Hi Broni. Carried out your instructions exactly. Fixit ran, lets hope MSE is gone !
ADWcleaner produced 2 logs:
# AdwCleaner v3.007 - Report created 11/10/2013 at 14:35:53
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - ADFL
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Found C:\Documents and Settings\Admin\Application Data\DriverCure
Folder Found C:\Documents and Settings\Admin\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\Admin\Application Data\registry mechanic
Folder Found C:\Documents and Settings\Admin\Local Settings\Application Data\Zoom_Downloader
Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found C:\Program Files\MapsGalaxy_39EI
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\OApps
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\PIP
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [2829 octets] - [11/10/2013 14:35:53]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2889 octets] ##########
and the second log:
# AdwCleaner v3.007 - Report created 11/10/2013 at 14:37:53
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Admin - ADFL
# Running from : C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Program Files\MapsGalaxy_39EI
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Documents and Settings\Admin\Local Settings\Application Data\Zoom_Downloader
Folder Deleted : C:\Documents and Settings\Admin\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Admin\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Admin\Application Data\registry mechanic
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7825CFB6-490A-436B-9F26-4A7B5CFC01A9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [2969 octets] - [11/10/2013 14:35:53]
AdwCleaner[S0].txt - [2917 octets] - [11/10/2013 14:37:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2977 octets] ##########
It also produced a quarantine folder.
JRT log :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Admin on 11/10/2013 at 15:11:11.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/10/2013 at 15:21:01.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logs as follows:
OTL logfile created on: 11/10/2013 15:26:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
767.29 Mb Total Physical Memory | 409.88 Mb Available Physical Memory | 53.42% Memory free
1.83 Gb Paging File | 1.51 Gb Available in Paging File | 82.38% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 85.33 Gb Free Space | 57.27% Space Free | Partition Type: NTFS
Drive E: | 197.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.04 Gb Total Space | 395.24 Gb Free Space | 84.99% Space Free | Partition Type: FAT32
Computer Name: ADFL | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/10/11 15:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2013/08/30 08:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/30 08:47:31 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/06/26 08:31:34 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/02/21 07:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
PRC - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) -- C:\WINDOWS\system32\escsvc.exe
PRC - [2011/10/31 14:25:08 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 13:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2005/01/27 06:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABE.EXE
PRC - [2004/02/19 04:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE
========== Modules (No Company Name) ==========
MOD - [2013/10/10 15:14:26 | 002,105,344 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13101001\algo.dll
MOD - [2013/04/21 21:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 21:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV - [2013/10/09 23:44:43 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 08:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/08/30 08:47:31 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/07/18 16:49:42 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/26 08:31:34 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/02/21 07:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2011/12/12 00:00:00 | 000,122,000 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2004/02/19 04:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(ZyDAS)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\TrueSight.sys -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - File not found [File_System | Auto | Stopped] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/08/30 08:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 08:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 08:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 08:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 08:48:12 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013/08/30 08:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 08:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 08:48:11 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswFW.sys -- (aswFW)
DRV - [2013/08/30 08:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 08:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/08/30 08:48:11 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013/08/28 13:20:31 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/07/17 10:17:56 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2013/05/07 12:09:58 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2013/03/29 21:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/07/18 11:58:14 | 001,621,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.adriveforlife.com/
IE - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\..\SearchScopes,DefaultScope = {BA5C1C14-C0F9-4FCA-8D44-FD4C34C7C8A1}
IE - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search
IE - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\..\SearchScopes\{BA5C1C14-C0F9-4FCA-8D44-FD4C34C7C8A1}: "URL" =
http://www.google.com/search?q={sea...ource}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
O1 HOSTS File: ([2013/10/04 15:45:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus D88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [UpdatePPShortCut] F:\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2010738837-1852118501-2257850180-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1365588660463 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1365694060937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1FC354C-E5C6-4F4E-AEA2-A3293F358B66}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/02 13:33:10 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/16 20:25:54 | 000,000,091 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/10/11 15:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/10/11 15:10:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/11 15:06:45 | 001,032,220 | ---- | C] (Thisisu) -- C:\Documents and Settings\Admin\Desktop\JRT.exe
[2013/10/11 14:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\AdwCleaner
[2013/10/10 23:43:20 | 005,131,844 | R--- | C] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2013/10/09 23:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/10/09 09:43:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\mbar
[2013/10/08 15:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\RK_Quarantine
[2013/10/07 01:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2013/10/07 01:13:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/10/06 21:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\NPE
[2013/10/06 21:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/10/05 13:48:30 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/10/05 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Premier
[2013/10/05 13:22:59 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/10/05 13:22:57 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/10/05 13:21:39 | 000,204,784 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2013/10/05 13:21:38 | 000,104,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2013/10/05 13:21:38 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/10/05 13:21:37 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/10/05 13:21:36 | 000,021,576 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2013/10/05 13:21:34 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/10/05 13:21:28 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/10/05 13:21:14 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/10/05 13:12:24 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2013/10/05 13:12:10 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/10/05 13:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/05 13:00:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/10/04 15:19:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/10/04 15:16:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/04 15:16:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/04 15:16:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/04 15:16:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/04 15:11:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/04 15:09:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/04 12:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/10/04 12:08:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2013/10/04 12:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/10/04 12:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Desktop\caraiphone
[2013/10/04 12:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/10/04 11:23:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS
[2013/10/04 11:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2013/10/04 11:22:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\FixItCenter
[2013/10/03 23:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2013/10/03 23:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2 C:\Documents and Settings\Admin\My Documents\*.tmp files -> C:\Documents and Settings\Admin\My Documents\*.tmp -> ]
[17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/10/11 15:25:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2013/10/11 15:06:59 | 001,032,220 | ---- | M] (Thisisu) -- C:\Documents and Settings\Admin\Desktop\JRT.exe
[2013/10/11 14:55:10 | 000,000,362 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/10/11 14:45:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/11 14:42:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/11 14:34:53 | 001,048,960 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2013/10/11 14:32:45 | 000,002,980 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/10/11 14:29:34 | 000,899,584 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\MicrosoftFixit50535.msi
[2013/10/11 00:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/10 23:43:27 | 005,131,844 | R--- | M] (Swearware) -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2013/10/06 22:06:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/10/05 13:23:03 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Premier.lnk
[2013/10/05 13:21:28 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/10/05 09:35:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/05 01:32:04 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/04 15:45:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/10/04 14:04:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/10/04 13:20:42 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/10/03 03:45:32 | 000,181,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/03 03:24:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2 C:\Documents and Settings\Admin\My Documents\*.tmp files -> C:\Documents and Settings\Admin\My Documents\*.tmp -> ]
[17 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/10/11 14:34:50 | 001,048,960 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\adwcleaner.exe
[2013/10/11 14:29:15 | 000,899,584 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\MicrosoftFixit50535.msi
[2013/10/05 13:23:03 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Premier.lnk
[2013/10/05 13:21:33 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/10/05 13:21:33 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/10/05 13:21:26 | 000,000,362 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/10/04 16:04:54 | 000,002,980 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/10/04 15:19:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/10/04 15:19:19 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/10/04 15:16:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/04 15:16:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/04 15:16:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/04 15:16:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/04 15:16:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/10/04 13:20:24 | 000,001,702 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/10/03 03:22:38 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/08/28 16:24:22 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/08/28 13:20:30 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/06/17 17:44:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/06/12 13:11:38 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2013/05/23 10:07:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/07 16:39:37 | 000,000,035 | ---- | C] () -- C:\WINDOWS\DecoCon2.INI
[2013/05/07 12:09:58 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2013/05/03 09:30:47 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2013/04/29 13:19:00 | 000,160,187 | ---- | C] () -- C:\WINDOWS\Sqirlz Morph Uninstaller.exe
[2013/04/29 13:14:50 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2013/04/26 19:23:28 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/26 19:14:22 | 000,009,569 | ---- | C] () -- C:\WINDOWS\DecoCon.INI
[2013/04/10 11:51:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/04/09 21:47:15 | 000,000,050 | ---- | C] () -- C:\WINDOWS\commercial.ini
[2013/04/09 21:44:42 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2013/04/09 21:37:09 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2013/04/09 21:36:40 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
========== ZeroAccess Check ==========
[2006/08/02 13:28:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/21 20:06:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/04/29 13:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Acoustica
[2013/04/10 17:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Avocent AdminWorks
[2013/05/08 21:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ElevatedDiagnostics
[2013/06/25 12:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Epson
[2013/08/25 10:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Foresight Software
[2013/05/08 11:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Lexmark Productivity Studio
[2013/08/25 10:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Product_RM
[2013/05/08 18:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
[2013/05/08 21:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Search
[2013/10/04 12:04:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/05 13:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/04/10 17:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avocent AdminWorks
[2013/06/25 12:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/08/25 10:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Foresight Software
[2013/05/09 06:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/10/04 11:16:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
========== Purity Check ==========
< End of report >