493577f658b9} - c:\windows\system32\YuoTubeDownloader.dll
    BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 10\Mm8InternetExplorer.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
    TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
    TB: YuoTubeDownloader: {3d175337-41e3-48eb-a754-493577f658b9} - c:\windows\system32\YuoTubeDownloader.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [Chameleon Folder] c:\program files\chameleon folder 2\chfolder.exe
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [Reasonable NoClone]
    StartupFolder: c:\users\vicky\appdata\roaming\micros~1\windows\startm~1\programs\startup\mouseb~1.lnk - c:\program files\electrasoft\mbc\MBC.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE:
    IE: Add to Link Commander collection
    IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: Send Image To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/201
    IE: Send Link To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/203
    IE: Send Page To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/204
    IE: Send Text To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/202
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 10\Mm8InternetExplorer.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    TCP: Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D} : NameServer = 59.185.0.23,59.185.0.50
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - e:\vicky\installed\mindjet mindmanager\sys\MmInternetExplorerActiveSetup.vbs
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\vicky\appdata\roaming\mozilla\firefox\profiles\fhijf7ns.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.gigabase.ru/search?clid=1&q=
    FF - prefs.js: browser.search.selectedEngine - Custom search
    FF - prefs.js: browser.startup.homepage - hxxp://apype.com
    FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\vicky\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\vicky\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\vicky\appdata\roaming\mozilla\plugins\np-mswmp.dll
    FF - plugin: c:\users\vicky\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\vicky\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.defaulturl - hxxp://www.gigabase.ru/search?clid=1&q=
    FF - user.js: keyword.URL - hxxp://www.gigabase.ru/search?clid=1&q=
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 FancyRd;Primo Ramdisk Controller;c:\windows\system32\drivers\fancyrd.sys [2012-9-17 158144]
    R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-8-20 72784]
    R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2010-8-20 88144]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
    R2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\ashampoo\ashampoo hdd control 2\AHDDC2_Service.exe [2012-9-17 1518504]
    R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-6-27 2310544]
    R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2012-3-5 845640]
    R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\comodo\icedragon\icedragon_updater.exe [2012-9-10 446664]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2012-5-25 66560]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-14 1262400]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-9-17 2754984]
    R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-12-26 43936]
    R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2012-2-29 6852]
    R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-29 242240]
    R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2012-1-26 24848]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-6-14 148800]
    R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2012-5-24 31848]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-9 414824]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2012-9-17 25088]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-3-11 25704]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-3-11 25704]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-3-11 25704]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-3-11 25704]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-3-11 25704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-4-30 104872]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
    S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
    S3 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]
    S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo hdd control 2\DfSdkS.exe [2012-9-17 406016]
    S3 ExpressAccountsService;Express Accounts;c:\program files\nch software\expressaccounts\expressaccounts.exe [2012-6-27 3081220]
    S3 GSService;GSService;c:\windows\system32\GSService.exe [2012-1-26 249856]
    S3 Media Center 17 Service;Media Center 17 Service;c:\program files\j river\media center 17\JRService.exe [2012-9-17 394920]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 114144]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys [2012-1-25 39048]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-12-26 27192]
    S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2012-5-24 31848]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-26 52224]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-11-30 307544]
    S4 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
    .
    =============== Created Last 30 ================
    .
    2012-09-18 16:51:26 -------- d-----w- c:\users\vicky\appdata\roaming\PC Tools
    2012-09-18 14:33:02 -------- d-----w- c:\users\vicky\appdata\local\Threat Expert
    2012-09-18 07:51:03 767960 ----a-w- c:\windows\BDTSupport.dll0947.old
    2012-09-18 07:51:02 2267096 ----a-w- c:\windows\PCTBDCore.dll0947.old
    2012-09-18 07:51:02 149464 ----a-w- c:\windows\SGDetectionTool.dll0947.old
    2012-09-18 07:50:00 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-09-18 07:49:46 -------- d-----w- c:\program files\PC Tools
    2012-09-18 07:15:46 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-09-18 07:15:46 -------- d-----w- c:\program files\common files\PC Tools
    2012-09-18 07:14:24 -------- d-----w- c:\programdata\PC Tools
    2012-09-18 07:14:23 -------- d-----w- c:\users\vicky\appdata\roaming\TestApp
    2012-09-18 05:43:12 -------- d-----w- c:\program files\Mindjet
    2012-09-17 17:58:50 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2012-09-17 17:58:50 -------- d-----w- c:\program files\TeamViewer
    2012-09-17 17:55:44 -------- d-----w- c:\users\vicky\appdata\roaming\calibre
    2012-09-17 17:55:29 -------- d-----w- c:\program files\Calibre2
    2012-09-17 17:52:54 -------- d-----w- c:\program files\FrostWire 5
    2012-09-17 17:43:26 -------- d-----w- c:\users\vicky\appdata\local\Usmania_Code
    2012-09-17 17:43:19 -------- d-----w- c:\programdata\Usmania Code
    2012-09-17 17:43:03 -------- d-----w- c:\program files\Usmania Code
    2012-09-17 17:43:02 -------- d--h--r- C:\AHCache
    2012-09-17 17:42:09 -------- d-----w- c:\program files\Throttle
    2012-09-17 17:26:53 -------- d-----w- c:\users\vicky\appdata\roaming\SurfAnonymousFree
    2012-09-17 17:26:53 -------- d-----w- c:\programdata\SurfAnonymousFree
    2012-09-17 17:25:53 -------- d-----w- c:\program files\CalcTape
    2012-09-17 17:22:50 -------- d-----w- c:\users\vicky\appdata\local\DeskShare
    2012-09-17 17:22:35 -------- d-----w- c:\programdata\firebird
    2012-09-17 17:22:34 -------- d-----w- c:\users\vicky\appdata\local\DeskShare Data
    2012-09-17 17:22:32 -------- d-----w- c:\programdata\Deskshare
    2012-09-17 17:22:26 -------- d-----w- c:\users\vicky\appdata\local\Spoon
    2012-09-17 17:22:23 -------- d-----w- c:\program files\Deskshare
    2012-09-17 17:19:07 538544 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
    2012-09-17 17:19:07 1791920 ----a-w- c:\windows\system32\Codejock.Controls.v13.1.0.ocx
    2012-09-17 17:19:07 1226672 ----a-w- c:\windows\system32\Codejock.ReportControl.v13.1.0.ocx
    2012-09-17 17:19:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
    2012-09-17 17:19:06 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2012-09-17 17:19:06 2320304 ----a-w- c:\windows\system32\Codejock.CommandBars.v13.1.0.ocx
    2012-09-17 17:19:05 -------- d-----w- c:\program files\Reminder Commander
    2012-09-17 17:17:53 19392 ----a-w- c:\windows\system32\drivers\rxbsknl.sys
    2012-09-17 17:17:53 158144 ----a-w- c:\windows\system32\drivers\fancyrd.sys
    2012-09-17 17:17:52 -------- d-----w- c:\program files\Primo Ramdisk Ultimate Edition
    2012-09-17 17:15:29 -------- d-----w- c:\program files\Photo Stamp Remover
    2012-09-17 17:14:03 -------- d-----w- c:\program files\YuoTubeDownloader
    2012-09-17 17:10:59 -------- d-----w- C:\mbc
    2012-09-17 17:09:21 -------- d-----w- c:\program files\RobotSoft
    2012-09-17 17:08:31 -------- d-----w- c:\program files\mirabyte
    2012-09-17 17:07:05 5632 ----a-w- c:\windows\system32\pxc25pm.dll
    2012-09-17 17:06:37 -------- d-----w- c:\programdata\Mindjet
    2012-09-17 17:05:28 -------- d-----w- c:\users\vicky\appdata\local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
    2012-09-17 17:02:45 -------- d-----w- c:\users\vicky\appdata\roaming\Maxprog
    2012-09-17 17:02:35 -------- d-----w- c:\program files\eMail Extractor
    2012-09-17 17:01:18 -------- d-----w- c:\users\vicky\appdata\roaming\CommonDataMSI
    2012-09-17 17:01:14 -------- d-----w- c:\users\vicky\appdata\roaming\Iconico
    2012-09-17 17:01:13 -------- d-----w- c:\program files\LineReader
    2012-09-17 17:00:24 -------- d-----w- c:\users\vicky\appdata\roaming\MyPhoneExplorer
    2012-09-17 17:00:18 -------- d-----w- c:\program files\MyPhoneExplorer
    2012-09-17 16:52:22 -------- d-----w- c:\program files\GtkSharp
    2012-09-17 16:52:12 -------- d-----w- c:\program files\Kepard
    2012-09-17 16:50:53 -------- d-----w- c:\program files\ChordWizard
    2012-09-17 16:00:00 381608 ------w- c:\windows\system32\MC17.exe
    2012-09-17 15:59:59 76 ----a-w- c:\windows\system32\netjr32.dll
    2012-09-17 15:59:59 585728 ------w- c:\windows\system32\AReadyLB.dll
    2012-09-17 15:59:59 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
    2012-09-17 15:59:58 -------- d-----w- c:\program files\J River
    2012-09-17 15:59:41 -------- d-----w- c:\users\vicky\appdata\roaming\J River
    2012-09-17 15:55:48 -------- d-----w- c:\programdata\Mirolit
    2012-09-17 15:55:47 -------- d-----w- c:\program files\Mirolit
    2012-09-17 15:53:34 -------- d-----w- c:\program files\Geometry Expressions v3.0
    2012-09-17 15:51:01 -------- d-----w- c:\program files\common files\System-G
    2012-09-17 15:51:00 -------- d-----w- c:\program files\Gammadyne Mailer
    2012-09-17 15:49:52 -------- d-----w- c:\program files\ThunderSoft
    2012-09-17 15:47:49 -------- d-----w- c:\program files\DreamCalc DC4P
    2012-09-17 15:46:34 -------- d-----w- c:\users\vicky\appdata\roaming\DiskSpaceFan
    2012-09-17 15:46:29 -------- d-----w- c:\program files\Cookapp
    2012-09-17 15:44:59 -------- d-----w- c:\users\vicky\appdata\roaming\Direct Folders
    2012-09-17 15:44:32 -------- d-----w- c:\program files\Direct Folders
    2012-09-17 15:37:15 -------- d-----w- c:\program files\BitTorrent Ultra Accelerator
    2012-09-17 15:35:33 -------- d-----w- c:\program files\Tint Guide
    2012-09-17 15:35:32 -------- d-----w- c:\program files\Beauty Guide
    2012-09-17 15:31:08 -------- d-----w- c:\users\vicky\appdata\roaming\Scooter Software
    2012-09-17 15:31:01 -------- d-----w- c:\program files\Beyond Compare 3
    2012-09-17 15:21:49 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
    2012-09-17 15:21:44 -------- d-----w- c:\program files\Ashampoo
    2012-09-17 15:19:04 -------- d-----w- c:\users\vicky\appdata\roaming\Writer's Cafe 2
    2012-09-17 15:18:14 -------- d-----w- c:\program files\Writer's Cafe 2
    2012-09-17 15:16:55 -------- d-----w- c:\program files\Acmework
    2012-09-13 12:02:30 -------- d-----w- c:\program files\Office 2010 Trial Extender
    2012-09-05 11:10:10 446464 ----a-w- c:\windows\system32\YuoTubeDownloader.dll
    2012-09-04 22:59:25 -------- d-----w- c:\users\vicky\appdata\local\Apple Computer
    2012-09-03 08:13:46 -------- d-----w- c:\program files\RocketDock
    2012-09-03 06:51:02 3405312 ----a-w- c:\windows\system32\xpsrchvw.exe
    2012-09-03 06:51:01 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2012-09-03 06:51:00 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
    2012-09-02 06:21:39 -------- d-----w- c:\users\vicky\appdata\roaming\Rovio
    2012-09-01 08:05:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-08-30 07:46:38 -------- d-----w- c:\programdata\ProcessLasso
    2012-08-30 07:45:47 -------- d-----w- c:\users\vicky\appdata\roaming\ProcessLasso
    2012-08-30 07:45:46 -------- d-----w- c:\program files\Process Lasso
    2012-08-30 07:05:19 -------- d-----w- c:\users\vicky\appdata\roaming\Wise Disk Cleaner
    .
    ==================== Find3M ====================
    .
    2012-09-01 08:05:23 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-01 08:05:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-30 07:41:20 2256 ----a-w- c:\windows\system32\ASOROSet.bin
    2012-08-22 18:01:43 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-22 18:01:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-17 19:20:33 45320 ----a-w- c:\windows\system32\certsentry.dll
    2012-07-20 06:37:48 34308 ----a-w- c:\windows\system32\LB603.dll
    2012-07-20 06:36:58 157696 ----a-w- c:\windows\system32\asxtract.dll
    2012-07-20 06:36:58 136008 ----a-w- c:\windows\system32\MSINET.Ocx
    2012-07-14 07:30:49 4024320 ----a-w- c:\program files\GUT1A06.tmp
    2012-07-13 12:17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-07-13 12:17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-07-12 09:28:24 233888 ----a-w- c:\windows\system32\DreamScene.dll
    2012-07-12 08:45:01 233888 ----a-w- c:\windows\system32\DreamScene.dll.2086
    2012-07-03 08:16:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-27 14:29:47 34308 ----a-w- c:\programdata\mazuki.dll
    2012-06-27 10:53:09 2755072 ----a-w- c:\windows\system32\themeui.dll
    2012-06-27 10:53:07 37376 ----a-w- c:\windows\system32\themeservice.dll
    2012-06-27 10:53:06 249856 ----a-w- c:\windows\system32\uxtheme.dll
    2010-07-08 05:07:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
    .
    ============= FINISH: 3:24:10.33 ===============


    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15-Dec-11 12:07:28 PM
    System Uptime: 19-Sep-12 2:52:09 AM (1 hours ago)
    .
    Motherboard: MAXTONE | | 945GC(HIS)
    Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | CPU 1 | 2203/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 54 GiB total, 8.175 GiB free.
    D: is FIXED (NTFS) - 90 GiB total, 24.519 GiB free.
    E: is FIXED (NTFS) - 59 GiB total, 7.027 GiB free.
    F: is FIXED (NTFS) - 31 GiB total, 9.544 GiB free.
    G: is CDROM ()
    H: is CDROM ()
    I: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    I have quite many installed programs so I cut out this part but I can post the whole thing if you ask

    ==== Event Viewer Messages From Past Week ========
    .
    19-Sep-12 2:52:57 AM, Error: Service Control Manager [7000] - The WebcamMax, WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    18-Sep-12 10:19:46 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    18-Sep-12 1:22:49 PM, Error: PCTCore [280] -
    17-Sep-12 8:52:26 PM, Error: Service Control Manager [7034] - The Ashampoo HDD Control 2 Service service terminated unexpectedly. It has done this 1 time(s).
    17-Sep-12 10:12:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    17-Sep-12 10:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    17-Sep-12 10:10:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    17-Sep-12 10:10:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf bdfsfltr bdfwfpf CSC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    17-Sep-12 10:10:26 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    17-Sep-12 10:08:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdfsfltr spldr
    17-Sep-12 10:08:30 PM, Error: Service Control Manager [7000] - The bdfm service failed to start due to the following error: A device attached to the system is not functioning.
    17-Sep-12 10:08:24 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    17-Sep-12 10:08:24 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    14-Sep-12 7:08:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  5. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    Thanks for replying. I downloaded AdwCleaner and did as you said. The log was as below. It asked me to restart the computer before the log could be created so I clicked ok. Then I downloaded ComboFix but it didn't ask me for its filename to be saved. Also this virus has deleted all my extension settings and firefox settings so now it automatically downloads to the Downloads folder. So is it alright if I cut paste this file to the desktop then rename and then follow the procedure mentioned?

    AdwCleaner log

    # AdwCleaner v2.002 - Logfile created 09/19/2012 at 22:58:49
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : Vicky - VICKY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Vicky\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\Vicky\AppData\Local\Temp\Uninstall.exe
    Folder Deleted : C:\ProgramData\Trymedia
    Folder Deleted : C:\Users\House\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\House\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Vicky\AppData\Local\APN
    Folder Deleted : C:\Users\Vicky\AppData\Local\Temp\AskSearch
    Folder Deleted : C:\Users\Vicky\AppData\Local\Temp\TempDir
    Folder Deleted : C:\Users\Vicky\AppData\Local\TempDir
    Folder Deleted : C:\Users\Vicky\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Vicky\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Folder Deleted : C:\Windows\system32\TempDir

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
    Key Deleted : HKLM\Software\GamePlayLabs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-21-499340394-4099650204-2415665824-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\prefs.js

    C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\user.js ... Deleted !

    [OK] File is clean.

    Profile name : default
    File : C:\Users\House\AppData\Roaming\Mozilla\Firefox\Profiles\asu9wrvh.default\prefs.js

    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://in.search.yahoo.com/search?fr=greentre[...]

    *************************

    AdwCleaner[R1].txt - [3337 octets] - [19/09/2012 03:40:30]
    AdwCleaner[S1].txt - [3826 octets] - [19/09/2012 22:58:49]

    ########## EOF - C:\AdwCleaner[S1].txt - [3886 octets] ##########
  6. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    Okay I downloaded Combofix to the Downloads folder then put it on the desktop, renamed it svchost.exe and then ran it. I had disabled my AV Bitdefender Internet Security 2011 as much as possible before running ComboFix. Although it said it would take about 10-20 minutes only, the process was very slow. Though I have a snappy computer, It took 11 hours to reach Completed stage 48 and it was stuck there so I decided to run it in safe mode. I have tried pressing F8 key in the past for going into safe mode but it somehow doesn't work for me due to my mobo probably so I use msconfig to get into safe mode by changing boot settings to Safe boot - minimal. After my pc booted into safe mode, I ran ComboFix and it took almost just 10-12 minutes to complete all the stages. Then it rebooted the computer itself. When it rebooted into safe mode again, the log appeared. Then I tried to go to msconfig again to change the boot settings to normal but it said something like msconfig is set for deletion and I wasn't able to open it. So I did a restart after which I was able to get into msconfig and able to select normal boot again. After restarting again, there was no network so I restarted my pc once again and after this restart I got back my internet(atleast the icon showed). I pulled the power plug on my modem thinking I would change the homepage that would still be there so that after connecting to the internet I wouldn't be taken to that malicious page apype dot com and starwebsearch dot com again. So I changed the homepage to google.com and closed the browser. Then I reconnected the modem's power and when it showed I had network access, I started firefox. But it still opened the horror page. When the infection was new, it used to give me wrong suggestions everywhere and do many other things but now only my homepage is reversed to that site again and again. Even my searchbar engine does not change like it used to get changed just like my homepage. It stays on google These good changes happened when I used PC Tools. So would just a fresh install of firefox be enough for deleting this virus? The logs of the ComboFix scan are as follows. Thanks again for helping.

    ComboFix 12-09-18.07 - Vicky 20-Sep-12 10:48:26.2.2 - x86 MINIMAL
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2341 [GMT 5.5:30]
    Running from: c:\users\Vicky\Desktop\svchost.exe.exe
    AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
    FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
    SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    ADS - Windows: deleted 192 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\mazuki.dll
    c:\users\Vicky\AppData\Local\assembly\tmp
    c:\users\Vicky\AppData\Roaming\FFSJ
    c:\users\Vicky\AppData\Roaming\FFSJ\FFSJ.cfg
    c:\windows\system32\Config.cfg
    c:\windows\system32\DreamScene.dll.2086
    c:\windows\system32\netjr32.dll
    c:\windows\system32\roboot.exe
    c:\windows\system32\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_VCS
    -------\Service_Vcs
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-20 05:28 . 2012-09-20 05:30 -------- d-----w- c:\users\Vicky\AppData\Local\temp
    2012-09-20 05:28 . 2012-09-20 05:28 -------- d-----w- c:\users\UpdatusUser.Vicky-PC\AppData\Local\temp
    2012-09-19 17:33 . 2012-09-19 17:33 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
    2012-09-19 17:33 . 2012-09-19 17:33 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
    2012-09-19 17:33 . 2012-09-19 17:33 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
    2012-09-19 17:33 . 2012-09-19 17:33 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
    2012-09-19 17:33 . 2012-09-19 17:33 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
    2012-09-19 17:33 . 2012-09-19 17:33 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
    2012-09-19 17:33 . 2012-09-19 17:33 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
    2012-09-19 17:33 . 2012-09-19 17:33 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
    2012-09-19 17:33 . 2012-09-19 17:33 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
    2012-09-19 17:33 . 2012-09-19 17:33 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
    2012-09-19 17:33 . 2012-09-19 17:33 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
    2012-09-19 17:32 . 2012-09-19 17:32 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
    2012-09-19 17:32 . 2012-09-19 17:32 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
    2012-09-19 17:32 . 2012-09-19 17:32 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
    2012-09-19 17:32 . 2012-09-19 17:32 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
    2012-09-19 17:32 . 2012-09-19 17:32 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
    2012-09-19 17:32 . 2012-09-19 17:32 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
    2012-09-18 16:51 . 2012-09-18 16:51 -------- d-----w- c:\users\Vicky\AppData\Roaming\PC Tools
    2012-09-18 14:33 . 2012-09-18 14:33 -------- d-----w- c:\users\Vicky\AppData\Local\Threat Expert
    2012-09-18 07:51 . 2012-06-22 06:08 767960 ----a-w- c:\windows\BDTSupport.dll0947.old
    2012-09-18 07:51 . 2012-06-22 06:09 149464 ----a-w- c:\windows\SGDetectionTool.dll0947.old
    2012-09-18 07:51 . 2012-06-22 06:09 2267096 ----a-w- c:\windows\PCTBDCore.dll0947.old
    2012-09-18 07:50 . 2012-06-22 10:03 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
    2012-09-18 07:49 . 2012-09-18 07:49 -------- d-----w- c:\program files\PC Tools
    2012-09-18 07:15 . 2012-09-18 21:17 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-09-18 07:15 . 2012-06-22 10:04 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
    2012-09-18 07:14 . 2012-09-18 21:15 -------- d-----w- c:\programdata\PC Tools
    2012-09-18 07:14 . 2012-09-18 07:14 -------- d-----w- c:\users\Vicky\AppData\Roaming\TestApp
    2012-09-18 05:43 . 2012-09-18 05:43 -------- d-----w- c:\program files\Mindjet
    2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\program files\TeamViewer
    2012-09-17 17:58 . 2012-08-07 10:36 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2012-09-17 17:55 . 2012-09-17 17:56 -------- d-----w- c:\users\Vicky\AppData\Roaming\calibre
    2012-09-17 17:55 . 2012-09-17 17:55 -------- d-----w- c:\program files\Calibre2
    2012-09-17 17:52 . 2012-09-17 17:53 -------- d-----w- c:\program files\FrostWire 5
    2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----w- c:\users\Vicky\AppData\Local\Usmania_Code
    2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----w- c:\programdata\Usmania Code
    2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----w- c:\program files\Usmania Code
    2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----r- C:\AHCache
    2012-09-17 17:42 . 2012-09-17 17:42 -------- d-----w- c:\program files\Throttle
    2012-09-17 17:26 . 2012-09-17 17:36 -------- d-----w- c:\users\Vicky\AppData\Roaming\SurfAnonymousFree
    2012-09-17 17:26 . 2012-09-17 17:36 -------- d-----w- c:\programdata\SurfAnonymousFree
    2012-09-17 17:25 . 2012-09-17 17:25 -------- d-----w- c:\program files\CalcTape
    2012-09-17 17:22 . 2012-09-17 17:36 -------- d-----w- c:\users\Vicky\AppData\Local\DeskShare
    2012-09-17 17:22 . 2012-09-17 17:25 -------- d-----w- c:\programdata\firebird
    2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\users\Vicky\AppData\Local\DeskShare Data
    2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\programdata\Deskshare
    2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\users\Vicky\AppData\Local\Spoon
    2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\program files\Deskshare
    2012-09-17 17:19 . 2009-06-16 06:06 1226672 ----a-w- c:\windows\system32\Codejock.ReportControl.v13.1.0.ocx
    2012-09-17 17:19 . 2009-06-16 05:05 1791920 ----a-w- c:\windows\system32\Codejock.Controls.v13.1.0.ocx
    2012-09-17 17:19 . 2008-08-22 02:05 538544 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
    2012-09-17 17:19 . 2009-06-16 05:05 2320304 ----a-w- c:\windows\system32\Codejock.CommandBars.v13.1.0.ocx
    2012-09-17 17:19 . 2004-03-08 18:30 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
    2012-09-17 17:19 . 1998-06-17 19:30 89360 ----a-w- c:\windows\system32\VB5DB.DLL
    2012-09-17 17:19 . 2012-09-17 17:19 -------- d-----w- c:\program files\Reminder Commander
    2012-09-17 17:17 . 2012-06-24 09:08 158144 ----a-w- c:\windows\system32\drivers\fancyrd.sys
    2012-09-17 17:17 . 2012-04-18 11:42 19392 ----a-w- c:\windows\system32\drivers\rxbsknl.sys
    2012-09-17 17:17 . 2012-09-17 21:34 -------- d-----w- c:\program files\Primo Ramdisk Ultimate Edition
    2012-09-17 17:15 . 2012-09-17 17:15 -------- d-----w- c:\program files\Photo Stamp Remover
    2012-09-17 17:10 . 2012-09-17 17:10 -------- d-----w- C:\mbc
    2012-09-17 17:09 . 2012-09-17 17:09 -------- d-----w- c:\program files\RobotSoft
    2012-09-17 17:08 . 2012-09-17 17:08 -------- d-----w- c:\program files\mirabyte
    2012-09-17 17:07 . 2006-01-30 03:02 5632 ----a-w- c:\windows\system32\pxc25pm.dll
    2012-09-17 17:06 . 2012-09-17 17:06 -------- d-----w- c:\programdata\Mindjet
    2012-09-17 17:05 . 2012-09-17 17:05 -------- d-----w- c:\users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
    2012-09-17 17:02 . 2012-09-17 17:02 -------- d-----w- c:\users\Vicky\AppData\Roaming\Maxprog
    2012-09-17 17:02 . 2012-09-17 17:02 -------- d-----w- c:\program files\eMail Extractor
    2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\users\Vicky\AppData\Roaming\CommonDataMSI
    2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\users\Vicky\AppData\Roaming\Iconico
    2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\program files\LineReader
    2012-09-17 17:00 . 2012-09-17 17:00 -------- d-----w- c:\users\Vicky\AppData\Roaming\MyPhoneExplorer
    2012-09-17 17:00 . 2012-09-17 17:57 -------- d-----w- c:\program files\MyPhoneExplorer
    2012-09-17 16:52 . 2012-09-17 16:52 -------- d-----w- c:\program files\GtkSharp
    2012-09-17 16:52 . 2012-09-17 16:52 -------- d-----w- c:\program files\Kepard
    2012-09-17 16:50 . 2012-09-17 16:50 -------- d-----w- c:\program files\ChordWizard
    2012-09-17 16:00 . 2012-08-13 20:07 381608 ------w- c:\windows\system32\MC17.exe
    2012-09-17 15:59 . 2012-08-13 16:00 585728 ------w- c:\windows\system32\AReadyLB.dll
    2012-09-17 15:59 . 2012-08-13 16:00 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
    2012-09-17 15:59 . 2012-09-17 15:59 -------- d-----w- c:\program files\J River
    2012-09-17 15:59 . 2012-09-17 15:59 -------- d-----w- c:\users\Vicky\AppData\Roaming\J River
    2012-09-17 15:55 . 2012-09-17 15:57 -------- d-----w- c:\programdata\Mirolit
    2012-09-17 15:55 . 2012-09-17 15:55 -------- d-----w- c:\program files\Mirolit
    2012-09-17 15:53 . 2012-09-17 15:53 -------- d-----w- c:\program files\Geometry Expressions v3.0
    2012-09-17 15:51 . 2012-09-17 15:51 -------- d-----w- c:\program files\Common Files\System-G
    2012-09-17 15:51 . 2012-09-17 16:44 -------- d-----w- c:\program files\Gammadyne Mailer
    2012-09-17 15:49 . 2012-09-17 15:49 -------- d-----w- c:\program files\ThunderSoft
    2012-09-17 15:47 . 2012-09-17 15:48 -------- d-----w- c:\program files\DreamCalc DC4P
    2012-09-17 15:46 . 2012-09-17 15:46 -------- d-----w- c:\users\Vicky\AppData\Roaming\DiskSpaceFan
    2012-09-17 15:46 . 2012-09-17 15:46 -------- d-----w- c:\program files\Cookapp
    2012-09-17 15:44 . 2012-09-17 15:45 -------- d-----w- c:\users\Vicky\AppData\Roaming\Direct Folders
    2012-09-17 15:44 . 2012-09-17 15:44 -------- d-----w- c:\program files\Direct Folders
    2012-09-17 15:37 . 2012-09-17 15:38 -------- d-----w- c:\program files\BitTorrent Ultra Accelerator
    2012-09-17 15:35 . 2012-09-17 15:35 -------- d-----w- c:\program files\Tint Guide
    2012-09-17 15:35 . 2012-09-17 15:35 -------- d-----w- c:\program files\Beauty Guide
    2012-09-17 15:31 . 2012-09-17 15:31 -------- d-----w- c:\users\Vicky\AppData\Roaming\Scooter Software
    2012-09-17 15:31 . 2012-09-17 15:31 -------- d-----w- c:\program files\Beyond Compare 3
    2012-09-17 15:21 . 2009-08-24 16:38 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
    2012-09-17 15:21 . 2012-09-17 15:21 -------- d-----w- c:\program files\Ashampoo
    2012-09-17 15:19 . 2012-09-17 15:19 -------- d-----w- c:\users\Vicky\AppData\Roaming\Writer's Cafe 2
    2012-09-17 15:18 . 2012-09-17 15:20 -------- d-----w- c:\program files\Writer's Cafe 2
    2012-09-17 15:16 . 2012-09-17 15:16 -------- d-----w- c:\program files\Acmework
    2012-09-14 20:59 . 2012-09-14 20:59 -------- d-----w- c:\users\Vicky\AppData\Roaming\dvdcss
    2012-09-13 12:02 . 2012-09-13 12:02 -------- d-----w- c:\program files\Office 2010 Trial Extender
    2012-09-05 11:10 . 2012-09-05 11:10 446464 ----a-w- c:\windows\system32\YuoTubeDownloader.dll
    2012-09-05 08:33 . 2012-09-05 08:33 -------- d-----w- c:\users\House\AppData\Roaming\Design Science
    2012-09-04 22:59 . 2012-09-05 18:52 -------- d-----w- c:\users\Vicky\AppData\Local\Apple Computer
    2012-09-03 08:13 . 2012-09-03 08:13 -------- d-----w- c:\program files\RocketDock
    2012-09-03 06:51 . 2009-07-14 01:14 3405312 ----a-w- c:\windows\system32\xpsrchvw.exe
    2012-09-03 06:51 . 2010-11-20 12:17 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2012-09-03 06:51 . 2010-11-20 12:17 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2012-09-02 06:21 . 2012-09-02 06:21 -------- d-----w- c:\users\Vicky\AppData\Roaming\Rovio
    2012-09-01 08:05 . 2012-09-01 08:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-08-30 07:46 . 2012-08-30 07:46 -------- d-----w- c:\programdata\ProcessLasso
    2012-08-30 07:45 . 2012-08-30 07:47 -------- d-----w- c:\users\Vicky\AppData\Roaming\ProcessLasso
    2012-08-30 07:45 . 2012-08-30 07:53 -------- d-----w- c:\program files\Process Lasso
    2012-08-30 07:05 . 2012-08-30 07:06 -------- d-----w- c:\users\Vicky\AppData\Roaming\Wise Disk Cleaner
    2012-08-23 13:07 . 2012-08-23 13:07 -------- d-----w- c:\users\House\AppData\Roaming\Comodo
    2012-08-23 13:07 . 2012-08-23 13:07 -------- d-----w- c:\users\House\AppData\Local\Comodo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-01 08:05 . 2012-01-01 17:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-01 08:05 . 2011-12-16 09:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-22 18:01 . 2012-04-10 16:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-22 18:01 . 2011-12-15 11:14 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-17 19:20 . 2012-08-12 15:11 45320 ----a-w- c:\windows\system32\certsentry.dll
    2012-07-20 06:37 . 2012-07-20 06:37 34308 ----a-w- c:\windows\system32\LB603.dll
    2012-07-20 06:36 . 2012-07-20 06:36 157696 ----a-w- c:\windows\system32\asxtract.dll
    2012-07-20 06:36 . 2012-07-20 06:36 136008 ----a-w- c:\windows\system32\MSINET.Ocx
    2012-07-14 07:30 . 2012-07-14 07:30 4024320 ----a-w- c:\program files\GUT1A06.tmp
    2012-07-13 14:34 . 2012-07-13 14:34 53248 ----a-r- c:\users\Vicky\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-07-13 12:17 . 2012-01-20 12:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-07-13 12:17 . 2012-01-20 12:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-07-12 09:28 . 2012-07-12 08:45 233888 ----a-w- c:\windows\system32\DreamScene.dll
    2012-07-03 08:16 . 2011-12-26 16:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-27 10:53 . 2011-12-26 14:34 2755072 ----a-w- c:\windows\system32\themeui.dll
    2012-06-27 10:53 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
    2012-06-27 10:53 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
    2010-07-08 05:07 . 2010-07-08 05:07 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
    2012-09-08 07:08 . 2012-09-08 07:08 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{3d175337-41e3-48eb-a754-493577f658b9}"= "c:\windows\system32\YuoTubeDownloader.dll" [2012-09-05 446464]
    .
    [HKEY_CLASSES_ROOT\clsid\{3d175337-41e3-48eb-a754-493577f658b9}]
    [HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD.1]
    [HKEY_CLASSES_ROOT\TypeLib\{942926A2-CC3B-4970-9AD6-D9056D197CE6}]
    [HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d175337-41e3-48eb-a754-493577f658b9}]
    2012-09-05 11:10 446464 ----a-w- c:\windows\System32\YuoTubeDownloader.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3d175337-41e3-48eb-a754-493577f658b9}"= "c:\windows\system32\YuoTubeDownloader.dll" [2012-09-05 446464]
    .
    [HKEY_CLASSES_ROOT\clsid\{3d175337-41e3-48eb-a754-493577f658b9}]
    [HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD.1]
    [HKEY_CLASSES_ROOT\TypeLib\{942926A2-CC3B-4970-9AD6-D9056D197CE6}]
    [HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-15 718208]
    "Chameleon Folder"="c:\program files\Chameleon Folder 2\chfolder.exe" [2012-03-09 2906112]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-12-26 92352]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-12-26 1451928]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\users\House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
    .
    c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Mouse Button Control.lnk - c:\program files\ElectraSoft\mbc\MBC.EXE [2012-9-17 458752]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent Ultra Accelerator.lnk
    backup=c:\windows\pss\BitTorrent Ultra Accelerator.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DFX.lnk
    backup=c:\windows\pss\DFX.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
    backup=c:\windows\pss\MobileGo Service.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
    backup=c:\windows\pss\RocketDock.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkinPackMenu.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SkinPackMenu.lnk
    backup=c:\windows\pss\SkinPackMenu.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
    backup=c:\windows\pss\UberIcon.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
    backup=c:\windows\pss\YzShadow.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Direct Folders.lnk]
    path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Folders.lnk
    backup=c:\windows\pss\Direct Folders.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
    path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk]
    path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk
    backup=c:\windows\pss\PersonalBrain.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    NA [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-20 15:58 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-04-02 04:48 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
    2010-08-20 04:27 107816 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
    2012-04-11 23:08 1163072 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-01-01 14:32 136176 ----atw- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTurbo]
    2012-04-16 08:44 177152 ----a-w- c:\program files\iNTERNET Turbo\ITTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LearnWords Launcher]
    2012-03-26 23:18 792576 ----a-w- c:\program files\LearnWords\LearnWords.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
    2012-07-02 22:55 38288 ----a-w- e:\vicky\Installed\Mindjet MindManager\MmReminderService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-18 15:26 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-07-13 12:17 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
    R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [x]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    R2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [x]
    R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [x]
    R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [x]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
    R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [x]
    R2 VBoxDrv;VBox Support Driver;c:\program files\YouWave_Android\vb\VBoxDrv.sys [x]
    R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
    R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
    R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
    R3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [x]
    R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [x]
    R3 ExpressAccountsService;Express Accounts;c:\program files\NCH Software\ExpressAccounts\expressaccounts.exe [x]
    R3 GSService;GSService;c:\windows\system32\GSService.exe [x]
    R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
    R3 Media Center 17 Service;Media Center 17 Service;c:\program files\J River\Media Center 17\JRService.exe [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
    R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
    R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
    R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
    R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
    R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
    R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
    R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
    R4 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
    S0 FancyRd;Primo Ramdisk Controller;c:\windows\system32\DRIVERS\fancyrd.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
    2012-07-02 22:52 1409 ----a-r- e:\vicky\Installed\Mindjet MindManager\sys\MmInternetExplorerActiveSetup.vbs
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
    - c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 14:32]
    .
    2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
    - c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 14:32]
    .
    2012-09-19 c:\windows\Tasks\RegClean Pro_DEFAULT.job
    - c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-01 07:56]
    .
    2012-09-19 c:\windows\Tasks\RegClean Pro_UPDATES.job
    - c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-01 07:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.in/
    mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
    IE:
    IE: Add to Link Commander collection
    IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    IE: Send Image To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/201
    IE: Send Link To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/203
    IE: Send Page To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/204
    IE: Send Text To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/202
    TCP: Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 59.185.0.23,59.185.0.50
    FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.gigabase.ru/search?clid=1&q=
    FF - prefs.js: browser.search.selectedEngine - Custom search
    FF - prefs.js: browser.startup.homepage - hxxp://apype.com
    FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    BHO-{0E7B5242-346E-652E-0A16-3BF61F895702} - (no file)
    HKU-Default-Run-Reasonable NoClone - (no file)
    MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
    MSConfigStartUp-campaper - c:\program files\campaper\campaper.exe
    MSConfigStartUp-RockMelt Update - c:\users\Vicky\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
    MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
    MSConfigStartUp-TAForOE Loader - c:\program files\TextAloud\TAForOELoader.exe
    MSConfigStartUp-Video Library - c:\users\Vicky\AppData\Local\Temp\Rpcqt.dll
    MSConfigStartUp-YuoTubeDownloader_Helper - c:\program files\YuoTubeDownloader\YuoTubeDownloader_Helper.exe
    AddRemove-Key Reminder Commander 4.00 - c:\users\Vicky\Desktop\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c,
    3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98
    "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"=hex:51,66,7a,6c,4c,1d,38,12,f1,24,4e,
    ea,29,46,6a,01,e6,5b,85,f6,0f,f0,fe,79
    "{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,
    0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
    76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,
    98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{C08DF07A-3E49-4E25-9AB0-D3882835F153}"=hex:51,66,7a,6c,4c,1d,38,12,14,f3,9e,
    c4,7b,70,4b,0b,e5,a6,90,c8,2d,6b,b5,47
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}"=hex:51,66,7a,6c,4c,1d,38,12,95,22,87,
    ed,ef,26,9e,05,cb,ba,f4,42,79,f0,6b,0e
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:cc,40,94,66,28,f9,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,9e,eb,b9,6a,e6,93,4d,9a,1e,5c,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,9e,eb,b9,6a,e6,93,4d,9a,1e,5c,\
    .
    [HKEY_USERS\.Default\Software\SetId\Internal]
    @Denied: (A 2) (LocalSystem)
    "DEVICE2"="vrfIyq7KygA="
    "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
    .
    [HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8B9462F1-CA22-C48C-8A89-885E3BB03B97}*]
    "bbbhmnpdoafdfgaaoflnafbkcbfofhnpegfk"=hex:69,61,66,6d,6f,6a,69,6b,65,6a,6f,6e,
    6c,6a,66,6a,6c,70,00,00
    "ablhknooeaogpfiemgonfiaghlejoigfed"=hex:6a,61,69,6d,64,6a,6e,6f,6f,67,63,64,
    69,62,6e,6b,69,62,6c,6a,00,00
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\conhost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-20 11:04:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-20 05:34
    .
    Pre-Run: 9,461,977,088 bytes free
    Post-Run: 9,934,626,816 bytes free
    .
    - - End Of File - - 90C0275EEF1C15816758A3E7F2045FA8
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Kaspersky Virus Removal Tool

    The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

    Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

    • Double-click the Setup file to install it on your computer.
    • Once it has installed, review and accept the agreement and press the Start button.
    • You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
      [​IMG]
    • On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
      [​IMG]
    • On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
      [​IMG]
    • Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
    • Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
      [​IMG]
    • Then, choose Save. Also, in the Automatic Report tab, select Save:
      [​IMG]
    • Please post the reports in your next reply.
    • Once you exit, the tool should uninstall automatically.
  8. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    Thanks for elaborately explaining all the steps and sorry for not replying sooner but I had no network. Now when I booted in safe mode, I am getting network. I will tell you in my next reply if I am getting network in normal mode as well and will also post the results of the scan.
    Edit:I am getting network now in normal boot as well.
  9. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    The log is damn too long and it will take over a day for me to post all of it here so I am going to upload it somewhere and post the link to it here
  10. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    For your privacy, I deleted those posts. Sorry that was so long and you spent all that time.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  12. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    Thanks a lot for deleting all those posts. I tried to search for a sub-forum where I could request for their deletion but I couldn't find it so I thought I would ask you that after my pc was declared clean. Well about the computer now. In my opinion I am an end used who is pretty well aware of his system. I don't think there are any of the issues you mentioned in my computer. I believe ComboFix behaved very slow in normal mode because of my AV. Even if I totally switch it off, it keeps an eye on suspicious programs and monitors their activity. So that might be the reason for that. I had no network yesterday because of my mistake. I changed my DNS to Comodo's DNS instead of my ISP's so that I would be better protected in the future and also hoped that changing it to Comodo's servers will not load the apype and starwebsearch sites but they still do. And I had not changed the firewall stealth setting of Bitdefender. That caused me to have no network when firewall was on or Bitdefender was running.
    Since the infection, there have never been any kind of error messages. My computer was slowing down a little but after PC Tools scanned and deleted many infections and viruses, it was okay. There aren't any fake AV alerts in system tray or in middle of the desktop. Svchost.exe are all running under 60000K. My system idle process is over 80% for most of the time so any other application is not using that much CPU power either. There are no system crashes or bluescreen crashes. Just my browser crashed a couple of times when the wrong suggestions malware was active and took me to some heavy and dangerous websites. So now the only thing bothering is the homepage of mozilla firefox. I have a browser based on firefox called Comodo Icedragon. That one was never affected. IE asked me whether I wanted to install some toolbar and change my homepage which I denied but the homepage was changed though. I changed it back to google and it stayed like that.
    I am ready to delete my AV Bitdefender Internet Security 2011 for now if needed as I will be upgrading it to 2013 soon. I will also be doing a fresh install of Firefox but I need the bookmarks backup to be safe so I want it to be free of malicious sites.
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It's common for web browsers to be infected, because of having extensions or add-ons. From time to time, it can deal with a hidden addon, which without your knowledge could be installed.

    Please run AdwCleaner again as above, and post a log. Then, do the following, please:

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  14. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    I have never downloaded or run OTL. Here are the logs. Just so you know I also have another user on this pc. Its only used for surfing the web and the firefox of that user is also affected but I am sure the virus came from this user.

    # AdwCleaner v2.002 - Logfile created 09/21/2012 at 20:48:00
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : Vicky - VICKY-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Vicky\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Users\House\AppData\Roaming\Mozilla\Firefox\Profiles\asu9wrvh.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3337 octets] - [19/09/2012 03:40:30]
    AdwCleaner[S1].txt - [3955 octets] - [19/09/2012 22:58:49]
    AdwCleaner[S2].txt - [1105 octets] - [21/09/2012 20:48:00]

    ########## EOF - C:\AdwCleaner[S2].txt - [1165 octets] ##########
  15. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    OTL Extras logfile created on: 21-Sep-12 8:55:19 PM - Run 1
    OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Vicky\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.15% Memory free
    5.99 Gb Paging File | 4.95 Gb Available in Paging File | 82.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 53.62 Gb Total Space | 9.64 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
    Drive D: | 89.63 Gb Total Space | 24.24 Gb Free Space | 27.04% Space Free | Partition Type: NTFS
    Drive E: | 58.64 Gb Total Space | 11.67 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
    Drive F: | 30.89 Gb Total Space | 9.54 Gb Free Space | 30.90% Space Free | Partition Type: NTFS

    Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{61B52D72-8E52-42A2-B7FD-C53C954703AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{9BD758B2-C2CD-49F6-AB94-5FD949D96796}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
    "{A5D84481-0141-4853-9400-6F9EB455F231}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
    "{D5E80788-E7D0-41F8-9365-8B884650232B}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0EF203C5-5AA6-4761-9A04-4466BDD503D5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{1E52F0A4-E2E7-4ECE-BB97-993C1E7BA046}" = protocol=6 | dir=in | app=c:\program files\riptiger\videodownloadapp_rtmp.exe |
    "{2042D5B9-4FB2-4D92-8E0A-9B8F0E3F79E1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
    "{233FDADD-CAB8-4DC9-90E2-F6DE7E2BF7B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{2DAED8E1-343F-4DFB-B399-75D7581F0B68}" = protocol=6 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{2E7A0B8B-FF24-46AC-817F-D8B8AF643FB2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{349DA1D4-D62C-4791-83D2-E90F60FCC3C8}" = protocol=6 | dir=in | app=d:\z\dungeon siege\steam\steam.exe |
    "{350B8D1D-8C34-4509-A106-467FEB0E810C}" = protocol=17 | dir=in | app=c:\program files\riptiger\httpdownloaderapp.exe |
    "{36AB8EB1-4D2F-496A-B7E9-C043F5D45703}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{457E4078-2C6C-4C1F-811F-5A9676C2BBF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{498B01CC-BC9C-4A61-8084-BA479D1AB846}" = protocol=17 | dir=in | app=c:\program files\riptiger\videodownloadapp_rtmp.exe |
    "{4F125923-B48C-4538-A1DF-F750F2B5BFC1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{4F4FBC18-CAE9-4A92-B538-C1BA1DB2DD8C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{60669B6C-BDD0-4201-A0CB-859740E1254F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{68C90766-0D51-4B2C-90F8-C1BC9E3A92B1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{6E0E34EA-8889-4395-AF26-BF9A06216624}" = dir=in | app=c:\program files\rapidsolution\audials 9\audials.exe |
    "{7699BD83-27EF-429D-A07F-9CA76F363901}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{7881AA5D-1282-4D6D-9194-3D39CDD6BB93}" = protocol=6 | dir=in | app=c:\program files\gammadyne mailer\gm.exe |
    "{7B471D1F-355C-40B3-848E-A06942604D86}" = protocol=6 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{7EBFDF4A-2F98-4032-8042-99E110FBC5C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
    "{8D275BB0-B095-45E7-9A84-373A76751A25}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
    "{907BA857-F8A0-4F7D-AEE0-7B566F5F5A02}" = protocol=17 | dir=in | app=c:\program files\riptiger\rtmpdownloaderapp.exe |
    "{90C3F623-2A7B-4C87-9E56-C7A7E0037E87}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{9C404D37-21C1-4239-A295-851D4E1F8426}" = protocol=6 | dir=in | app=c:\program files\riptiger\riptiger.exe |
    "{A402F9CF-B93F-458A-BA23-8A1731611E85}" = protocol=17 | dir=in | app=d:\z\dungeon siege\steam\steam.exe |
    "{B1678D15-4DFE-4A92-8D22-6D816EC39BB5}" = protocol=6 | dir=in | app=c:\program files\riptiger\mmsdownloaderapp.exe |
    "{B8322321-DD0C-46A9-8A9A-D60724FC9256}" = protocol=6 | dir=in | app=c:\program files\riptiger\rtmpdownloaderapp.exe |
    "{BC7E5BFE-B570-4065-907B-B197212EBAD6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
    "{C341EA0D-B925-471E-8791-7A9363A70C7D}" = protocol=17 | dir=in | app=c:\program files\riptiger\mmsdownloaderapp.exe |
    "{C41CEB8C-8384-4807-8AC5-11CA1550C1E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{C683DF75-30CA-4B8C-BBC4-DC2F7AE15C03}" = protocol=17 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{C99185F0-D955-4F83-9D38-764E157911DA}" = protocol=17 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{CAF1A2AD-C373-4AC0-AE32-B81486D1AEF0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{CD18B59A-4BCC-4FB1-8B29-134D7563F30A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{CEEF45C9-D180-4FE0-A603-5FEF62089EE0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{E72880EE-ADDA-4251-896A-F463D9B9C37C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{EA302F70-4F30-4657-B723-30E031F31D85}" = protocol=17 | dir=in | app=c:\program files\gammadyne mailer\gm.exe |
    "{EC5DB20D-7423-4FF9-8CDA-D2E0332E6F89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{F8549789-4F12-4500-9A92-7253EB18833B}" = protocol=6 | dir=in | app=c:\program files\riptiger\httpdownloaderapp.exe |
    "{FD2A5A2C-695F-462F-85ED-70C6974F0127}" = protocol=17 | dir=in | app=c:\program files\riptiger\riptiger.exe |
    "TCP Query User{28F8F8E4-FE5E-4896-9C0B-3F9AF9DC598C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{3548E34D-4B09-4394-85BE-9BD1A56DB8DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{18562567-BC92-9861-00B8-90B8F5545EA8}" = LangoMax Adult Advantage
    "{1959CCD2-1227-4de4-97E7-04F29D526762}_is1" = AnyMedia Player 3.3.3
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
    "{1A834332-A9EE-440C-9505-2D07F445F05A}" = MOBILedit! Support Libraries
    "{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo ( Version 1.1.0 )
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1" = DreamScene Seven version 1.4
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
    "{2E195120-A063-43D4-90AA-F1B9952EEF61}" = Usmania Calculator
    "{2EE6D53B-957E-48d1-801B-0B7DE81BACED}_is1" = RipTiger Extras 3.3.3
    "{2FCFFE64-B076-4C21-874E-1C8ADEE8B378}_is1" = PearlMountain Image Converter 1.2.8
    "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
    "{3408E5D6-4925-4496-AB67-AB8643C3685C}_is1" = Mouse and Keyboard Recorder 3.2.0.8
    "{39163F04-0B69-402F-9E70-A9CDA1488E8A}" = Acme Id Card Maker 5.0
    "{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
    "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{3DCF00F5-04A5-4543-A088-70548081120E}_is1" = Compiled Driver Disc (Full) 1.0
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{44B185C4-2566-4F38-A4F1-092FCDBB51A5}" = CalcTape
    "{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1" = MOBILedit! ver. 6.1.0.1634
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{550B72C4-F404-4812-971F-947E835A877E}" = Gtk# for .Net 2.12.10
    "{5a34ce77-6efc-432d-b846-65c270c18c72}_is1" = Line Reader 2.7
    "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62686E52-2094-11D9-BAFA-444553540001}" = Archiva 7
    "{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}" = TTS
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
    "{6DEB44D1-7A66-4E60-9010-E6E7B116B8C9}" = HDDlife Rus 4.0
    "{6EA51254-AAA9-47AC-BF0D-3D0F0DA81316}" = BlackBerry Smartphone Simulators 4.5.0.173 (8830)
    "{6ED9555A-A4DE-463D-A76C-8371E80C8913}" = Audials
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
    "{7D466431-D6EE-4732-BF02-74BD0817E881}_is1" = PearlMountain Image Resizer Pro 1.4.0
    "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C64C35E-093A-43B9-B7E5-9966581FC143}" = iSCC
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90D583BE-D60B-4BDB-A696-711723815D1A}_is1" = Excel Password Unlocker 4.0.2.3
    "{912853A4-C655-4BEF-88EE-3FD9EDC50EAB}_is1" = Photo Calendar Maker 2.35
    "{928501C9-CB3B-416C-99D7-9B6B89751FAD}" = Angry Birds Seasons
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC
    "{94B97E1E-9B67-4012-A126-6319E211A298}_is1" = Primo Ramdisk Ultimate Edition 5.6.0
    "{952B2529-EB26-4998-BBB1-826234DA8942}" = AKVIS Decorator
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D393A06-B96D-473A-0001-5A4713FCA3A6}" = android converter
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9FDD51C9-F7AA-40AF-A4FF-0500E45E4A06}" = AKVIS Magnifier
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A669A70D-2E2C-37D5-A025-E1CB61F2CC96}" = Microsoft .NET Framework 4.5 RC
    "{A8405D99-9D76-4456-8752-87DA930CC3A3}" = Comic Life 2
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AEB8F226-C238-4636-A289-E540B725B5BB}_is1" = AnyReader
    "{AF57D22B-B5AF-46CD-BC3F-62FE8CF566B5}" = Jyotish Tools
    "{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1" = RipTiger 3.3.3
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B559F2B9-E0BE-484C-A0E1-59C79B8C9325}" = Microsoft WorldWide Telescope
    "{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
    "{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Internet Security 2011
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1" = Phone Drivers Downloader 1.1
    "{C1611681-E8F9-4C89-A6A4-36DD0DA6E089}_is1" = DepositFiles FileManager 0.9.9.206
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D4898BA0-7ACA-11DE-8A39-0800200C9A66}_is1" = mirabyte Feed Writer 2.7.2
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{E0F87496-6367-4226-B379-1EA873CFF11C}" = FileLocator Pro
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F17C58F5-2646-4743-A779-A24976F46571}" = Mindjet MindManager 2012
    "{F18ADBD4-320F-4A67-9709-0FE9412BB0FA}_is1" = Office 2010 Trial Extender
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
    "{FA15594C-88DB-406D-B856-37A9A7F763D8}" = Microsoft WorldWide Telescope
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FD0F8123-9035-44B0-B331-2596979E74ED}_is1" = Book Collector
    "{FED8A2C2-A0FB-4473-80E0-1F1CA0C4C87C}" = Lee's Bingo V.6.0.3
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "1190-3857-8766-9166" = PersonalBrain 5
    "5513-1208-7298-9440" = JDownloader 0.9
  16. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    "7 Sins" = 7 Sins
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "AdultAdvantage" = LangoMax Adult Advantage
    "Advanced Emailer_is1" = Advanced Emailer
    "Advanced Office Repair v1.6" = Advanced Office Repair v1.6
    "Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 4.2.1.0)
    "Any DVD Converter for Android_is1" = Any DVD Converter for Android 4.3.5
    "Aostsoft All Document Converter Professional_is1" = Aostsoft All Document Converter Professional 3.8.2
    "Ashampoo HDD Control 2_is1" = Ashampoo HDD Control 2 v.2.1.0
    "Audiobook Downloader Pro" = Audiobook Downloader Pro 1.3
    "AutoClick_is1" = AutoClick
    "AV Voice Changer Software 3.0" = AV Voice Changer Software 3.0
    "Basic Bookkeeping_is1" = Basic Bookkeeping 7.1.1
    "Beauty Guide_is1" = Beauty Guide 1.5
    "BitDefender" = BitDefender Internet Security 2011
    "BitTorrent Ultra Accelerator" = BitTorrent Ultra Accelerator
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "Chameleon Folder 2" = Chameleon Folder Lite 2.0.10.392
    "Comodo IceDragon" = Comodo IceDragon
    "CrystalDiskInfo_is1" = CrystalDiskInfo 4.6.2
    "DAEMON Tools Pro" = DAEMON Tools Pro
    "DeblurMyImagePlugIn" = DeblurMyImagePlugIn
    "Deluge" = Deluge 1.3.5
    "Digital Physiognomy" = Digital Physiognomy (remove only)
    "DirectFoldersAppID_is1" = Direct Folders
    "Disk Space Fan 4_is1" = Disk Space Fan 4 4.4.1.113
    "DiskCheckup_is1" = DiskCheckup v3.1
    "DjVuLibre+DjView" = DjVuLibre+DjView
    "DreamCalcDC4P_is1" = DreamCalc DCP4.8.0 Professional Calculator
    "Driver Checker_is1" = Driver Checker v2.7.5
    "DSMT6" = MathType 6
    "DVD-Cloner 8_is1" = DVD-Cloner V8.10 Build 1005
    "eMail Extractor_is1" = eMail Extractor 3.6.0
    "EPSON Stylus T11 Series" = EPSON Stylus T11 Series Printer Uninstall
    "ExpressAccounts" = Express Accounts
    "ExtractNow_is1" = ExtractNow
    "File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
    "FileHippo.com" = FileHippo.com Update Checker
    "Free Video Dub_is1" = Free Video Dub version 2.0.6.403
    "FreeArc" = FreeArc 0.666
    "FreePortScanner_is1" = FreePortScanner 2.9
    "FriendBlasterPro_is1" = FriendBlasterPro
    "FrostWire 5" = FrostWire 5.3.9
    "GamePlayLabs Plugin" = GamePlayLabs Plugin
    "Gammadyne Mailer" = Gammadyne Mailer
    "GE_3_0_is1" = Geometry Expressions v3.0
    "GOM Player" = GOM Player
    "GTK2-Runtime" = GTK2-Runtime
    "Halotea" = Halotea v1.302
    "Hard Drive Inspector" = Hard Drive Inspector
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "ICL-Icon Extractor" = ICL-Icon Extractor
    "ImgBurn" = ImgBurn
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "iNTERNET Turbo" = iNTERNET Turbo
    "Kepard1.0.7.0" = Kepard
    "KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Standard)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Media Center 17" = Media Center 17
    "MediaMonkey_is1" = MediaMonkey 4.0
    "MiniLyrics" = MiniLyrics
    "MiPony" = MiPony 2.0.0
    "Movienizer_is1" = Movienizer 5.2
    "MozBackup" = MozBackup 1.5.1
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "Mozilla Thunderbird 13.0 (x86 en-US)" = Mozilla Thunderbird 13.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "MPE" = MyPhoneExplorer
    "MS Word Recover File Password Software_is1" = MS Word Recover File Password Software
    "NetSetMan_is1" = NetSetMan 3.4.2
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office Password Recovery Toolbox_is1" = Office Password Recovery Toolbox 3.5
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OmniFormat" = OmniFormat
    "OpenAL" = OpenAL
    "Password Recovery Bundle 2012_is1" = Password Recovery Bundle 2012
    "PDF Converter Pro 11.01" = PDF Converter Pro 11.01
    "PDF Image Extraction Wizard_is1" = PDF Image Extraction Wizard 6.01
    "Pdf995" = Pdf995
    "PDF-XChange 3_is1" = PDF-XChange 3
    "Photo Stamp Remover_is1" = Photo Stamp Remover 5.0
    "ProcessLasso" = Process Lasso
    "Protected Music Converter_is1" = Protected Music Converter version 1.9.7.4
    "QUICKfind" = QUICKfind server v1.1
    "RapidTyping" = RapidTyping
    "RAR Password Recovery v2.0_is1" = RAR Password Recovery v2.0
    "RAR Repair Tool_is1" = RAR Repair Tool v.4.0
    "RealPlayer 15.0" = RealPlayer
    "RegClean Pro_is1" = RegClean Pro
    "Reminder Commander_is1" = Reminder Commander 4
    "Repair My Excel_is1" = Repair My Excel
    "RocketDock_is1" = RocketDock 1.3.5
    "save2pc Ultimate_is1" = save2pc Ultimate 5.11
    "SEP4_is1" = SizeExplorer Pro 4.11
    "Sketchpad" = Sketchpad
    "SpotOnTheMouse_is1" = SpotOnTheMouse 2.5.1
    "STDU Extractor_is1" = STDU Extractor version 1.0.137.0
    "Stellar Phoenix Excel Recovery_is1" = Stellar Phoenix Excel Recovery
    "Stellar Phoenix PowerPoint Recovery_is1" = Stellar Phoenix PowerPoint Recovery
    "Stellar Phoenix Zip Recovery v2.0_is1" = Stellar Phoenix Zip Recovery v2.0
    "Street Fighter X Tekken_is1" = Street Fighter X Tekken
    "SWF-AVI-GIF Converter_is1" = SWF-AVI-GIF Converter 2.3
    "SwordSearcher_5_InnoSetup_is1" = SwordSearcher 6.2.2.3
    "TeamViewer 7" = TeamViewer 7
    "TeraCopy_is1" = TeraCopy 2.12
    "The Complete Genealogy Builder_is1" = The Complete Genealogy Builder
    "The Complete Genealogy Reporter_is1" = The Complete Genealogy Reporter
    "Throttle_is1" = Throttle
    "ThunderSoft Flash to Video Converter_is1" = ThunderSoft Flash to Video Converter (1.4.0.1)
    "Total Doc Converter_is1" = TotalDocConverter
    "Total Image Converter_is1" = TotalImageConverter
    "UltraISO_is1" = UltraISO Premium V9.36
    "Universal Document Converter_is1" = Universal Document Converter Server Edition
    "uTorrent" = µTorrent
    "uTorrent SpeedUp Pro" = uTorrent SpeedUp Pro
    "uTorrent Turbo Booster" = uTorrent Turbo Booster
    "VLC media player" = VLC media player 2.0.3
    "whois_is1" = whois 2.7.6
    "WinMend File Copy_is1" = WinMend File Copy 1.3.7.2
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR 4.20 (32-bit)
    "Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.42
    "Writer's Café_is1" = Writer's Café 2.32
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "YouWave" = YouWave for Android
    "ZIP Password Recovery v2.0_is1" = ZIP Password Recovery v2.0
    "Zip Repair Pro_is1" = Zip Repair Pro

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BeyondCompare3_is1" = Beyond Compare Version 3.3.5
    "Email Sender Deluxe" = Email Sender Deluxe
    "Mouse Button Control" = Mouse Button Control
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 20-Sep-12 1:17:19 AM | Computer Name = Vicky-PC | Source = VSS | ID = 18
    Description =

    Error - 20-Sep-12 1:17:19 AM | Computer Name = Vicky-PC | Source = VSS | ID = 8193
    Description =

    Error - 20-Sep-12 3:26:44 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
    9\tbhsd\tools64\cleanup.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20-Sep-12 3:27:26 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
    9\tbhsd\tools64\uninstall.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20-Sep-12 3:27:37 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
    9\tbhsd\tools64\install.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20-Sep-12 3:31:25 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20-Sep-12 7:26:35 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
    9\tbhsd\tools64\cleanup.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20-Sep-12 7:27:02 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
    9\tbhsd\tools64\uninstall.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20-Sep-12 7:27:09 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
    9\tbhsd\tools64\install.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 20-Sep-12 7:29:36 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
    Dependent
    Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 21-Sep-12 1:50:11 AM | Computer Name = Vicky-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 15.0.1.4631 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 7b0 Start
    Time: 01cd97bb895f8945 Termination Time: 112 Application Path: C:\Program Files\Mozilla
    Firefox\firefox.exe Report Id: 2ab42217-03b0-11e2-962c-002197130e22

    [ System Events ]
    Error - 14-May-12 5:30:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Event Log service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 14-May-12 5:30:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7031
    Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 100 milliseconds:
    Restart the service.

    Error - 14-May-12 5:30:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7031
    Description = The Security Center service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
    Restart the service.

    Error - 14-May-12 5:31:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Audio service, but
    this action failed with the following error: %%1056

    Error - 15-May-12 5:49:33 AM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
    Description = The WebcamMax, WDM Video Capture service failed to start due to the
    following error: %%1058

    Error - 15-May-12 6:09:17 AM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
    Description = The WebcamMax, WDM Video Capture service failed to start due to the
    following error: %%1058

    Error - 15-May-12 5:30:43 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
    Description = The WebcamMax, WDM Video Capture service failed to start due to the
    following error: %%1058

    Error - 18-May-12 3:03:28 AM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
    Description = The WebcamMax, WDM Video Capture service failed to start due to the
    following error: %%1058

    Error - 18-May-12 5:12:16 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
    Description = The WebcamMax, WDM Video Capture service failed to start due to the
    following error: %%1058

    Error - 20-May-12 9:07:07 AM | Computer Name = Vicky-PC | Source = Ntfs | ID = 262281
    Description = The default transaction resource manager on volume J: encountered
    a non-retryable error and could not start. The data contains the error code.


    < End of report >
  17. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    OTL logfile created on: 21-Sep-12 8:55:19 PM - Run 1
    OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Vicky\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.15% Memory free
    5.99 Gb Paging File | 4.95 Gb Available in Paging File | 82.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 53.62 Gb Total Space | 9.64 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
    Drive D: | 89.63 Gb Total Space | 24.24 Gb Free Space | 27.04% Space Free | Partition Type: NTFS
    Drive E: | 58.64 Gb Total Space | 11.67 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
    Drive F: | 30.89 Gb Total Space | 9.54 Gb Free Space | 30.90% Space Free | Partition Type: NTFS

    Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-09-21 20:45:55 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.com
    PRC - [2012-09-17 22:41:17 | 000,458,752 | ---- | M] (ElectraSoft) -- C:\Program Files\ElectraSoft\mbc\MBC.EXE
    PRC - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
    PRC - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012-08-22 20:24:50 | 000,369,544 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
    PRC - [2012-08-22 20:24:48 | 000,677,256 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
    PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
    PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012-05-15 14:57:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
    PRC - [2012-03-09 16:58:08 | 002,906,112 | ---- | M] (NeoSoft Tools) -- C:\Program Files\Chameleon Folder 2\chfolder.exe
    PRC - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe
    PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    PRC - [2011-12-26 21:06:50 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
    PRC - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
    PRC - [2011-12-26 21:03:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
    PRC - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
    PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010-03-16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-03-09 13:15:40 | 000,894,464 | ---- | M] () -- C:\Program Files\Chameleon Folder 2\cf.dll
    MOD - [2011-12-26 21:05:09 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
    MOD - [2011-12-26 21:03:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
    MOD - [2011-12-26 21:02:38 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
    MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2011-11-11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011-11-11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011-11-11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011-11-11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011-11-11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
    MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


    ========== Services (SafeList) ==========

    SRV - [2012-09-17 21:32:18 | 000,394,920 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)
    SRV - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
    SRV - [2012-09-08 12:38:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
    SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012-06-27 17:21:31 | 003,081,220 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
    SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012-04-23 16:16:08 | 000,484,304 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -- (HDDSvc)
    SRV - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
    SRV - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
    SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
    SRV - [2012-01-23 22:21:20 | 000,249,856 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\GSService.exe -- (GSService)
    SRV - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
    SRV - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
    SRV - [2010-11-30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV - [2010-07-23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe -- (DfSdkS)
    SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vicky\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (actv8src)
    DRV - [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV - [2012-06-24 14:38:10 | 000,158,144 | ---- | M] (Romex Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fancyrd.sys -- (FancyRd)
    DRV - [2012-05-24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
    DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
    DRV - [2012-05-15 15:56:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012-04-29 13:48:14 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2012-04-29 13:46:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2012-04-18 22:38:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2012-02-02 21:08:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2012-01-18 12:14:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011-12-26 21:03:38 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
    DRV - [2011-12-26 21:02:05 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
    DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
    DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2011-11-07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
    DRV - [2011-07-15 23:43:12 | 000,135,680 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
    DRV - [2011-06-23 12:13:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
    DRV - [2011-05-06 23:29:32 | 000,024,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC)
    DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2010-11-29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
    DRV - [2010-11-29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
    DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010-08-20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV - [2010-08-20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
    DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2010-05-13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
    DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
    IE - HKLM\..\URLSearchHook: {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC ED 73 4E 17 BB CC 01 [binary data]
    IE - HKCU\..\URLSearchHook: {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.gigabase.ru/search?q={searchTerms}&clid=1
    IE - HKCU\..\SearchScopes\{289bd87f-a29f-41a5-88da-19d7a6531bf6}: "URL" = http://apype.com/results.php?q={searchTerms}
    IE - HKCU\..\SearchScopes\{48444E1A-FD18-45C6-92C1-3A8819B65AE0}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Custom search"
    FF - prefs.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
    FF - prefs.js..browser.search.selectedEngine: "Custom search"
    FF - prefs.js..browser.startup.homepage: "http://apype.com"
    FF - prefs.js..extensions.enabledAddons: optimizegoogle@optimizegoogle.com:0.79.1
    FF - prefs.js..extensions.enabledAddons: trafficlight@bitdefender.com:0.1.28
    FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
    FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
    FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
    FF - prefs.js..extensions.enabledAddons: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.7.2
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
    FF - prefs.js..extensions.enabledAddons: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.44
    FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
    FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Vicky\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-13 17:48:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-08 12:38:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-09-08 12:38:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012-06-14 01:11:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]

    [2011-12-24 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
    [2012-09-21 13:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions
    [2012-04-25 19:19:57 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2012-09-16 21:10:41 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    [2012-08-24 18:48:32 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\customization@adblockplus.org.xpi
    [2012-09-13 11:42:12 | 000,067,038 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbp@fbpurity.com.xpi
    [2012-09-13 11:42:09 | 000,162,292 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbsidebardisabler@vittgam.net.xpi
    [2011-11-12 20:29:12 | 000,236,088 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\optimizegoogle@optimizegoogle.com.xpi
    [2012-08-24 18:48:38 | 000,097,710 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\tabutils@ithinc.cn.xpi
    [2012-02-10 18:52:01 | 000,792,865 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\trafficlight@bitdefender.com.xpi
    [2012-07-11 11:44:22 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\youtubeunblocker@unblocker.yt.xpi
    [2012-09-18 12:31:27 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    [2011-08-12 07:58:54 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2011-07-26 05:40:30 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
    [2012-09-11 12:23:53 | 000,021,014 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
    [2012-07-27 07:18:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2011-10-30 01:44:28 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012-07-21 22:46:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2012-09-16 22:47:17 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
    [2012-09-13 16:03:12 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2012-09-08 12:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012-09-08 12:38:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012-09-08 12:38:54 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
    [2012-06-08 00:37:26 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
    [2012-09-08 12:38:57 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009-07-31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
    [2012-07-13 17:47:55 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2012-08-29 00:22:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012-09-18 18:07:04 | 000,002,261 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Custom search.xml
    [2012-07-12 14:14:41 | 000,005,137 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ergative.xml
    [2012-08-29 00:22:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2010-12-09 02:51:24 | 000,002,224 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml

    O1 HOSTS File: ([2012-09-20 10:59:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (YuoTubeDownloader) - {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
    O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (YuoTubeDownloader) - {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Chameleon Folder] C:\Program Files\Chameleon Folder 2\chfolder.exe (NeoSoft Tools)
    O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
    O4 - Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk = C:\Program Files\ElectraSoft\mbc\MBC.EXE (ElectraSoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Link Commander collection - Reg Error: Value error. File not found
    O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send Image To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Send Link To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Send Page To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Send Text To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk - C:\Program Files\BitTorrent Ultra Accelerator\BitTorrent Ultra Accelerator.exe - (TrafficSpeeders)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk - - File not found
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk - C:\Program Files\Wondershare\MobileGo\MobileGoService.exe - (Wondershare)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk - - File not found
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkinPackMenu.lnk - - File not found
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk - - File not found
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk - - File not found
    MsConfig - StartUpFolder: C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Direct Folders.lnk - C:\Program Files\Direct Folders\df.exe - (Code Sector)
    MsConfig - StartUpFolder: C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
    MsConfig - StartUpFolder: C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk - C:\Program Files\PersonalBrain\PersonalBrain.exe - ()
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
    MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    MsConfig - StartUpReg: iTurbo - hkey= - key= - C:\Program Files\iNTERNET Turbo\ITTray.exe (Clasys Ltd.)
    MsConfig - StartUpReg: LearnWords Launcher - hkey= - key= - C:\Program Files\LearnWords\LearnWords.exe (LearnWords Software)
    MsConfig - StartUpReg: MMReminderService - hkey= - key= - E:\Vicky\Installed\Mindjet MindManager\MmReminderService.exe (Mindjet)
    MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - File not found
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    MsConfig - State: "startup" - 2
    MsConfig - State: "bootini" - 2
  18. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - E:\Vicky\Installed\Mindjet MindManager\sys\MmInternetExplorerActiveSetup.vbs
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A669A70D-2E2C-37D5-A025-E1CB61F2CC96} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.pspgru - C:\Windows\System32\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.iscc - C:\Windows\System32\iscc.dll (innoheim)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012-09-21 20:45:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.com
    [2012-09-21 00:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012-09-20 11:04:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012-09-20 10:59:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012-09-20 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\temp
    [2012-09-19 23:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-09-19 23:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-09-19 23:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-09-19 23:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-09-19 23:38:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012-09-18 22:21:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\PC Tools
    [2012-09-18 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Threat Expert
    [2012-09-18 13:21:02 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0947.old
    [2012-09-18 13:21:02 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0947.old
    [2012-09-18 13:20:00 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
    [2012-09-18 13:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012-09-18 12:45:46 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2012-09-18 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012-09-18 12:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012-09-18 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TestApp
    [2012-09-18 11:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mindjet
    [2012-09-17 23:28:50 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
    [2012-09-17 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
    [2012-09-17 23:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
    [2012-09-17 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Calibre Library
    [2012-09-17 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\calibre
    [2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
    [2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    [2012-09-17 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
    [2012-09-17 23:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
    [2012-09-17 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Usmania_Code
    [2012-09-17 23:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Usmania Code
    [2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Usmania Code
    [2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Usmania Code
    [2012-09-17 23:13:02 | 000,000,000 | R--D | C] -- C:\AHCache
    [2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Throttle
    [2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Throttle
    [2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
    [2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfAnonymousFree
    [2012-09-17 22:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CalcTape
    [2012-09-17 22:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\CalcTape
    [2012-09-17 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\SMP Data
    [2012-09-17 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare
    [2012-09-17 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
    [2012-09-17 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare Data
    [2012-09-17 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Deskshare
    [2012-09-17 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Spoon
    [2012-09-17 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Deskshare
    [2012-09-17 22:49:07 | 001,791,920 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v13.1.0.ocx
    [2012-09-17 22:49:07 | 001,226,672 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v13.1.0.ocx
    [2012-09-17 22:49:07 | 000,538,544 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
    [2012-09-17 22:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reminder Commander
    [2012-09-17 22:49:06 | 002,320,304 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.1.0.ocx
    [2012-09-17 22:49:06 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
    [2012-09-17 22:49:06 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
    [2012-09-17 22:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reminder Commander
    [2012-09-17 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Primo Ramdisk Ultimate Edition
    [2012-09-17 22:47:53 | 000,158,144 | ---- | C] (Romex Software) -- C:\Windows\System32\drivers\fancyrd.sys
    [2012-09-17 22:47:53 | 000,019,392 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\rxbsknl.sys
    [2012-09-17 22:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Primo Ramdisk Ultimate Edition
    [2012-09-17 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Stamp Remover
    [2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
    [2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
    [2012-09-17 22:40:59 | 000,000,000 | ---D | C] -- C:\mbc
    [2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\RobotSoft
    [2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\RobotSoft
    [2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse and Keyboard Recorder
    [2012-09-17 22:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mirabyte Feed Writer
    [2012-09-17 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\mirabyte
    [2012-09-17 22:37:05 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
    [2012-09-17 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
    [2012-09-17 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\My Maps
    [2012-09-17 22:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 2012
    [2012-09-17 22:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
    [2012-09-17 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
    [2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Maxprog
    [2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Maxprog
    [2012-09-17 22:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMail Extractor
    [2012-09-17 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\eMail Extractor
    [2012-09-17 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
    [2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineReader
    [2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Iconico
    [2012-09-17 22:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\LineReader
    [2012-09-17 22:30:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\MyPhoneExplorer
    [2012-09-17 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
    [2012-09-17 22:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sketchpad
    [2012-09-17 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp
    [2012-09-17 22:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kepard
    [2012-09-17 22:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kepard
    [2012-09-17 22:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Music Theory 3.0
    [2012-09-17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ChordWizard
    [2012-09-17 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRiver Media Center 17
    [2012-09-17 21:30:00 | 000,381,608 | ---- | C] (JRiver, Inc.) -- C:\Windows\System32\MC17.exe
    [2012-09-17 21:29:59 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AReadyLB.dll
    [2012-09-17 21:29:59 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AudDevicePlugin.dll
    [2012-09-17 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\J River
    [2012-09-17 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\J River
    [2012-09-17 21:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halotea
    [2012-09-17 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirolit
    [2012-09-17 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mirolit
    [2012-09-17 21:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geometry Expressions v3.0
    [2012-09-17 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Geometry Expressions v3.0
    [2012-09-17 21:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gammadyne
    [2012-09-17 21:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System-G
    [2012-09-17 21:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gammadyne Mailer
    [2012-09-17 21:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft
    [2012-09-17 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThunderSoft
    [2012-09-17 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamCalc DC4P
    [2012-09-17 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\DreamCalc DC4P
    [2012-09-17 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
    [2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4
    [2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cookapp
    [2012-09-17 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
    [2012-09-17 21:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders
    [2012-09-17 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
    [2012-09-17 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Anthemion Writer's Café 2.32
    [2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent Ultra Accelerator
    [2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Ultra Accelerator
    [2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Tint Guide
    [2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beauty Guide
    [2012-09-17 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Beauty Guide
    [2012-09-17 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
    [2012-09-17 21:01:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
    [2012-09-17 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
    [2012-09-17 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
    [2012-09-17 20:51:49 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
    [2012-09-17 20:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
    [2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Writer's Cafe Documents
    [2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
    [2012-09-17 20:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anthemion Writer's Café 2.32
    [2012-09-17 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Writer's Cafe 2
    [2012-09-17 20:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Acmework
    [2012-09-15 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\dvdcss
    [2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office 2010 Trial Extender
    [2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Office 2010 Trial Extender
    [2012-09-08 12:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012-09-05 16:40:10 | 000,446,464 | ---- | C] (HotSummerWind Software) -- C:\Windows\System32\YuoTubeDownloader.dll
    [2012-09-05 04:29:25 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Apple Computer
    [2012-09-03 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
    [2012-09-03 13:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
    [2012-09-03 12:21:02 | 003,405,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsrchvw.exe
    [2012-09-03 12:20:59 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    [2012-09-03 12:20:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
    [2012-09-03 12:20:57 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
    [2012-09-03 12:20:56 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
    [2012-09-03 12:20:55 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
    [2012-09-03 12:20:51 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
    [2012-09-03 12:20:50 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
    [2012-09-03 12:20:47 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
    [2012-09-03 12:20:46 | 006,376,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
    [2012-09-03 12:20:45 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
    [2012-09-03 12:20:44 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
    [2012-09-03 12:20:41 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
    [2012-09-03 12:20:40 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
    [2012-09-03 12:20:39 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
    [2012-09-03 12:20:37 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2012-09-03 12:20:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
    [2012-09-03 12:20:34 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
    [2012-09-03 12:20:34 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DisplaySwitch.exe
    [2012-09-03 12:20:33 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\control.exe
    [2012-09-03 12:20:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
    [2012-09-03 12:20:31 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
    [2012-09-03 12:20:30 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
    [2012-09-03 12:20:29 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
    [2012-09-03 12:20:27 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
    [2012-09-03 12:20:24 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
    [2012-09-03 12:20:23 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
    [2012-09-03 12:20:20 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.dll
    [2012-09-03 12:20:14 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
    [2012-09-03 12:20:13 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
    [2012-09-03 12:20:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
    [2012-09-03 12:20:11 | 000,379,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
    [2012-09-03 12:20:10 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
    [2012-09-03 12:20:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
    [2012-09-02 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Rovio
    [2012-09-02 11:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
    [2012-09-01 13:35:38 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012-09-01 13:35:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012-09-01 13:35:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012-09-01 13:35:31 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012-08-30 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ProcessLasso
    [2012-08-30 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
    [2012-08-30 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
    [2012-08-30 13:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
    [2012-08-30 12:35:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Wise Disk Cleaner
    [2012-08-30 12:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Research
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-09-21 20:58:16 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-09-21 20:58:16 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-09-21 20:50:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-09-21 20:50:40 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
    [2012-09-21 20:45:55 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.com
    [2012-09-21 20:45:32 | 000,512,737 | ---- | M] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
    [2012-09-21 20:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
    [2012-09-21 15:01:09 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
    [2012-09-21 10:24:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
    [2012-09-20 10:59:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012-09-19 22:18:18 | 000,215,597 | ---- | M] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
    [2012-09-19 20:26:14 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
    [2012-09-18 22:20:42 | 001,318,816 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2012-09-18 18:07:04 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
    [2012-09-18 01:56:47 | 000,449,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012-09-18 01:56:14 | 000,000,048 | -HS- | M] () -- C:\Windows\rmtf32-k289371-all.dat
    [2012-09-17 23:23:17 | 000,001,211 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
    [2012-09-17 23:21:47 | 000,000,007 | ---- | M] () -- C:\Users\Vicky\AppData\Local\~wmrg
    [2012-09-17 22:42:17 | 000,001,841 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
    [2012-09-17 22:36:42 | 000,002,902 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
    [2012-09-17 22:33:07 | 000,000,049 | -H-- | M] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
    [2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
    [2012-09-17 22:22:16 | 000,001,821 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
    [2012-09-17 21:19:25 | 000,001,775 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
    [2012-09-17 21:07:15 | 000,001,229 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
    [2012-09-14 22:11:24 | 000,663,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012-09-14 22:11:24 | 000,121,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012-09-14 16:45:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
    [2012-09-05 16:40:12 | 000,046,690 | ---- | M] () -- C:\Windows\System32\YuoTubeDownloader.xpi
    [2012-09-05 16:40:10 | 000,446,464 | ---- | M] (HotSummerWind Software) -- C:\Windows\System32\YuoTubeDownloader.dll
    [2012-09-01 13:35:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012-09-01 13:35:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012-09-01 13:35:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012-09-01 13:35:23 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
    [2012-09-01 13:35:23 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012-09-01 13:35:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012-08-30 13:11:20 | 000,002,256 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
    [2012-08-22 23:31:43 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012-08-22 23:31:43 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-09-21 20:45:28 | 000,512,737 | ---- | C] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
    [2012-09-19 23:40:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-09-19 23:40:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-09-19 23:40:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-09-19 23:40:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-09-19 23:40:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-09-19 22:18:16 | 000,215,597 | ---- | C] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
    [2012-09-18 13:21:03 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0947.old
    [2012-09-18 12:45:54 | 001,318,816 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2012-09-18 01:56:14 | 000,000,048 | -HS- | C] () -- C:\Windows\rmtf32-k289371-all.dat
    [2012-09-17 23:29:00 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
    [2012-09-17 23:23:17 | 000,001,211 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
    [2012-09-17 23:20:47 | 000,000,007 | ---- | C] () -- C:\Users\Vicky\AppData\Local\~wmrg
    [2012-09-17 22:44:11 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
    [2012-09-17 22:41:19 | 000,001,841 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
    [2012-09-17 22:36:42 | 000,002,902 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
    [2012-09-17 22:33:07 | 000,000,049 | -H-- | C] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
    [2012-09-17 22:28:11 | 000,001,536 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
    [2012-09-17 22:22:16 | 000,001,821 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
    [2012-09-17 21:29:59 | 000,183,129 | ---- | C] () -- C:\Windows\System32\AM Install1.INF
    [2012-09-17 21:19:12 | 000,001,775 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
    [2012-09-17 21:07:15 | 000,001,229 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
    [2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cropping Tool.lnk
    [2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acme ID Card Maker 5.0.lnk
    [2012-09-05 16:40:12 | 000,046,690 | ---- | C] () -- C:\Windows\System32\YuoTubeDownloader.xpi
    [2012-07-20 12:07:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\LB603.dll
    [2012-07-20 12:06:58 | 000,157,696 | ---- | C] () -- C:\Windows\System32\asxtract.dll
    [2012-07-14 13:04:19 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
    [2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
    [2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
    [2012-07-04 14:56:36 | 000,000,218 | ---- | C] () -- C:\Users\Vicky\AppData\Local\recently-used.xbel
    [2012-06-14 12:32:14 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
    [2012-06-09 06:52:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2012-06-08 10:50:34 | 000,000,103 | ---- | C] () -- C:\Windows\System32\_system.ini
    [2012-06-08 09:57:00 | 000,107,008 | ---- | C] () -- C:\Windows\poetunin.exe
    [2012-06-08 09:56:22 | 000,077,824 | ---- | C] () -- C:\Windows\zipexe_r.exe
    [2012-05-25 23:06:49 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
    [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012-05-13 19:55:04 | 000,002,075 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
    [2012-04-21 09:24:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qhwm.sys
    [2012-03-11 22:35:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
    [2012-03-11 22:35:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
    [2012-03-11 20:58:34 | 000,155,136 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
    [2012-03-06 00:31:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\RandWTTime.dat
    [2012-03-05 23:45:17 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
    [2012-03-05 23:34:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
    [2012-03-05 23:34:25 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
    [2012-03-03 15:58:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012-03-02 20:44:59 | 000,005,002 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
    [2012-03-01 23:13:56 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012-03-01 02:33:09 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\ziprecovery.ini
    [2012-03-01 02:32:20 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\rarrecovery.ini
    [2012-03-01 02:17:54 | 000,000,990 | ---- | C] () -- C:\Windows\System32\dcimam45.sys
    [2012-02-29 23:52:21 | 000,006,852 | ---- | C] () -- C:\Windows\System32\drivers\Vcs.sys
    [2012-01-26 01:26:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\GSService.exe
    [2012-01-25 23:30:15 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
    [2012-01-21 19:41:06 | 000,248,832 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-01-21 19:39:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012-01-21 19:14:27 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\V2WCDRV.sys
    [2012-01-18 04:07:07 | 000,002,256 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
    [2012-01-01 23:16:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2012-01-01 23:16:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2012-01-01 23:16:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2012-01-01 23:16:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2012-01-01 23:16:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2012-01-01 23:16:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2012-01-01 23:16:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2012-01-01 23:16:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2012-01-01 23:16:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2012-01-01 23:16:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2012-01-01 23:16:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2012-01-01 23:16:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2012-01-01 23:16:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2012-01-01 23:16:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2012-01-01 23:16:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2012-01-01 23:15:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\EEBAPI.dll
    [2012-01-01 23:15:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\EEBDSCVR.dll
    [2012-01-01 23:15:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EBAPI.dll
    [2012-01-01 21:39:18 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
    [2012-01-01 20:32:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2012-01-01 19:44:44 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
    [2012-01-01 19:44:44 | 000,004,027 | ---- | C] () -- C:\Windows\unins000.dat
    [2012-01-01 19:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
    [2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2011-12-27 18:45:44 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2011-12-26 21:25:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
    [2011-12-26 20:36:14 | 000,655,512 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011-12-26 20:04:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011-12-26 19:19:13 | 000,029,462 | ---- | C] () -- C:\Windows\System32\netaf932.dll
    [2011-11-17 07:10:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2011-10-09 02:52:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
    [2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011-01-21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EmRegSys.dll
    [2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
  19. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    ========== ZeroAccess Check ==========

    [2008-11-27 16:07:36 | 000,001,289 | ---- | M] () -- C:\Users\All Users\The Complete Genealogy Reporter\HTML Templates\l.gif
    [2008-11-27 16:08:10 | 000,001,316 | ---- | M] () -- C:\Users\All Users\The Complete Genealogy Reporter\HTML Templates\n.gif
    [2008-11-27 16:10:20 | 000,001,320 | ---- | M] () -- C:\Users\All Users\The Complete Genealogy Reporter\HTML Templates\u.gif
    [2012-03-01 22:54:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\LocalLow\Microsoft\Silverlight\is\kyxpvn3r.ttf\rfwglurk.ys0\1\l
    [2012-05-16 17:32:49 | 000,000,887 | ---- | M] () -- C:\Users\Vicky\Desktop\New folder\txt\L.txt
    [2012-07-04 22:45:59 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\L
    [2012-07-04 22:45:59 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\N
    [2012-07-03 10:59:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\U
    [2012-08-24 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrange\L
    [2012-07-10 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrange\N
    [2012-08-25 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrange\U
    [2012-08-24 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeCovers\L
    [2012-08-24 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeCovers\N
    [2012-07-01 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeHomePhotos\L
    [2012-06-08 10:43:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeHomePhotos\N
    [2012-07-01 14:47:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMainPhoto\N
    [2012-09-15 21:06:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMoviePhotos\L
    [2012-09-15 21:07:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMoviePhotos\N
    [2012-08-25 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMoviePhotos\U
    [2012-08-25 21:57:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeScreenshots\L
    [2012-08-24 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeScreenshots\N
    [2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /HideShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /ShowShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\open\command\\: C:\Program Files\Comodo\IceDragon\icedragon.exe [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\properties\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -preferences [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\safemode\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -safe-mode [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\\: Link Commander Pro
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationDescription: Link Commander Pro is a unique fully-automated, bookmarks manager that allows you to surf the web more easily.
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationName: Link Commander Pro
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.lc: LinkCommanderProCollection
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.htm: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.html: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.xml: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.url: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mht: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mhtml: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\StartMenu\\StartMenuInternet: Link.Commander.Pro
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\ftp: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\http: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\https: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\InstallInfo\\IconsVisible: 1
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\shell\open\command\\: "C:\Program Files\Link Commander Pro\LinkCommanderPro.exe"

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /HideShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /ShowShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\open\command\\: C:\Program Files\Comodo\IceDragon\icedragon.exe [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\properties\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -preferences [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\safemode\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -safe-mode [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\\: Link Commander Pro
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationDescription: Link Commander Pro is a unique fully-automated, bookmarks manager that allows you to surf the web more easily.
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationName: Link Commander Pro
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.lc: LinkCommanderProCollection
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.htm: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.html: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.xml: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.url: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mht: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mhtml: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\StartMenu\\StartMenuInternet: Link.Commander.Pro
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\ftp: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\http: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\https: LinkCommanderProHTML
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\InstallInfo\\IconsVisible: 1
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\shell\open\command\\: "C:\Program Files\Link Commander Pro\LinkCommanderPro.exe"

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012-06-24 14:38:10 | 000,158,144 | ---- | M] (Romex Software) -- C:\Windows\system32\drivers\fancyrd.sys
    [2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
    [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) -- C:\Windows\system32\drivers\teamviewervpn.sys

    < %systemroot%\System32\config\*.sav >
    [2012-08-30 13:10:38 | 051,908,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.sav

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2011-12-26 22:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
    [2012-09-17 20:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\Acmework
    [2012-07-20 11:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2012-04-11 03:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adult Advantage
    [2012-07-05 13:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced Emailer
    [2012-03-11 20:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Aimersoft
    [2012-06-28 16:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\AKVIS
    [2012-06-28 16:57:37 | 000,000,000 | ---D | M] -- C:\Program Files\Akvis Decorator
    [2012-06-27 15:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\Akvis Magnifier
    [2012-05-25 22:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
    [2012-01-26 02:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\AnyMedia Player
    [2012-06-08 09:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\AOFR
    [2012-03-01 01:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Aostsoft All Document Converter Professional
    [2012-01-01 20:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
    [2012-06-08 11:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Appnimi
    [2012-09-17 20:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
    [2012-04-11 19:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\AutoClick3
    [2012-03-01 00:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\AV VCS 3.0
    [2012-09-17 21:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Beauty Guide
    [2012-09-17 21:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Beyond Compare 3
    [2012-05-25 22:35:48 | 000,000,000 | ---D | M] -- C:\Program Files\BinarySense
    [2011-12-26 20:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\BitDefender
    [2012-09-17 21:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent Ultra Accelerator
    [2012-09-17 22:55:53 | 000,000,000 | ---D | M] -- C:\Program Files\CalcTape
    [2012-09-17 23:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\Calibre2
    [2012-09-15 02:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\Cambridge
    [2012-07-14 13:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
    [2012-07-14 13:04:07 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
    [2012-03-01 02:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\Caricature Software
    [2012-07-05 13:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\Chameleon Folder 2
    [2012-09-17 22:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\ChordWizard
    [2012-06-27 16:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\CodeMeter
    [2012-08-30 12:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Collectorz.com
    [2012-09-20 10:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2012-08-12 20:41:26 | 000,000,000 | ---D | M] -- C:\Program Files\Comodo
    [2012-05-25 22:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\COMPELSON Labs
    [2012-05-25 22:47:50 | 000,000,000 | ---D | M] -- C:\Program Files\Compiled Driver Disc (Full)
    [2012-09-17 21:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Cookapp
    [2012-06-08 09:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\CrystalDiskInfo
    [2012-04-21 11:48:02 | 000,000,000 | -HSD | M] -- C:\Program Files\CSJ
    [2012-01-01 19:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
    [2012-04-29 13:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
    [2012-06-27 16:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\Data Crow
    [2012-04-11 04:42:15 | 000,000,000 | ---D | M] -- C:\Program Files\Deluge
    [2011-12-27 00:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\DepositFiles
    [2012-09-17 22:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\Deskshare
    [2012-01-01 20:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
    [2012-06-08 09:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Physiognomy
    [2012-09-17 21:14:35 | 000,000,000 | ---D | M] -- C:\Program Files\Direct Folders
    [2012-06-27 17:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\DiskCheckup
    [2012-01-01 19:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone
    [2012-09-17 21:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\DreamCalc DC4P
    [2012-07-12 14:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\DreamScene Seven
    [2012-06-09 06:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Checker
    [2012-09-03 12:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
    [2012-01-01 19:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-Cloner
    [2012-05-08 23:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
    [2012-09-17 22:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\ElectraSoft
    [2012-09-17 22:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\eMail Extractor
    [2012-07-05 14:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Email Sender Deluxe
    [2012-06-08 09:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Engelmann Media
    [2012-01-01 23:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
    [2012-01-01 23:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
    [2012-01-01 23:15:59 | 000,000,000 | ---D | M] -- C:\Program Files\EpsonNet
    [2012-06-08 09:40:05 | 000,000,000 | ---D | M] -- C:\Program Files\Essential Data Tools
    [2012-01-26 05:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Excel Password Unlocker
    [2012-06-27 10:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\ExtractNow
    [2012-03-02 22:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab
    [2012-01-01 21:16:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileHippo.com
    [2012-01-01 19:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\FreeArc
    [2012-03-01 00:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\FriendBlasterPro
    [2012-09-17 23:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire 5
    [2012-09-17 22:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Gammadyne Mailer
    [2012-09-17 21:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Geometry Expressions v3.0
    [2012-06-27 17:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\GetData
    [2012-08-30 11:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\GIV Graphics
    [2012-09-03 11:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2012-01-01 19:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
    [2012-03-01 17:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\GTK2-Runtime
    [2012-09-17 22:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\GtkSharp
    [2012-07-14 13:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\GUM1A05.tmp
    [2012-06-08 10:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Hard Drive Inspector
    [2012-06-27 17:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\ICL-Icon Extractor
    [2012-01-21 06:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\IDM
    [2012-01-01 20:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
    [2012-08-30 12:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\Informatik Inc
    [2012-05-08 17:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\innoheim
    [2012-07-13 18:27:58 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2011-12-15 21:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2012-08-30 12:01:02 | 000,000,000 | ---D | M] -- C:\Program Files\Intermedia Software
    [2012-09-03 12:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2012-06-06 22:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\iNTERNET Turbo
    [2012-09-17 21:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\J River
    [2012-06-22 00:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2012-09-13 23:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\JDownloader
    [2012-06-08 10:36:49 | 000,000,000 | ---D | M] -- C:\Program Files\Jyotish Tools
    [2012-09-17 23:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
    [2012-09-17 22:22:16 | 000,000,000 | ---D | M] -- C:\Program Files\Kepard
    [2012-07-13 18:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\LearnWords
    [2012-07-20 12:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\Lees Bingo
    [2012-09-17 22:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\LineReader
    [2012-06-27 17:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Link Commander Pro
    [2012-01-01 19:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
    [2012-07-13 20:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
    [2012-07-13 17:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012-08-30 11:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\MarinerSoftware
    [2012-06-08 12:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\MathType
    [2012-07-20 12:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\MediaMonkey
    [2012-01-01 21:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Merriam-Webster
    [2012-01-01 21:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
    [2012-01-01 19:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
    [2012-01-01 21:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2012-01-01 20:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Reader
    [2012-04-24 18:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Research
    [2012-05-26 15:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2012-01-01 21:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2012-01-01 21:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
    [2012-01-01 21:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
    [2012-01-01 21:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
    [2012-01-30 21:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2012-09-18 11:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mindjet
    [2012-09-19 02:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\MiniLyrics
    [2012-01-01 20:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\MiPony
    [2012-09-17 22:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\mirabyte
    [2012-09-17 21:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mirolit
    [2012-05-26 16:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\MOBILedit!
    [2012-07-01 23:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\Movienizer
    [2011-12-26 23:09:15 | 000,000,000 | ---D | M] -- C:\Program Files\MozBackup
    [2012-09-17 22:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2012-09-08 12:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
    [2012-06-14 01:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
    [2012-06-27 17:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\MS Word Recover File Password Software
    [2012-01-01 21:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2012-09-17 23:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\MyPhoneExplorer
    [2012-07-20 11:54:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mythicsoft
    [2012-06-27 17:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
    [2012-05-27 15:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetSetMan
    [2012-06-27 18:11:39 | 000,000,000 | ---D | M] -- C:\Program Files\Nsasoft
    [2012-06-14 12:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
    [2012-09-13 17:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Office 2010 Trial Extender
    [2012-03-02 22:16:23 | 000,000,000 | ---D | M] -- C:\Program Files\Office Password Recovery Toolbox
    [2012-03-05 23:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\omniformat
    [2012-06-14 10:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\ooVoo
    [2012-04-24 10:40:05 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
    [2012-06-22 00:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
    [2012-01-30 20:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\owl_sb
    [2012-09-15 02:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Oxford
    [2012-09-18 13:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools
    [2012-03-03 03:30:31 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Converter Pro
    [2012-07-05 13:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Image Extraction Wizard
    [2012-03-05 23:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
    [2012-07-17 16:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\PearlMountain Image Converter
    [2012-03-02 18:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\PearlMountain Image Resizer Pro
    [2012-01-19 13:17:27 | 000,000,000 | ---D | M] -- C:\Program Files\PersonalBrain
    [2012-05-25 22:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Phone Drivers Downloader
    [2012-01-30 20:27:21 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Calendar Maker
    [2012-09-17 22:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Stamp Remover
    [2012-06-28 17:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\plasq
    [2012-09-18 03:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Primo Ramdisk Ultimate Edition
    [2012-08-30 13:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Process Lasso
    [2012-05-22 21:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2012-06-28 16:59:30 | 000,000,000 | ---D | M] -- C:\Program Files\RapidSolution
    [2012-05-25 23:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\RapidTyping
    [2012-03-01 02:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\RAR Password Recovery
    [2012-01-01 20:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Rar Repair Tool
    [2012-03-01 04:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Real
    [2012-06-09 06:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2009-07-14 10:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2012-01-01 20:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\RegClean Pro
    [2012-09-17 22:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\Reminder Commander
    [2012-05-25 22:31:40 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
    [2012-01-26 02:20:28 | 000,000,000 | ---D | M] -- C:\Program Files\RipTiger
    [2012-09-17 22:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\RobotSoft
    [2012-09-03 13:43:49 | 000,000,000 | ---D | M] -- C:\Program Files\RocketDock
    [2012-06-27 17:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\SecurityXploded
    [2012-03-02 22:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\SizeExplorer Pro 4
    [2012-09-03 12:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\Skin Pack
    [2012-07-11 14:31:03 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2012-06-27 17:45:39 | 000,000,000 | ---D | M] -- C:\Program Files\SpotOnTheMouse
    [2012-01-26 02:33:05 | 000,000,000 | ---D | M] -- C:\Program Files\STDU Extractor
    [2012-03-01 20:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Excel Recovery
    [2012-03-02 18:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix PowerPoint Recovery
    [2012-03-02 18:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Zip Recovery
    [2012-06-09 07:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\SuperSpeed
    [2012-06-27 16:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\SuperUtils.com
    [2012-01-26 02:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\SWF-AVI-GIF Converter
    [2012-07-20 12:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\SwordSearcher
    [2012-09-17 23:28:50 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
    [2012-01-01 20:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
    [2012-01-26 02:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\TeraCopy
    [2012-05-25 23:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\The Complete Genealogy Builder
    [2012-05-25 23:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\The Complete Genealogy Reporter
    [2012-09-17 23:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\Throttle
    [2012-09-17 21:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\ThunderSoft
    [2012-09-17 21:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Tint Guide
    [2012-06-08 10:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\Top Password
    [2012-03-03 16:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\TotalDocConverter
    [2012-06-08 11:15:43 | 000,000,000 | ---D | M] -- C:\Program Files\TotalImageConverter
    [2012-01-01 20:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\UltraISO
    [2009-07-14 10:23:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2012-03-03 00:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\Universal Document Converter
    [2012-09-17 23:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\Usmania Code
    [2012-05-12 00:22:39 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2012-06-27 18:11:32 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent SpeedUp Pro
    [2012-06-08 15:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent Turbo Booster
    [2012-04-24 17:33:37 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
    [2011-12-26 21:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
    [2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2012-09-03 12:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2009-07-14 10:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
    [2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2012-06-16 16:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2012-03-03 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\WinMend
    [2012-06-27 18:13:20 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
    [2012-08-23 17:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
    [2012-07-05 13:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\Wise
    [2012-01-26 01:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\WMA-MP3.com
    [2012-05-25 23:09:37 | 000,000,000 | ---D | M] -- C:\Program Files\Wondershare
    [2012-09-17 20:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\Writer's Cafe 2
    [2012-06-27 15:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Xpress Software
    [2012-06-14 17:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Xtranormal
    [2012-06-14 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
    [2012-04-11 11:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
    [2012-06-27 20:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\YouWave_Android
    [2012-01-10 13:39:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
    [2012-03-01 02:32:56 | 000,000,000 | ---D | M] -- C:\Program Files\ZIP Password Recovery
  20. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    < %appdata%\*.* >
    [2012-09-17 21:19:25 | 000,001,775 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
    [2012-09-17 22:33:07 | 000,000,049 | -H-- | M] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
    [2012-07-04 23:30:57 | 000,000,083 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Not_added_movies.txt
    [2012-05-13 19:55:04 | 000,002,075 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
    [2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat

    < MD5 for: AFD.SYS >
    [2011-04-25 08:05:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
    [2010-11-20 14:10:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
    [2011-04-25 07:48:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
    [2011-04-25 07:48:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
    [2011-04-25 07:57:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
    [2011-04-25 08:54:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
    [2009-07-14 04:42:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
    [2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
    [2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
    [2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
    [2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2009-07-14 06:45:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
    [2010-11-20 17:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\erdnt\cache\cryptsvc.dll
    [2010-11-20 17:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\System32\cryptsvc.dll
    [2010-11-20 17:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2010-11-20 17:48:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
    [2011-03-03 11:08:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
    [2011-03-03 11:08:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
    [2011-03-03 10:59:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
    [2011-03-03 11:20:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
    [2009-07-14 06:45:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
    [2011-03-03 10:42:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2009-07-14 06:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache\es.dll
    [2009-07-14 06:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
    [2009-07-14 06:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011-02-26 10:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009-07-14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011-02-26 11:21:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009-10-31 11:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011-02-26 11:03:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010-11-20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
    [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009-08-03 11:19:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009-08-03 11:05:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009-10-31 11:30:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009-07-14 06:45:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
    [2009-07-14 06:45:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010-11-20 14:09:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
    [2010-11-20 14:09:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
    [2009-07-14 04:42:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009-07-14 06:46:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\erdnt\cache\netman.dll
    [2009-07-14 06:46:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
    [2009-07-14 06:46:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

    < MD5 for: QMGR.DLL >
    [2009-07-14 06:46:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
    [2010-11-20 17:50:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
    [2010-11-20 17:50:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
    [2010-11-20 17:50:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010-11-20 17:51:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll
    [2010-11-20 17:51:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
    [2010-11-20 17:51:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
    [2009-07-14 06:46:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009-07-14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
    [2009-07-14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
    [2009-07-14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
    [2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011-04-25 10:26:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
    [2011-09-29 21:32:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
    [2011-04-25 10:01:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
    [2009-07-14 06:49:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
    [2010-11-20 18:00:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
    [2011-09-29 21:47:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
    [2011-09-29 21:13:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
    [2011-09-29 21:33:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\erdnt\cache\tcpip.sys
    [2011-09-29 21:33:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\System32\drivers\tcpip.sys
    [2011-09-29 21:33:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
    [2011-04-25 12:01:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
    [2011-04-25 10:14:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys

    < MD5 for: TDX.SYS >
    [2010-11-20 14:09:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys
    [2010-11-20 14:09:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
    [2010-11-20 14:09:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
    [2009-07-14 04:42:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
    [2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009-07-14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2009-07-14 06:49:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
    [2010-11-20 18:00:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
    [2010-11-20 18:00:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
    [2010-11-20 18:00:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009-07-14 06:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe
    [2009-07-14 06:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
    [2009-07-14 06:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009-10-28 11:47:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009-10-28 11:22:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
    [2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009-07-14 06:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009-07-14 06:46:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
    [2009-07-14 06:46:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
    [2009-07-14 06:46:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009-07-14 06:46:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
    [2009-07-14 06:46:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
    [2009-07-14 06:46:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
    [2010-12-21 11:08:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
    [2010-12-21 10:59:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

    ========== Files - Unicode (All) ==========
    [2011-12-26 20:49:26 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
    [2011-12-26 20:49:26 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:8331D35A
    @Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A5A1816B
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:054B9966
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0C6951A3
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:ACC6783C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:CBD3E4DE
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:55B41E6A
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:EBC2DB92

    < End of report >
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL. Copy and paste the following in the Custom Scans/Fixes box:




    Then hit Run Fix!

    Post the fix log once done, and tell me if the problem remains.
  22. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    The firefox homepage still changes to apype dot com(shows in options) / starwebsearch dot com(shows in the address bar). There was a YuoTubeDownloader toolbar in IE that I noticed before running OTL fix. Atleast that is now gone. Here are the logs

    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{3d175337-41e3-48eb-a754-493577f658b9} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d175337-41e3-48eb-a754-493577f658b9}\ deleted successfully.
    C:\Windows\System32\YuoTubeDownloader.dll moved successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{289bd87f-a29f-41a5-88da-19d7a6531bf6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289bd87f-a29f-41a5-88da-19d7a6531bf6}\ not found.
    Prefs.js: "Custom search" removed from browser.search.defaultenginename
    Prefs.js: "http://www.gigabase.ru/search?clid=1&q=" removed from browser.search.defaulturl
    Prefs.js: "Custom search" removed from browser.search.selectedEngine
    Prefs.js: "http://apype.com" removed from browser.startup.homepage
    Prefs.js: "http://apype.com/results.php?q=" removed from keyword.URL
    C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\tabutils@ithinc.cn.xpi moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\Custom search.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d175337-41e3-48eb-a754-493577f658b9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d175337-41e3-48eb-a754-493577f658b9}\ not found.
    File C:\Windows\System32\YuoTubeDownloader.dll not found.
    ADS C:\ProgramData\Temp:8331D35A deleted successfully.
    ADS C:\ProgramData\Temp:A5A1816B deleted successfully.
    ADS C:\ProgramData\Temp:054B9966 deleted successfully.
    ADS C:\ProgramData\Temp:0C6951A3 deleted successfully.
    ADS C:\ProgramData\Temp:ACC6783C deleted successfully.
    ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
    ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
    ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
    ADS C:\ProgramData\Temp:CBD3E4DE deleted successfully.
    ADS C:\ProgramData\Temp:55B41E6A deleted successfully.
    ADS C:\ProgramData\Temp:EBC2DB92 deleted successfully.

    OTL by OldTimer - Version 3.2.66.0 log created on 09232012_151559
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Open OTL, press Quick Scan button, and post log(s).
  24. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    OTL logfile created on: 24-Sep-12 1:00:22 AM - Run 2
    OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Vicky\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.61% Memory free
    5.99 Gb Paging File | 4.78 Gb Available in Paging File | 79.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 53.62 Gb Total Space | 7.76 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
    Drive D: | 89.63 Gb Total Space | 8.47 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
    Drive E: | 58.64 Gb Total Space | 1.20 Gb Free Space | 2.04% Space Free | Partition Type: NTFS
    Drive F: | 30.89 Gb Total Space | 9.54 Gb Free Space | 30.90% Space Free | Partition Type: NTFS

    Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
    PRC - [2012-09-17 22:41:17 | 000,458,752 | ---- | M] (ElectraSoft) -- C:\Program Files\ElectraSoft\mbc\MBC.EXE
    PRC - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
    PRC - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012-08-22 20:24:50 | 000,369,544 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
    PRC - [2012-08-22 20:24:48 | 000,677,256 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
    PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
    PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012-05-15 14:57:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
    PRC - [2012-03-09 16:58:08 | 002,906,112 | ---- | M] (NeoSoft Tools) -- C:\Program Files\Chameleon Folder 2\chfolder.exe
    PRC - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe
    PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
    PRC - [2011-12-26 21:06:50 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
    PRC - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
    PRC - [2011-12-26 21:03:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
    PRC - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
    PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010-03-16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012-03-09 13:15:40 | 000,894,464 | ---- | M] () -- C:\Program Files\Chameleon Folder 2\cf.dll
    MOD - [2011-12-26 21:05:09 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
    MOD - [2011-12-26 21:03:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
    MOD - [2011-12-26 21:02:38 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
    MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2011-11-11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011-11-11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011-11-11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011-11-11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011-11-11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
    MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


    ========== Services (SafeList) ==========

    SRV - [2012-09-17 21:32:18 | 000,394,920 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)
    SRV - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
    SRV - [2012-09-08 12:38:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
    SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012-06-27 17:21:31 | 003,081,220 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
    SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012-04-23 16:16:08 | 000,484,304 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -- (HDDSvc)
    SRV - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
    SRV - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
    SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
    SRV - [2012-01-23 22:21:20 | 000,249,856 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\GSService.exe -- (GSService)
    SRV - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
    SRV - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
    SRV - [2010-11-30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV - [2010-07-23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
    SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe -- (DfSdkS)
    SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vicky\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aicqys6h)
    DRV - [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV - [2012-06-24 14:38:10 | 000,158,144 | ---- | M] (Romex Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fancyrd.sys -- (FancyRd)
    DRV - [2012-05-24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
    DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
    DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
    DRV - [2012-05-15 15:56:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012-04-29 13:48:14 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2012-04-29 13:46:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2012-04-18 22:38:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2012-02-02 21:08:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2012-01-18 12:14:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011-12-26 21:03:38 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
    DRV - [2011-12-26 21:02:05 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
    DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
    DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2011-11-07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
    DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
    DRV - [2011-07-15 23:43:12 | 000,135,680 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
    DRV - [2011-06-23 12:13:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
    DRV - [2011-05-06 23:29:32 | 000,024,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC)
    DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2010-11-29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
    DRV - [2010-11-29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
    DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010-08-20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
    DRV - [2010-08-20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
    DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2010-05-13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
    DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
    DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
    IE - HKLM\..\URLSearchHook: {3d175337-41e3-48eb-a754-493577f658b9} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC ED 73 4E 17 BB CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {95853F18-90B6-4472-A2AD-3BFAF5F5A51F}
    IE - HKCU\..\SearchScopes\{48444E1A-FD18-45C6-92C1-3A8819B65AE0}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKCU\..\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Custom search"
    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.selectedEngine: "Custom search"
    FF - prefs.js..browser.startup.homepage: "http://apype.com"
    FF - prefs.js..extensions.enabledAddons: optimizegoogle@optimizegoogle.com:0.79.1
    FF - prefs.js..extensions.enabledAddons: trafficlight@bitdefender.com:0.1.28
    FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
    FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
    FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
    FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
    FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
    FF - prefs.js..extensions.enabledAddons: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.7.2
    FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
    FF - prefs.js..extensions.enabledAddons: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.44
    FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
    FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Vicky\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-13 17:48:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-08 12:38:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-09-08 12:38:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012-06-14 01:11:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]

    [2011-12-24 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
    [2012-09-23 15:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions
    [2012-04-25 19:19:57 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2012-09-16 21:10:41 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
    [2012-08-24 18:48:32 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\customization@adblockplus.org.xpi
    [2012-09-13 11:42:12 | 000,067,038 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbp@fbpurity.com.xpi
    [2012-09-13 11:42:09 | 000,162,292 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbsidebardisabler@vittgam.net.xpi
    [2011-11-12 20:29:12 | 000,236,088 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\optimizegoogle@optimizegoogle.com.xpi
    [2012-02-10 18:52:01 | 000,792,865 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\trafficlight@bitdefender.com.xpi
    [2012-07-11 11:44:22 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\youtubeunblocker@unblocker.yt.xpi
    [2012-09-18 12:31:27 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
    [2011-08-12 07:58:54 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2011-07-26 05:40:30 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
    [2012-09-11 12:23:53 | 000,021,014 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
    [2012-07-27 07:18:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2011-10-30 01:44:28 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
    [2012-07-21 22:46:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    [2012-09-16 22:47:17 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
    [2012-09-13 16:03:12 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
    [2012-09-08 12:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012-09-08 12:38:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012-09-08 12:38:54 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
    [2012-06-08 00:37:26 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
    [2012-09-08 12:38:57 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009-07-31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
    [2012-07-13 17:47:55 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2012-08-29 00:22:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012-07-12 14:14:41 | 000,005,137 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ergative.xml
    [2012-08-29 00:22:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2010-12-09 02:51:24 | 000,002,224 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml

    O1 HOSTS File: ([2012-09-20 10:59:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
    O3 - HKLM\..\Toolbar: (no name) - {3d175337-41e3-48eb-a754-493577f658b9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Chameleon Folder] C:\Program Files\Chameleon Folder 2\chfolder.exe (NeoSoft Tools)
    O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
    O4 - Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk = C:\Program Files\ElectraSoft\mbc\MBC.EXE (ElectraSoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Link Commander collection - Reg Error: Value error. File not found
    O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send Image To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Send Link To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Send Page To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O8 - Extra context menu item: Send Text To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========
  25. vicky279

    vicky279 Newcomer, in training Topic Starter Posts: 51

    [2012-09-24 00:59:50 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
    [2012-09-23 15:15:59 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012-09-21 00:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012-09-20 11:04:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012-09-20 10:59:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012-09-20 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\temp
    [2012-09-19 23:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012-09-19 23:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012-09-19 23:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012-09-19 23:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012-09-19 23:38:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012-09-18 22:21:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\PC Tools
    [2012-09-18 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Threat Expert
    [2012-09-18 13:21:02 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0947.old
    [2012-09-18 13:21:02 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0947.old
    [2012-09-18 13:20:00 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
    [2012-09-18 13:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
    [2012-09-18 12:45:46 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
    [2012-09-18 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012-09-18 12:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012-09-18 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TestApp
    [2012-09-18 11:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mindjet
    [2012-09-17 23:28:50 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
    [2012-09-17 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
    [2012-09-17 23:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
    [2012-09-17 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Calibre Library
    [2012-09-17 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\calibre
    [2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
    [2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    [2012-09-17 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
    [2012-09-17 23:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
    [2012-09-17 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Usmania_Code
    [2012-09-17 23:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Usmania Code
    [2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Usmania Code
    [2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Usmania Code
    [2012-09-17 23:13:02 | 000,000,000 | R--D | C] -- C:\AHCache
    [2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Throttle
    [2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Throttle
    [2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
    [2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfAnonymousFree
    [2012-09-17 22:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CalcTape
    [2012-09-17 22:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\CalcTape
    [2012-09-17 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\SMP Data
    [2012-09-17 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare
    [2012-09-17 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
    [2012-09-17 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare Data
    [2012-09-17 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Deskshare
    [2012-09-17 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Spoon
    [2012-09-17 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Deskshare
    [2012-09-17 22:49:07 | 001,791,920 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v13.1.0.ocx
    [2012-09-17 22:49:07 | 001,226,672 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v13.1.0.ocx
    [2012-09-17 22:49:07 | 000,538,544 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
    [2012-09-17 22:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reminder Commander
    [2012-09-17 22:49:06 | 002,320,304 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.1.0.ocx
    [2012-09-17 22:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reminder Commander
    [2012-09-17 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Primo Ramdisk Ultimate Edition
    [2012-09-17 22:47:53 | 000,158,144 | ---- | C] (Romex Software) -- C:\Windows\System32\drivers\fancyrd.sys
    [2012-09-17 22:47:53 | 000,019,392 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\rxbsknl.sys
    [2012-09-17 22:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Primo Ramdisk Ultimate Edition
    [2012-09-17 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Stamp Remover
    [2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
    [2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
    [2012-09-17 22:40:59 | 000,000,000 | ---D | C] -- C:\mbc
    [2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\RobotSoft
    [2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\RobotSoft
    [2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse and Keyboard Recorder
    [2012-09-17 22:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mirabyte Feed Writer
    [2012-09-17 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\mirabyte
    [2012-09-17 22:37:05 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
    [2012-09-17 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
    [2012-09-17 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\My Maps
    [2012-09-17 22:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 2012
    [2012-09-17 22:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
    [2012-09-17 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
    [2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Maxprog
    [2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Maxprog
    [2012-09-17 22:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMail Extractor
    [2012-09-17 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\eMail Extractor
    [2012-09-17 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
    [2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineReader
    [2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Iconico
    [2012-09-17 22:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\LineReader
    [2012-09-17 22:30:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\MyPhoneExplorer
    [2012-09-17 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
    [2012-09-17 22:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sketchpad
    [2012-09-17 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp
    [2012-09-17 22:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kepard
    [2012-09-17 22:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kepard
    [2012-09-17 22:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Music Theory 3.0
    [2012-09-17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ChordWizard
    [2012-09-17 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRiver Media Center 17
    [2012-09-17 21:30:00 | 000,381,608 | ---- | C] (JRiver, Inc.) -- C:\Windows\System32\MC17.exe
    [2012-09-17 21:29:59 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AReadyLB.dll
    [2012-09-17 21:29:59 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AudDevicePlugin.dll
    [2012-09-17 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\J River
    [2012-09-17 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\J River
    [2012-09-17 21:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halotea
    [2012-09-17 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirolit
    [2012-09-17 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mirolit
    [2012-09-17 21:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geometry Expressions v3.0
    [2012-09-17 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Geometry Expressions v3.0
    [2012-09-17 21:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gammadyne
    [2012-09-17 21:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System-G
    [2012-09-17 21:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gammadyne Mailer
    [2012-09-17 21:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft
    [2012-09-17 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThunderSoft
    [2012-09-17 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamCalc DC4P
    [2012-09-17 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\DreamCalc DC4P
    [2012-09-17 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
    [2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4
    [2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cookapp
    [2012-09-17 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
    [2012-09-17 21:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders
    [2012-09-17 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
    [2012-09-17 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Anthemion Writer's Café 2.32
    [2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent Ultra Accelerator
    [2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Ultra Accelerator
    [2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Tint Guide
    [2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beauty Guide
    [2012-09-17 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Beauty Guide
    [2012-09-17 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
    [2012-09-17 21:01:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
    [2012-09-17 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
    [2012-09-17 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
    [2012-09-17 20:51:49 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
    [2012-09-17 20:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
    [2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Writer's Cafe Documents
    [2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
    [2012-09-17 20:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anthemion Writer's Café 2.32
    [2012-09-17 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Writer's Cafe 2
    [2012-09-17 20:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Acmework
    [2012-09-15 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\dvdcss
    [2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office 2010 Trial Extender
    [2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Office 2010 Trial Extender
    [2012-09-08 12:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012-09-05 04:29:25 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Apple Computer
    [2012-09-03 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
    [2012-09-03 13:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
    [2012-09-02 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Rovio
    [2012-09-02 11:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
    [2012-08-30 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ProcessLasso
    [2012-08-30 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
    [2012-08-30 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
    [2012-08-30 13:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
    [2012-08-30 12:35:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Wise Disk Cleaner
    [2012-08-30 12:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Research
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
    [2012-09-24 00:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
    [2012-09-23 20:13:36 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-09-23 20:13:36 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-09-23 20:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012-09-23 20:05:57 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
    [2012-09-23 15:01:09 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
    [2012-09-23 10:24:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
    [2012-09-20 10:59:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012-09-19 22:18:18 | 000,215,597 | ---- | M] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
    [2012-09-19 20:26:14 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
    [2012-09-18 22:20:42 | 001,318,816 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2012-09-18 18:07:04 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
    [2012-09-18 01:56:47 | 000,449,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012-09-18 01:56:14 | 000,000,048 | -HS- | M] () -- C:\Windows\rmtf32-k289371-all.dat
    [2012-09-17 23:23:17 | 000,001,211 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
    [2012-09-17 23:21:47 | 000,000,007 | ---- | M] () -- C:\Users\Vicky\AppData\Local\~wmrg
    [2012-09-17 22:42:17 | 000,001,841 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
    [2012-09-17 22:36:42 | 000,002,902 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
    [2012-09-17 22:33:07 | 000,000,049 | -H-- | M] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
    [2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
    [2012-09-17 22:22:16 | 000,001,821 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
    [2012-09-17 21:19:25 | 000,001,775 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
    [2012-09-17 21:07:15 | 000,001,229 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
    [2012-09-14 22:11:24 | 000,663,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012-09-14 22:11:24 | 000,121,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012-09-14 16:45:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
    [2012-09-05 16:40:12 | 000,046,690 | ---- | M] () -- C:\Windows\System32\YuoTubeDownloader.xpi
    [2012-08-30 13:11:20 | 000,002,256 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012-09-19 23:40:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012-09-19 23:40:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012-09-19 23:40:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012-09-19 23:40:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012-09-19 23:40:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012-09-19 22:18:16 | 000,215,597 | ---- | C] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
    [2012-09-18 13:21:03 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0947.old
    [2012-09-18 12:45:54 | 001,318,816 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2012-09-18 01:56:14 | 000,000,048 | -HS- | C] () -- C:\Windows\rmtf32-k289371-all.dat
    [2012-09-17 23:29:00 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
    [2012-09-17 23:23:17 | 000,001,211 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
    [2012-09-17 23:20:47 | 000,000,007 | ---- | C] () -- C:\Users\Vicky\AppData\Local\~wmrg
    [2012-09-17 22:44:11 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
    [2012-09-17 22:41:19 | 000,001,841 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
    [2012-09-17 22:36:42 | 000,002,902 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
    [2012-09-17 22:33:07 | 000,000,049 | -H-- | C] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
    [2012-09-17 22:28:11 | 000,001,536 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
    [2012-09-17 22:22:16 | 000,001,821 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
    [2012-09-17 21:29:59 | 000,183,129 | ---- | C] () -- C:\Windows\System32\AM Install1.INF
    [2012-09-17 21:19:12 | 000,001,775 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
    [2012-09-17 21:07:15 | 000,001,229 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
    [2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cropping Tool.lnk
    [2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acme ID Card Maker 5.0.lnk
    [2012-09-05 16:40:12 | 000,046,690 | ---- | C] () -- C:\Windows\System32\YuoTubeDownloader.xpi
    [2012-07-20 12:07:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\LB603.dll
    [2012-07-20 12:06:58 | 000,157,696 | ---- | C] () -- C:\Windows\System32\asxtract.dll
    [2012-07-14 13:04:19 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
    [2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
    [2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
    [2012-07-04 14:56:36 | 000,000,218 | ---- | C] () -- C:\Users\Vicky\AppData\Local\recently-used.xbel
    [2012-06-14 12:32:14 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
    [2012-06-09 06:52:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2012-06-08 10:50:34 | 000,000,103 | ---- | C] () -- C:\Windows\System32\_system.ini
    [2012-06-08 09:57:00 | 000,107,008 | ---- | C] () -- C:\Windows\poetunin.exe
    [2012-06-08 09:56:22 | 000,077,824 | ---- | C] () -- C:\Windows\zipexe_r.exe
    [2012-05-25 23:06:49 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
    [2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012-05-13 19:55:04 | 000,002,075 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
    [2012-04-21 09:24:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qhwm.sys
    [2012-03-11 22:35:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
    [2012-03-11 22:35:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
    [2012-03-11 20:58:34 | 000,155,136 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
    [2012-03-06 00:31:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\RandWTTime.dat
    [2012-03-05 23:45:17 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
    [2012-03-05 23:34:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
    [2012-03-05 23:34:25 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
    [2012-03-03 15:58:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012-03-02 20:44:59 | 000,005,002 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
    [2012-03-01 23:13:56 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012-03-01 02:33:09 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\ziprecovery.ini
    [2012-03-01 02:32:20 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\rarrecovery.ini
    [2012-03-01 02:17:54 | 000,000,990 | ---- | C] () -- C:\Windows\System32\dcimam45.sys
    [2012-02-29 23:52:21 | 000,006,852 | ---- | C] () -- C:\Windows\System32\drivers\Vcs.sys
    [2012-01-26 01:26:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\GSService.exe
    [2012-01-25 23:30:15 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
    [2012-01-21 19:41:06 | 000,248,832 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012-01-21 19:39:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2012-01-21 19:14:27 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\V2WCDRV.sys
    [2012-01-18 04:07:07 | 000,002,256 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
    [2012-01-01 23:16:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2012-01-01 23:16:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2012-01-01 23:16:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2012-01-01 23:16:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2012-01-01 23:16:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2012-01-01 23:16:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2012-01-01 23:16:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2012-01-01 23:16:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2012-01-01 23:16:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2012-01-01 23:16:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2012-01-01 23:16:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2012-01-01 23:16:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2012-01-01 23:16:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2012-01-01 23:16:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2012-01-01 23:16:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2012-01-01 23:15:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\EEBAPI.dll
    [2012-01-01 23:15:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\EEBDSCVR.dll
    [2012-01-01 23:15:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EBAPI.dll
    [2012-01-01 21:39:18 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
    [2012-01-01 20:32:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2012-01-01 19:44:44 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
    [2012-01-01 19:44:44 | 000,004,027 | ---- | C] () -- C:\Windows\unins000.dat
    [2012-01-01 19:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
    [2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
    [2011-12-27 18:45:44 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2011-12-26 21:25:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
    [2011-12-26 20:36:14 | 000,655,512 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011-12-26 20:04:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011-12-26 19:19:13 | 000,029,462 | ---- | C] () -- C:\Windows\System32\netaf932.dll
    [2011-11-17 07:10:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2011-10-09 02:52:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
    [2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011-01-21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EmRegSys.dll
    [2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

    ========== ZeroAccess Check ==========

    [2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011-08-30 09:51:25 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012-02-03 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\5imyshow.Ltd
    [2012-06-14 17:32:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Acapela Group
    [2012-04-11 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AdultAdvantage
    [2012-03-11 20:59:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Aimersoft Video Converter Ultimate
    [2012-05-25 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AnvSoft
    [2012-01-30 18:00:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Apowersoft
    [2012-05-25 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BinarySense
    [2011-12-26 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BitDefender
    [2012-01-21 06:27:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\cald3
    [2012-09-17 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\calibre
    [2012-01-23 02:16:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canneverbe_Limited
    [2012-07-14 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canon
    [2012-06-27 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CLiPW
    [2012-06-28 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CocotronLibrary
    [2012-05-08 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ComfortSoftware
    [2012-09-17 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
    [2012-05-08 17:56:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\concept design
    [2012-04-29 15:49:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DAEMON Tools Pro
    [2012-07-04 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\deluge
    [2012-06-08 12:02:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Design Science
    [2012-03-01 17:01:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DeskSoft
    [2012-09-17 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
    [2012-09-17 21:16:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
    [2011-12-29 01:44:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DonationCoder
    [2011-12-29 01:52:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DuckLink
    [2012-01-01 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVD-Cloner
    [2012-04-24 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoft
    [2012-01-01 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers
    [2012-08-30 11:54:03 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Easy Macro Recorder
    [2012-05-08 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\EasyMP3Downloader
    [2012-06-07 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FaceOffMax
    [2012-01-01 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FreeArc
    [2012-06-30 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\gtk-2.0
    [2012-06-27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Hard Disk Sentinel
    [2012-05-08 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\HideIPPrivacy
    [2012-09-17 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Iconico
    [2012-03-03 03:30:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IGC
    [2012-04-12 14:41:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ImgBurn
    [2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IN-MEDIAKG
    [2012-06-27 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Informatik Scan
    [2012-03-01 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Intermedia Software
    [2012-09-17 21:29:41 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\J River
    [2012-05-08 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Jutoh
    [2012-07-13 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Leadertech
    [2012-08-20 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mariner Software
    [2012-09-17 22:32:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Maxprog
    [2012-05-08 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MechCAD
    [2012-05-25 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\med2
    [2012-09-16 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MediaMonkey
    [2012-09-15 02:06:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MiniLyrics
    [2012-07-13 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mipony
    [2012-05-25 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MOBILedit
    [2012-06-08 10:42:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Movienizer
    [2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\mresreg
    [2012-09-17 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MyPhoneExplorer
    [2012-07-20 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mythicsoft
    [2012-05-16 01:13:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Need for Speed World
    [2012-03-02 20:26:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Netscape
    [2012-05-13 19:36:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Nuance
    [2012-06-27 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\oald8
    [2012-03-02 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ooVoo Details
    [2012-03-01 02:35:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\OtakuSoftware
    [2012-03-02 18:12:12 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain
    [2012-03-02 18:01:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Resizer Pro
    [2012-07-17 16:44:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Converter
    [2012-03-02 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Resizer Pro
    [2012-03-02 18:16:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pelikan Software KFT
    [2012-01-19 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PersonalBrain
    [2012-03-02 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Photodex
    [2012-03-03 16:41:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pixelplan
    [2012-08-30 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
    [2012-05-08 23:21:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PunkBuster
    [2012-02-10 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\QuickScan
    [2012-06-08 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rainmeter
    [2012-05-25 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\RapidTyping
    [2012-03-03 15:58:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Reasonable Software House Ltd
    [2012-06-27 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Resort Labs
    [2012-09-02 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rovio
    [2012-09-17 21:01:08 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
    [2012-06-07 20:22:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ScreenSteps
    [2012-06-08 11:15:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Softplicity
    [2012-05-09 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SuperMP3Download
    [2012-06-27 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SuperUtils.com
    [2012-09-17 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
    [2012-08-30 12:27:16 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SwordSearcher
    [2012-01-01 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Systweak
    [2012-07-20 00:14:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TeraCopy
    [2012-09-18 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TestApp
    [2012-05-25 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Builder
    [2012-05-25 23:36:30 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Reporter
    [2012-06-14 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Thunderbird
    [2012-03-03 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\UDC Profiles
    [2012-03-03 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\USBSafelyRemove
    [2012-09-23 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent
    [2012-06-08 00:56:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent Turbo Booster
    [2012-07-13 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Video2Webcam
    [2012-01-01 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\VitySoft
    [2012-02-22 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WeatherWatcherLive
    [2012-06-29 04:24:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WebcamMax
    [2012-08-30 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Wise Disk Cleaner
    [2012-05-25 23:36:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Wondershare
    [2012-09-17 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
    [2012-06-14 17:34:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Xtranormal
    [2012-03-01 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\YCanPDF

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2011-12-26 20:49:26 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
    [2011-12-26 20:49:26 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:55B41E6A

    < End of report >
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.