Solved Infected with apype browser hacker virus

[vicky279]

I am infected with a browser hacker virus for a day now. It probably came from a software called YuoTubeDownloader. I cannot uninstall it and I also have an extention in firefox called YuoTubeDownloader 3.0.0.0. I cannot disable it either. It re-enables itself after I start firefox the next time after I 'Restart now' when I disable it. I have scanned my computer with Bitdefender Internet Security 2011 but it didn't find any viruses. I also have a free version of MalwareBytes AntiMalware but it didn't catch any viruses either. I had even updated both the softwares before scanning. I don't know what to do. I don't want any information to be compromised from my computer. I am using Windows 7 Professional 32-bit version. Please help!

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[vicky279]

Thanks a lot for replying. Sorry for writing 'please help' in the topic name. Out of frustration I had searched on google for tools to remove this malware and I came across a malware remover called PC Tools so I downloaded, installed and used it but my browser was still affected so I uninstalled it. I didn't uninstall my current antivirus Bitdefender Internet Security 2011 though. I also scanned my pc with regclean pro after I uninstalled it. I apologize for doing so but I didn't know I was not allowed to make changes to my computer before the malware was removed. My system restore is disabled for all drives so its useless. I am posting all the log results as asked. I performed all the scans as described. Here are the results
(I have removed the programs list from Attach log of DDS but I can provide it if its very important)

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 03:40:30
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Vicky - VICKY-PC
# Boot Mode : Normal
# Running from : C:\Users\Vicky\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Vicky\AppData\Local\Temp\Uninstall.exe
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\House\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\House\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Vicky\AppData\Local\APN
Folder Found : C:\Users\Vicky\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Vicky\AppData\Local\Temp\TempDir
Folder Found : C:\Users\Vicky\AppData\Local\TempDir
Folder Found : C:\Users\Vicky\AppData\LocalLow\Conduit
Folder Found : C:\Users\Vicky\AppData\Roaming\OpenCandy
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Found : C:\Windows\system32\TempDir

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\Software\GamePlayLabs
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKU\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\House\AppData\Roaming\Mozilla\Firefox\Profiles\asu9wrvh.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://in.search.yahoo.com/search?fr=greentre[...]

*************************

AdwCleaner[R1].txt - [3208 octets] - [19/09/2012 03:40:30]

########## EOF - C:\AdwCleaner[R1].txt - [3268 octets] ##########




Malwarebytes Log

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.18.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Vicky :: VICKY-PC [administrator]

19-Sep-12 3:01:53 AM
mbam-log-2012-09-19 (03-01-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 263279
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-09-19 03:22:06
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD2500AAJS-07M0A0 rev.01.03E01
Running: szpxx73d.exe; Driver: C:\Users\Vicky\AppData\Local\Temp\fgloypoc.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 856701E8
Device \Driver\atapi \Device\Ide\IdePort1 856701E8
Device \Driver\atapi \Device\Ide\IdePort2 856701E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 856701E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-5 856701E8
Device \Driver\a04vod8m \Device\Scsi\a04vod8m1 8699D430
Device \Driver\a04vod8m \Device\Scsi\a04vod8m1Port4Path0Target0Lun0 8699D430
Device \FileSystem\Ntfs \Ntfs 856721E8

---- EOF - GMER 1.0.15 ----




DDS Logs


DDS Log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Vicky at 3:23:17 on 2012-09-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2046 [GMT 5.5:30]
.
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Process Lasso\processlasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Chameleon Folder 2\chfolder.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\ElectraSoft\mbc\MBC.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://apype.com
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mDefault_Page_URL = hxxp://in.yahoo.com/?fr=fp-spt_gen
uURLSearchHooks: H - No File
uURLSearchHooks: YuoTubeDownloader: {3d175337-41e3-48eb-a754-493577f658b9} - c:\windows\system32\YuoTubeDownloader.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {0E7B5242-346E-652E-0A16-3BF61F895702} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: YuoTubeDownloader: {3d175337-41e3-48eb-a754-493577f658b9} - c:\windows\system32\YuoTubeDownloader.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 10\Mm8InternetExplorer.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\idm\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2011\IEToolbar.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: YuoTubeDownloader: {3d175337-41e3-48eb-a754-493577f658b9} - c:\windows\system32\YuoTubeDownloader.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Chameleon Folder] c:\program files\chameleon folder 2\chfolder.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2011\ieshow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2011\bdagent.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Reasonable NoClone]
StartupFolder: c:\users\vicky\appdata\roaming\micros~1\windows\startm~1\programs\startup\mouseb~1.lnk - c:\program files\electrasoft\mbc\MBC.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE:
IE: Add to Link Commander collection
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send Image To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - e:\vicky\installed\mindjet mindmanager\Mm8InternetExplorer.dll/202
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 10\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D} : NameServer = 59.185.0.23,59.185.0.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - e:\vicky\installed\mindjet mindmanager\sys\MmInternetExplorerActiveSetup.vbs
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\vicky\appdata\roaming\mozilla\firefox\profiles\fhijf7ns.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.gigabase.ru/search?clid=1&q=
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\vicky\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\vicky\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\vicky\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\vicky\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\vicky\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.defaulturl - hxxp://www.gigabase.ru/search?clid=1&q=
FF - user.js: keyword.URL - hxxp://www.gigabase.ru/search?clid=1&q=
.
============= SERVICES / DRIVERS ===============
.
R0 FancyRd;Primo Ramdisk Controller;c:\windows\system32\drivers\fancyrd.sys [2012-9-17 158144]
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-8-20 72784]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2010-8-20 88144]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\ashampoo\ashampoo hdd control 2\AHDDC2_Service.exe [2012-9-17 1518504]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-6-27 2310544]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2012-3-5 845640]
R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\comodo\icedragon\icedragon_updater.exe [2012-9-10 446664]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2012-5-25 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-6-14 1262400]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-9-17 2754984]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2011\updatesrv.exe [2011-12-26 43936]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2012-2-29 6852]
R3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2010-5-13 152528]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-29 242240]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2012-1-26 24848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2012-6-14 148800]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2012-5-24 31848]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-6-9 414824]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2012-9-17 25088]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-3-11 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-3-11 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-3-11 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-3-11 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-3-11 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-4-30 104872]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\wcmvcam.sys [2011-6-23 1068216]
S3 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2010-11-29 535824]
S3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2010-11-29 1066232]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo hdd control 2\DfSdkS.exe [2012-9-17 406016]
S3 ExpressAccountsService;Express Accounts;c:\program files\nch software\expressaccounts\expressaccounts.exe [2012-6-27 3081220]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2012-1-26 249856]
S3 Media Center 17 Service;Media Center 17 Service;c:\program files\j river\media center 17\JRService.exe [2012-9-17 394920]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys [2012-1-25 39048]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-12-26 27192]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2012-5-24 31848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-12-26 52224]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2010-11-30 307544]
S4 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
.
=============== Created Last 30 ================
.
2012-09-18 16:51:26 -------- d-----w- c:\users\vicky\appdata\roaming\PC Tools
2012-09-18 14:33:02 -------- d-----w- c:\users\vicky\appdata\local\Threat Expert
2012-09-18 07:51:03 767960 ----a-w- c:\windows\BDTSupport.dll0947.old
2012-09-18 07:51:02 2267096 ----a-w- c:\windows\PCTBDCore.dll0947.old
2012-09-18 07:51:02 149464 ----a-w- c:\windows\SGDetectionTool.dll0947.old
2012-09-18 07:50:00 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-09-18 07:49:46 -------- d-----w- c:\program files\PC Tools
2012-09-18 07:15:46 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-18 07:15:46 -------- d-----w- c:\program files\common files\PC Tools
2012-09-18 07:14:24 -------- d-----w- c:\programdata\PC Tools
2012-09-18 07:14:23 -------- d-----w- c:\users\vicky\appdata\roaming\TestApp
2012-09-18 05:43:12 -------- d-----w- c:\program files\Mindjet
2012-09-17 17:58:50 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-09-17 17:58:50 -------- d-----w- c:\program files\TeamViewer
2012-09-17 17:55:44 -------- d-----w- c:\users\vicky\appdata\roaming\calibre
2012-09-17 17:55:29 -------- d-----w- c:\program files\Calibre2
2012-09-17 17:52:54 -------- d-----w- c:\program files\FrostWire 5
2012-09-17 17:43:26 -------- d-----w- c:\users\vicky\appdata\local\Usmania_Code
2012-09-17 17:43:19 -------- d-----w- c:\programdata\Usmania Code
2012-09-17 17:43:03 -------- d-----w- c:\program files\Usmania Code
2012-09-17 17:43:02 -------- d--h--r- C:\AHCache
2012-09-17 17:42:09 -------- d-----w- c:\program files\Throttle
2012-09-17 17:26:53 -------- d-----w- c:\users\vicky\appdata\roaming\SurfAnonymousFree
2012-09-17 17:26:53 -------- d-----w- c:\programdata\SurfAnonymousFree
2012-09-17 17:25:53 -------- d-----w- c:\program files\CalcTape
2012-09-17 17:22:50 -------- d-----w- c:\users\vicky\appdata\local\DeskShare
2012-09-17 17:22:35 -------- d-----w- c:\programdata\firebird
2012-09-17 17:22:34 -------- d-----w- c:\users\vicky\appdata\local\DeskShare Data
2012-09-17 17:22:32 -------- d-----w- c:\programdata\Deskshare
2012-09-17 17:22:26 -------- d-----w- c:\users\vicky\appdata\local\Spoon
2012-09-17 17:22:23 -------- d-----w- c:\program files\Deskshare
2012-09-17 17:19:07 538544 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
2012-09-17 17:19:07 1791920 ----a-w- c:\windows\system32\Codejock.Controls.v13.1.0.ocx
2012-09-17 17:19:07 1226672 ----a-w- c:\windows\system32\Codejock.ReportControl.v13.1.0.ocx
2012-09-17 17:19:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-09-17 17:19:06 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-09-17 17:19:06 2320304 ----a-w- c:\windows\system32\Codejock.CommandBars.v13.1.0.ocx
2012-09-17 17:19:05 -------- d-----w- c:\program files\Reminder Commander
2012-09-17 17:17:53 19392 ----a-w- c:\windows\system32\drivers\rxbsknl.sys
2012-09-17 17:17:53 158144 ----a-w- c:\windows\system32\drivers\fancyrd.sys
2012-09-17 17:17:52 -------- d-----w- c:\program files\Primo Ramdisk Ultimate Edition
2012-09-17 17:15:29 -------- d-----w- c:\program files\Photo Stamp Remover
2012-09-17 17:14:03 -------- d-----w- c:\program files\YuoTubeDownloader
2012-09-17 17:10:59 -------- d-----w- C:\mbc
2012-09-17 17:09:21 -------- d-----w- c:\program files\RobotSoft
2012-09-17 17:08:31 -------- d-----w- c:\program files\mirabyte
2012-09-17 17:07:05 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2012-09-17 17:06:37 -------- d-----w- c:\programdata\Mindjet
2012-09-17 17:05:28 -------- d-----w- c:\users\vicky\appdata\local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
2012-09-17 17:02:45 -------- d-----w- c:\users\vicky\appdata\roaming\Maxprog
2012-09-17 17:02:35 -------- d-----w- c:\program files\eMail Extractor
2012-09-17 17:01:18 -------- d-----w- c:\users\vicky\appdata\roaming\CommonDataMSI
2012-09-17 17:01:14 -------- d-----w- c:\users\vicky\appdata\roaming\Iconico
2012-09-17 17:01:13 -------- d-----w- c:\program files\LineReader
2012-09-17 17:00:24 -------- d-----w- c:\users\vicky\appdata\roaming\MyPhoneExplorer
2012-09-17 17:00:18 -------- d-----w- c:\program files\MyPhoneExplorer
2012-09-17 16:52:22 -------- d-----w- c:\program files\GtkSharp
2012-09-17 16:52:12 -------- d-----w- c:\program files\Kepard
2012-09-17 16:50:53 -------- d-----w- c:\program files\ChordWizard
2012-09-17 16:00:00 381608 ------w- c:\windows\system32\MC17.exe
2012-09-17 15:59:59 76 ----a-w- c:\windows\system32\netjr32.dll
2012-09-17 15:59:59 585728 ------w- c:\windows\system32\AReadyLB.dll
2012-09-17 15:59:59 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2012-09-17 15:59:58 -------- d-----w- c:\program files\J River
2012-09-17 15:59:41 -------- d-----w- c:\users\vicky\appdata\roaming\J River
2012-09-17 15:55:48 -------- d-----w- c:\programdata\Mirolit
2012-09-17 15:55:47 -------- d-----w- c:\program files\Mirolit
2012-09-17 15:53:34 -------- d-----w- c:\program files\Geometry Expressions v3.0
2012-09-17 15:51:01 -------- d-----w- c:\program files\common files\System-G
2012-09-17 15:51:00 -------- d-----w- c:\program files\Gammadyne Mailer
2012-09-17 15:49:52 -------- d-----w- c:\program files\ThunderSoft
2012-09-17 15:47:49 -------- d-----w- c:\program files\DreamCalc DC4P
2012-09-17 15:46:34 -------- d-----w- c:\users\vicky\appdata\roaming\DiskSpaceFan
2012-09-17 15:46:29 -------- d-----w- c:\program files\Cookapp
2012-09-17 15:44:59 -------- d-----w- c:\users\vicky\appdata\roaming\Direct Folders
2012-09-17 15:44:32 -------- d-----w- c:\program files\Direct Folders
2012-09-17 15:37:15 -------- d-----w- c:\program files\BitTorrent Ultra Accelerator
2012-09-17 15:35:33 -------- d-----w- c:\program files\Tint Guide
2012-09-17 15:35:32 -------- d-----w- c:\program files\Beauty Guide
2012-09-17 15:31:08 -------- d-----w- c:\users\vicky\appdata\roaming\Scooter Software
2012-09-17 15:31:01 -------- d-----w- c:\program files\Beyond Compare 3
2012-09-17 15:21:49 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2012-09-17 15:21:44 -------- d-----w- c:\program files\Ashampoo
2012-09-17 15:19:04 -------- d-----w- c:\users\vicky\appdata\roaming\Writer's Cafe 2
2012-09-17 15:18:14 -------- d-----w- c:\program files\Writer's Cafe 2
2012-09-17 15:16:55 -------- d-----w- c:\program files\Acmework
2012-09-13 12:02:30 -------- d-----w- c:\program files\Office 2010 Trial Extender
2012-09-05 11:10:10 446464 ----a-w- c:\windows\system32\YuoTubeDownloader.dll
2012-09-04 22:59:25 -------- d-----w- c:\users\vicky\appdata\local\Apple Computer
2012-09-03 08:13:46 -------- d-----w- c:\program files\RocketDock
2012-09-03 06:51:02 3405312 ----a-w- c:\windows\system32\xpsrchvw.exe
2012-09-03 06:51:01 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2012-09-03 06:51:00 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2012-09-02 06:21:39 -------- d-----w- c:\users\vicky\appdata\roaming\Rovio
2012-09-01 08:05:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 07:46:38 -------- d-----w- c:\programdata\ProcessLasso
2012-08-30 07:45:47 -------- d-----w- c:\users\vicky\appdata\roaming\ProcessLasso
2012-08-30 07:45:46 -------- d-----w- c:\program files\Process Lasso
2012-08-30 07:05:19 -------- d-----w- c:\users\vicky\appdata\roaming\Wise Disk Cleaner
.
==================== Find3M ====================
.
2012-09-01 08:05:23 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 08:05:23 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 07:41:20 2256 ----a-w- c:\windows\system32\ASOROSet.bin
2012-08-22 18:01:43 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 18:01:43 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-17 19:20:33 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-07-20 06:37:48 34308 ----a-w- c:\windows\system32\LB603.dll
2012-07-20 06:36:58 157696 ----a-w- c:\windows\system32\asxtract.dll
2012-07-20 06:36:58 136008 ----a-w- c:\windows\system32\MSINET.Ocx
2012-07-14 07:30:49 4024320 ----a-w- c:\program files\GUT1A06.tmp
2012-07-13 12:17:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-13 12:17:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-12 09:28:24 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-07-12 08:45:01 233888 ----a-w- c:\windows\system32\DreamScene.dll.2086
2012-07-03 08:16:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 14:29:47 34308 ----a-w- c:\programdata\mazuki.dll
2012-06-27 10:53:09 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-06-27 10:53:07 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-06-27 10:53:06 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-07-08 05:07:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe
.
============= FINISH: 3:24:10.33 ===============


Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 15-Dec-11 12:07:28 PM
System Uptime: 19-Sep-12 2:52:09 AM (1 hours ago)
.
Motherboard: MAXTONE | | 945GC(HIS)
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | CPU 1 | 2203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 54 GiB total, 8.175 GiB free.
D: is FIXED (NTFS) - 90 GiB total, 24.519 GiB free.
E: is FIXED (NTFS) - 59 GiB total, 7.027 GiB free.
F: is FIXED (NTFS) - 31 GiB total, 9.544 GiB free.
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
I have quite many installed programs so I cut out this part but I can post the whole thing if you ask

==== Event Viewer Messages From Past Week ========
.
19-Sep-12 2:52:57 AM, Error: Service Control Manager [7000] - The WebcamMax, WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18-Sep-12 10:19:46 PM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
18-Sep-12 1:22:49 PM, Error: PCTCore [280] -
17-Sep-12 8:52:26 PM, Error: Service Control Manager [7034] - The Ashampoo HDD Control 2 Service service terminated unexpectedly. It has done this 1 time(s).
17-Sep-12 10:12:41 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
17-Sep-12 10:11:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
17-Sep-12 10:10:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
17-Sep-12 10:10:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17-Sep-12 10:10:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf bdfsfltr bdfwfpf CSC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17-Sep-12 10:10:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
17-Sep-12 10:10:26 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
17-Sep-12 10:08:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdfsfltr spldr
17-Sep-12 10:08:30 PM, Error: Service Control Manager [7000] - The bdfm service failed to start due to the following error: A device attached to the system is not functioning.
17-Sep-12 10:08:24 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
17-Sep-12 10:08:24 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
14-Sep-12 7:08:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================

 

[Jay Pfoutz]

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[vicky279]

Thanks for replying. I downloaded AdwCleaner and did as you said. The log was as below. It asked me to restart the computer before the log could be created so I clicked ok. Then I downloaded ComboFix but it didn't ask me for its filename to be saved. Also this virus has deleted all my extension settings and firefox settings so now it automatically downloads to the Downloads folder. So is it alright if I cut paste this file to the desktop then rename and then follow the procedure mentioned?

AdwCleaner log

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 22:58:49
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Vicky - VICKY-PC
# Boot Mode : Normal
# Running from : C:\Users\Vicky\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Vicky\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\House\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\House\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Vicky\AppData\Local\APN
Folder Deleted : C:\Users\Vicky\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Vicky\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\Vicky\AppData\Local\TempDir
Folder Deleted : C:\Users\Vicky\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Vicky\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\Windows\system32\TempDir

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\Software\GamePlayLabs
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-499340394-4099650204-2415665824-1005\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\prefs.js

C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\House\AppData\Roaming\Mozilla\Firefox\Profiles\asu9wrvh.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://in.search.yahoo.com/search?fr=greentre[...]

*************************

AdwCleaner[R1].txt - [3337 octets] - [19/09/2012 03:40:30]
AdwCleaner[S1].txt - [3826 octets] - [19/09/2012 22:58:49]

########## EOF - C:\AdwCleaner[S1].txt - [3886 octets] ##########

 

[vicky279]

Okay I downloaded Combofix to the Downloads folder then put it on the desktop, renamed it svchost.exe and then ran it. I had disabled my AV Bitdefender Internet Security 2011 as much as possible before running ComboFix. Although it said it would take about 10-20 minutes only, the process was very slow. Though I have a snappy computer, It took 11 hours to reach Completed stage 48 and it was stuck there so I decided to run it in safe mode. I have tried pressing F8 key in the past for going into safe mode but it somehow doesn't work for me due to my mobo probably so I use msconfig to get into safe mode by changing boot settings to Safe boot - minimal. After my pc booted into safe mode, I ran ComboFix and it took almost just 10-12 minutes to complete all the stages. Then it rebooted the computer itself. When it rebooted into safe mode again, the log appeared. Then I tried to go to msconfig again to change the boot settings to normal but it said something like msconfig is set for deletion and I wasn't able to open it. So I did a restart after which I was able to get into msconfig and able to select normal boot again. After restarting again, there was no network so I restarted my pc once again and after this restart I got back my internet(atleast the icon showed). I pulled the power plug on my modem thinking I would change the homepage that would still be there so that after connecting to the internet I wouldn't be taken to that malicious page apype dot com and starwebsearch dot com again. So I changed the homepage to google.com and closed the browser. Then I reconnected the modem's power and when it showed I had network access, I started firefox. But it still opened the horror page. When the infection was new, it used to give me wrong suggestions everywhere and do many other things but now only my homepage is reversed to that site again and again. Even my searchbar engine does not change like it used to get changed just like my homepage. It stays on google These good changes happened when I used PC Tools. So would just a fresh install of firefox be enough for deleting this virus? The logs of the ComboFix scan are as follows. Thanks again for helping.

ComboFix 12-09-18.07 - Vicky 20-Sep-12 10:48:26.2.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2341 [GMT 5.5:30]
Running from: c:\users\Vicky\Desktop\svchost.exe.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\mazuki.dll
c:\users\Vicky\AppData\Local\assembly\tmp
c:\users\Vicky\AppData\Roaming\FFSJ
c:\users\Vicky\AppData\Roaming\FFSJ\FFSJ.cfg
c:\windows\system32\Config.cfg
c:\windows\system32\DreamScene.dll.2086
c:\windows\system32\netjr32.dll
c:\windows\system32\roboot.exe
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VCS
-------\Service_Vcs
.
.
((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
.
.
2012-09-20 05:28 . 2012-09-20 05:30 -------- d-----w- c:\users\Vicky\AppData\Local\temp
2012-09-20 05:28 . 2012-09-20 05:28 -------- d-----w- c:\users\UpdatusUser.Vicky-PC\AppData\Local\temp
2012-09-19 17:33 . 2012-09-19 17:33 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-09-19 17:33 . 2012-09-19 17:33 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-09-19 17:33 . 2012-09-19 17:33 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-09-19 17:33 . 2012-09-19 17:33 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-09-19 17:33 . 2012-09-19 17:33 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-09-19 17:33 . 2012-09-19 17:33 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-09-19 17:33 . 2012-09-19 17:33 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-09-19 17:33 . 2012-09-19 17:33 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-09-19 17:33 . 2012-09-19 17:33 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-09-19 17:33 . 2012-09-19 17:33 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-09-19 17:33 . 2012-09-19 17:33 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-09-19 17:32 . 2012-09-19 17:32 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-09-19 17:32 . 2012-09-19 17:32 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-09-19 17:32 . 2012-09-19 17:32 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-09-19 17:32 . 2012-09-19 17:32 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-09-19 17:32 . 2012-09-19 17:32 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-09-19 17:32 . 2012-09-19 17:32 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-09-18 16:51 . 2012-09-18 16:51 -------- d-----w- c:\users\Vicky\AppData\Roaming\PC Tools
2012-09-18 14:33 . 2012-09-18 14:33 -------- d-----w- c:\users\Vicky\AppData\Local\Threat Expert
2012-09-18 07:51 . 2012-06-22 06:08 767960 ----a-w- c:\windows\BDTSupport.dll0947.old
2012-09-18 07:51 . 2012-06-22 06:09 149464 ----a-w- c:\windows\SGDetectionTool.dll0947.old
2012-09-18 07:51 . 2012-06-22 06:09 2267096 ----a-w- c:\windows\PCTBDCore.dll0947.old
2012-09-18 07:50 . 2012-06-22 10:03 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-09-18 07:49 . 2012-09-18 07:49 -------- d-----w- c:\program files\PC Tools
2012-09-18 07:15 . 2012-09-18 21:17 -------- d-----w- c:\program files\Common Files\PC Tools
2012-09-18 07:15 . 2012-06-22 10:04 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-18 07:14 . 2012-09-18 21:15 -------- d-----w- c:\programdata\PC Tools
2012-09-18 07:14 . 2012-09-18 07:14 -------- d-----w- c:\users\Vicky\AppData\Roaming\TestApp
2012-09-18 05:43 . 2012-09-18 05:43 -------- d-----w- c:\program files\Mindjet
2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\program files\TeamViewer
2012-09-17 17:58 . 2012-08-07 10:36 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-09-17 17:55 . 2012-09-17 17:56 -------- d-----w- c:\users\Vicky\AppData\Roaming\calibre
2012-09-17 17:55 . 2012-09-17 17:55 -------- d-----w- c:\program files\Calibre2
2012-09-17 17:52 . 2012-09-17 17:53 -------- d-----w- c:\program files\FrostWire 5
2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----w- c:\users\Vicky\AppData\Local\Usmania_Code
2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----w- c:\programdata\Usmania Code
2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----w- c:\program files\Usmania Code
2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----r- C:\AHCache
2012-09-17 17:42 . 2012-09-17 17:42 -------- d-----w- c:\program files\Throttle
2012-09-17 17:26 . 2012-09-17 17:36 -------- d-----w- c:\users\Vicky\AppData\Roaming\SurfAnonymousFree
2012-09-17 17:26 . 2012-09-17 17:36 -------- d-----w- c:\programdata\SurfAnonymousFree
2012-09-17 17:25 . 2012-09-17 17:25 -------- d-----w- c:\program files\CalcTape
2012-09-17 17:22 . 2012-09-17 17:36 -------- d-----w- c:\users\Vicky\AppData\Local\DeskShare
2012-09-17 17:22 . 2012-09-17 17:25 -------- d-----w- c:\programdata\firebird
2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\users\Vicky\AppData\Local\DeskShare Data
2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\programdata\Deskshare
2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\users\Vicky\AppData\Local\Spoon
2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\program files\Deskshare
2012-09-17 17:19 . 2009-06-16 06:06 1226672 ----a-w- c:\windows\system32\Codejock.ReportControl.v13.1.0.ocx
2012-09-17 17:19 . 2009-06-16 05:05 1791920 ----a-w- c:\windows\system32\Codejock.Controls.v13.1.0.ocx
2012-09-17 17:19 . 2008-08-22 02:05 538544 ----a-w- c:\windows\system32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
2012-09-17 17:19 . 2009-06-16 05:05 2320304 ----a-w- c:\windows\system32\Codejock.CommandBars.v13.1.0.ocx
2012-09-17 17:19 . 2004-03-08 18:30 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2012-09-17 17:19 . 1998-06-17 19:30 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-09-17 17:19 . 2012-09-17 17:19 -------- d-----w- c:\program files\Reminder Commander
2012-09-17 17:17 . 2012-06-24 09:08 158144 ----a-w- c:\windows\system32\drivers\fancyrd.sys
2012-09-17 17:17 . 2012-04-18 11:42 19392 ----a-w- c:\windows\system32\drivers\rxbsknl.sys
2012-09-17 17:17 . 2012-09-17 21:34 -------- d-----w- c:\program files\Primo Ramdisk Ultimate Edition
2012-09-17 17:15 . 2012-09-17 17:15 -------- d-----w- c:\program files\Photo Stamp Remover
2012-09-17 17:10 . 2012-09-17 17:10 -------- d-----w- C:\mbc
2012-09-17 17:09 . 2012-09-17 17:09 -------- d-----w- c:\program files\RobotSoft
2012-09-17 17:08 . 2012-09-17 17:08 -------- d-----w- c:\program files\mirabyte
2012-09-17 17:07 . 2006-01-30 03:02 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2012-09-17 17:06 . 2012-09-17 17:06 -------- d-----w- c:\programdata\Mindjet
2012-09-17 17:05 . 2012-09-17 17:05 -------- d-----w- c:\users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
2012-09-17 17:02 . 2012-09-17 17:02 -------- d-----w- c:\users\Vicky\AppData\Roaming\Maxprog
2012-09-17 17:02 . 2012-09-17 17:02 -------- d-----w- c:\program files\eMail Extractor
2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\users\Vicky\AppData\Roaming\CommonDataMSI
2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\users\Vicky\AppData\Roaming\Iconico
2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\program files\LineReader
2012-09-17 17:00 . 2012-09-17 17:00 -------- d-----w- c:\users\Vicky\AppData\Roaming\MyPhoneExplorer
2012-09-17 17:00 . 2012-09-17 17:57 -------- d-----w- c:\program files\MyPhoneExplorer
2012-09-17 16:52 . 2012-09-17 16:52 -------- d-----w- c:\program files\GtkSharp
2012-09-17 16:52 . 2012-09-17 16:52 -------- d-----w- c:\program files\Kepard
2012-09-17 16:50 . 2012-09-17 16:50 -------- d-----w- c:\program files\ChordWizard
2012-09-17 16:00 . 2012-08-13 20:07 381608 ------w- c:\windows\system32\MC17.exe
2012-09-17 15:59 . 2012-08-13 16:00 585728 ------w- c:\windows\system32\AReadyLB.dll
2012-09-17 15:59 . 2012-08-13 16:00 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2012-09-17 15:59 . 2012-09-17 15:59 -------- d-----w- c:\program files\J River
2012-09-17 15:59 . 2012-09-17 15:59 -------- d-----w- c:\users\Vicky\AppData\Roaming\J River
2012-09-17 15:55 . 2012-09-17 15:57 -------- d-----w- c:\programdata\Mirolit
2012-09-17 15:55 . 2012-09-17 15:55 -------- d-----w- c:\program files\Mirolit
2012-09-17 15:53 . 2012-09-17 15:53 -------- d-----w- c:\program files\Geometry Expressions v3.0
2012-09-17 15:51 . 2012-09-17 15:51 -------- d-----w- c:\program files\Common Files\System-G
2012-09-17 15:51 . 2012-09-17 16:44 -------- d-----w- c:\program files\Gammadyne Mailer
2012-09-17 15:49 . 2012-09-17 15:49 -------- d-----w- c:\program files\ThunderSoft
2012-09-17 15:47 . 2012-09-17 15:48 -------- d-----w- c:\program files\DreamCalc DC4P
2012-09-17 15:46 . 2012-09-17 15:46 -------- d-----w- c:\users\Vicky\AppData\Roaming\DiskSpaceFan
2012-09-17 15:46 . 2012-09-17 15:46 -------- d-----w- c:\program files\Cookapp
2012-09-17 15:44 . 2012-09-17 15:45 -------- d-----w- c:\users\Vicky\AppData\Roaming\Direct Folders
2012-09-17 15:44 . 2012-09-17 15:44 -------- d-----w- c:\program files\Direct Folders
2012-09-17 15:37 . 2012-09-17 15:38 -------- d-----w- c:\program files\BitTorrent Ultra Accelerator
2012-09-17 15:35 . 2012-09-17 15:35 -------- d-----w- c:\program files\Tint Guide
2012-09-17 15:35 . 2012-09-17 15:35 -------- d-----w- c:\program files\Beauty Guide
2012-09-17 15:31 . 2012-09-17 15:31 -------- d-----w- c:\users\Vicky\AppData\Roaming\Scooter Software
2012-09-17 15:31 . 2012-09-17 15:31 -------- d-----w- c:\program files\Beyond Compare 3
2012-09-17 15:21 . 2009-08-24 16:38 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2012-09-17 15:21 . 2012-09-17 15:21 -------- d-----w- c:\program files\Ashampoo
2012-09-17 15:19 . 2012-09-17 15:19 -------- d-----w- c:\users\Vicky\AppData\Roaming\Writer's Cafe 2
2012-09-17 15:18 . 2012-09-17 15:20 -------- d-----w- c:\program files\Writer's Cafe 2
2012-09-17 15:16 . 2012-09-17 15:16 -------- d-----w- c:\program files\Acmework
2012-09-14 20:59 . 2012-09-14 20:59 -------- d-----w- c:\users\Vicky\AppData\Roaming\dvdcss
2012-09-13 12:02 . 2012-09-13 12:02 -------- d-----w- c:\program files\Office 2010 Trial Extender
2012-09-05 11:10 . 2012-09-05 11:10 446464 ----a-w- c:\windows\system32\YuoTubeDownloader.dll
2012-09-05 08:33 . 2012-09-05 08:33 -------- d-----w- c:\users\House\AppData\Roaming\Design Science
2012-09-04 22:59 . 2012-09-05 18:52 -------- d-----w- c:\users\Vicky\AppData\Local\Apple Computer
2012-09-03 08:13 . 2012-09-03 08:13 -------- d-----w- c:\program files\RocketDock
2012-09-03 06:51 . 2009-07-14 01:14 3405312 ----a-w- c:\windows\system32\xpsrchvw.exe
2012-09-03 06:51 . 2010-11-20 12:17 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-09-03 06:51 . 2010-11-20 12:17 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-09-02 06:21 . 2012-09-02 06:21 -------- d-----w- c:\users\Vicky\AppData\Roaming\Rovio
2012-09-01 08:05 . 2012-09-01 08:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 07:46 . 2012-08-30 07:46 -------- d-----w- c:\programdata\ProcessLasso
2012-08-30 07:45 . 2012-08-30 07:47 -------- d-----w- c:\users\Vicky\AppData\Roaming\ProcessLasso
2012-08-30 07:45 . 2012-08-30 07:53 -------- d-----w- c:\program files\Process Lasso
2012-08-30 07:05 . 2012-08-30 07:06 -------- d-----w- c:\users\Vicky\AppData\Roaming\Wise Disk Cleaner
2012-08-23 13:07 . 2012-08-23 13:07 -------- d-----w- c:\users\House\AppData\Roaming\Comodo
2012-08-23 13:07 . 2012-08-23 13:07 -------- d-----w- c:\users\House\AppData\Local\Comodo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 08:05 . 2012-01-01 17:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 08:05 . 2011-12-16 09:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 18:01 . 2012-04-10 16:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 18:01 . 2011-12-15 11:14 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-17 19:20 . 2012-08-12 15:11 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-07-20 06:37 . 2012-07-20 06:37 34308 ----a-w- c:\windows\system32\LB603.dll
2012-07-20 06:36 . 2012-07-20 06:36 157696 ----a-w- c:\windows\system32\asxtract.dll
2012-07-20 06:36 . 2012-07-20 06:36 136008 ----a-w- c:\windows\system32\MSINET.Ocx
2012-07-14 07:30 . 2012-07-14 07:30 4024320 ----a-w- c:\program files\GUT1A06.tmp
2012-07-13 14:34 . 2012-07-13 14:34 53248 ----a-r- c:\users\Vicky\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-13 12:17 . 2012-01-20 12:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-13 12:17 . 2012-01-20 12:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-12 09:28 . 2012-07-12 08:45 233888 ----a-w- c:\windows\system32\DreamScene.dll
2012-07-03 08:16 . 2011-12-26 16:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 10:53 . 2011-12-26 14:34 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-06-27 10:53 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-06-27 10:53 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-07-08 05:07 . 2010-07-08 05:07 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2012-09-08 07:08 . 2012-09-08 07:08 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{3d175337-41e3-48eb-a754-493577f658b9}"= "c:\windows\system32\YuoTubeDownloader.dll" [2012-09-05 446464]
.
[HKEY_CLASSES_ROOT\clsid\{3d175337-41e3-48eb-a754-493577f658b9}]
[HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD.1]
[HKEY_CLASSES_ROOT\TypeLib\{942926A2-CC3B-4970-9AD6-D9056D197CE6}]
[HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d175337-41e3-48eb-a754-493577f658b9}]
2012-09-05 11:10 446464 ----a-w- c:\windows\System32\YuoTubeDownloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3d175337-41e3-48eb-a754-493577f658b9}"= "c:\windows\system32\YuoTubeDownloader.dll" [2012-09-05 446464]
.
[HKEY_CLASSES_ROOT\clsid\{3d175337-41e3-48eb-a754-493577f658b9}]
[HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD.1]
[HKEY_CLASSES_ROOT\TypeLib\{942926A2-CC3B-4970-9AD6-D9056D197CE6}]
[HKEY_CLASSES_ROOT\ToolBarMFC.DeskBandImplD]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-15 718208]
"Chameleon Folder"="c:\program files\Chameleon Folder 2\chfolder.exe" [2012-03-09 2906112]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-12-26 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-12-26 1451928]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mouse Button Control.lnk - c:\program files\ElectraSoft\mbc\MBC.EXE [2012-9-17 458752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent Ultra Accelerator.lnk
backup=c:\windows\pss\BitTorrent Ultra Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DFX.lnk
backup=c:\windows\pss\DFX.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
backup=c:\windows\pss\MobileGo Service.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkinPackMenu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SkinPackMenu.lnk
backup=c:\windows\pss\SkinPackMenu.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Direct Folders.lnk]
path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Folders.lnk
backup=c:\windows\pss\Direct Folders.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk]
path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk
backup=c:\windows\pss\PersonalBrain.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 15:58 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 04:48 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2010-08-20 04:27 107816 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-04-11 23:08 1163072 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-01 14:32 136176 ----atw- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTurbo]
2012-04-16 08:44 177152 ----a-w- c:\program files\iNTERNET Turbo\ITTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LearnWords Launcher]
2012-03-26 23:18 792576 ----a-w- c:\program files\LearnWords\LearnWords.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService]
2012-07-02 22:55 38288 ----a-w- e:\vicky\Installed\Mindjet MindManager\MmReminderService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 15:26 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-07-13 12:17 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [x]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [x]
R2 IceDragonUpdater;COMODO IceDragon Update Service;c:\program files\Comodo\IceDragon\icedragon_updater.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [x]
R2 VBoxDrv;VBox Support Driver;c:\program files\YouWave_Android\vb\VBoxDrv.sys [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe [x]
R3 ExpressAccountsService;Express Accounts;c:\program files\NCH Software\ExpressAccounts\expressaccounts.exe [x]
R3 GSService;GSService;c:\windows\system32\GSService.exe [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 Media Center 17 Service;Media Center 17 Service;c:\program files\J River\Media Center 17\JRService.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 REN2CAP_DRIVER;Hear;c:\windows\system32\drivers\ren2cap.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
S0 FancyRd;Primo Ramdisk Controller;c:\windows\system32\DRIVERS\fancyrd.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2012-07-02 22:52 1409 ----a-r- e:\vicky\Installed\Mindjet MindManager\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 14:32]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 14:32]
.
2012-09-19 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-01 07:56]
.
2012-09-19 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-01 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
IE:
IE: Add to Link Commander collection
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - e:\vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll/202
TCP: Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 59.185.0.23,59.185.0.50
FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.gigabase.ru/search?clid=1&q=
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{0E7B5242-346E-652E-0A16-3BF61F895702} - (no file)
HKU-Default-Run-Reasonable NoClone - (no file)
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-campaper - c:\program files\campaper\campaper.exe
MSConfigStartUp-RockMelt Update - c:\users\Vicky\AppData\Local\RockMelt\Update\RockMeltUpdate.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
MSConfigStartUp-TAForOE Loader - c:\program files\TextAloud\TAForOELoader.exe
MSConfigStartUp-Video Library - c:\users\Vicky\AppData\Local\Temp\Rpcqt.dll
MSConfigStartUp-YuoTubeDownloader_Helper - c:\program files\YuoTubeDownloader\YuoTubeDownloader_Helper.exe
AddRemove-Key Reminder Commander 4.00 - c:\users\Vicky\Desktop\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c,
3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"=hex:51,66,7a,6c,4c,1d,38,12,f1,24,4e,
ea,29,46,6a,01,e6,5b,85,f6,0f,f0,fe,79
"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,
0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,
98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C08DF07A-3E49-4E25-9AB0-D3882835F153}"=hex:51,66,7a,6c,4c,1d,38,12,14,f3,9e,
c4,7b,70,4b,0b,e5,a6,90,c8,2d,6b,b5,47
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}"=hex:51,66,7a,6c,4c,1d,38,12,95,22,87,
ed,ef,26,9e,05,cb,ba,f4,42,79,f0,6b,0e
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cc,40,94,66,28,f9,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,9e,eb,b9,6a,e6,93,4d,9a,1e,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,9e,eb,b9,6a,e6,93,4d,9a,1e,5c,\
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vrfIyq7KygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8B9462F1-CA22-C48C-8A89-885E3BB03B97}*]
"bbbhmnpdoafdfgaaoflnafbkcbfofhnpegfk"=hex:69,61,66,6d,6f,6a,69,6b,65,6a,6f,6e,
6c,6a,66,6a,6c,70,00,00
"ablhknooeaogpfiemgonfiaghlejoigfed"=hex:6a,61,69,6d,64,6a,6e,6f,6f,67,63,64,
69,62,6e,6b,69,62,6c,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-09-20 11:04:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-20 05:34
.
Pre-Run: 9,461,977,088 bytes free
Post-Run: 9,934,626,816 bytes free
.
- - End Of File - - 90C0275EEF1C15816758A3E7F2045FA8

 

[Jay Pfoutz]

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

• Double-click the Setup file to install it on your computer.
• Once it has installed, review and accept the agreement and press the Start button.
• You will presented with the main interface, but don't scan yet, click the options tab (gear icon):
  
  
• On the Scan Scope tab, make sure to checkmark all the options, except for the CD/DVD drive:
  
  
• On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":
  
  
• Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.
• Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:
  
  
• Then, choose Save. Also, in the Automatic Report tab, select Save:
  
  
• Please post the reports in your next reply.
• Once you exit, the tool should uninstall automatically.

 

[vicky279]

Thanks for elaborately explaining all the steps and sorry for not replying sooner but I had no network. Now when I booted in safe mode, I am getting network. I will tell you in my next reply if I am getting network in normal mode as well and will also post the results of the scan.
Edit:I am getting network now in normal boot as well.

 

[vicky279]

The log is damn too long and it will take over a day for me to post all of it here so I am going to upload it somewhere and post the link to it here

 

[vicky279]

Automatic scan report uploaded (its only text but a big file)
http://rapidgator.net/file/44377785/automatic_report.txt.html

 

[Jay Pfoutz]

For your privacy, I deleted those posts. Sorry that was so long and you spent all that time.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

• Slow computer
• Error messages
• Fake antivirus alerts or the icon in the system tray
• svchost.exe running at 100%
• System crashes or blue screen of death

 

[vicky279]

Thanks a lot for deleting all those posts. I tried to search for a sub-forum where I could request for their deletion but I couldn't find it so I thought I would ask you that after my pc was declared clean. Well about the computer now. In my opinion I am an end used who is pretty well aware of his system. I don't think there are any of the issues you mentioned in my computer. I believe ComboFix behaved very slow in normal mode because of my AV. Even if I totally switch it off, it keeps an eye on suspicious programs and monitors their activity. So that might be the reason for that. I had no network yesterday because of my mistake. I changed my DNS to Comodo's DNS instead of my ISP's so that I would be better protected in the future and also hoped that changing it to Comodo's servers will not load the apype and starwebsearch sites but they still do. And I had not changed the firewall stealth setting of Bitdefender. That caused me to have no network when firewall was on or Bitdefender was running.
Since the infection, there have never been any kind of error messages. My computer was slowing down a little but after PC Tools scanned and deleted many infections and viruses, it was okay. There aren't any fake AV alerts in system tray or in middle of the desktop. Svchost.exe are all running under 60000K. My system idle process is over 80% for most of the time so any other application is not using that much CPU power either. There are no system crashes or bluescreen crashes. Just my browser crashed a couple of times when the wrong suggestions malware was active and took me to some heavy and dangerous websites. So now the only thing bothering is the homepage of mozilla firefox. I have a browser based on firefox called Comodo Icedragon. That one was never affected. IE asked me whether I wanted to install some toolbar and change my homepage which I denied but the homepage was changed though. I changed it back to google and it stayed like that.
I am ready to delete my AV Bitdefender Internet Security 2011 for now if needed as I will be upgrading it to 2013 soon. I will also be doing a fresh install of Firefox but I need the bookmarks backup to be safe so I want it to be free of malicious sites.

 

[Jay Pfoutz]

It's common for web browsers to be infected, because of having extensions or add-ons. From time to time, it can deal with a hidden addon, which without your knowledge could be installed.

Please run AdwCleaner again as above, and post a log. Then, do the following, please:

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  CreateRestorePoint
  %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
  %AppData%\Local\
  %systemroot%\system32\sysprep
  *.xpi /md5
  %systemroot%\Downloaded Program Files\
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\system32\drivers\*.sys /90
  %systemroot%\System32\config\*.sav
  %SYSTEMDRIVE%\*.exe /md5
  "%WinDir%\$NtUninstallKB*$." /30
  %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\Installer\ /s
  %systemroot%\system32\Cache\ /s
  %systemroot%\system32\config\systemprofile\Application Data /s
  %PROGRAMFILES%\*.
  %appdata%\*.*
  /md5start
  volsnap.sys
  services.exe
  userinit.exe
  afd.sys
  tcpip.sys
  netbt.sys
  ipsec.sys
  dnsrslvr.dll
  ipnathlp.dll
  netman.dll
  WMIsvc.dll
  srsvc.dll
  sr.sys
  wscsvc.dll
  wuauserv.dll
  qmgr.dll
  es.dll
  cryptsvc.dll
  svchost.exe
  rpcss.dll
  tdx.sys
  wininit.exe
  winlogon.exe
  atapi.sys
  explorer.exe
  /md5stop
• Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

 

[vicky279]

I have never downloaded or run OTL. Here are the logs. Just so you know I also have another user on this pc. Its only used for surfing the web and the firefox of that user is also affected but I am sure the virus came from this user.

# AdwCleaner v2.002 - Logfile created 09/21/2012 at 20:48:00
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Vicky - VICKY-PC
# Boot Mode : Normal
# Running from : C:\Users\Vicky\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\House\AppData\Roaming\Mozilla\Firefox\Profiles\asu9wrvh.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3337 octets] - [19/09/2012 03:40:30]
AdwCleaner[S1].txt - [3955 octets] - [19/09/2012 22:58:49]
AdwCleaner[S2].txt - [1105 octets] - [21/09/2012 20:48:00]

########## EOF - C:\AdwCleaner[S2].txt - [1165 octets] ##########

 

[vicky279]

OTL Extras logfile created on: 21-Sep-12 8:55:19 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Vicky\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.15% Memory free
5.99 Gb Paging File | 4.95 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.62 Gb Total Space | 9.64 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
Drive D: | 89.63 Gb Total Space | 24.24 Gb Free Space | 27.04% Space Free | Partition Type: NTFS
Drive E: | 58.64 Gb Total Space | 11.67 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive F: | 30.89 Gb Total Space | 9.54 Gb Free Space | 30.90% Space Free | Partition Type: NTFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{61B52D72-8E52-42A2-B7FD-C53C954703AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{9BD758B2-C2CD-49F6-AB94-5FD949D96796}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{A5D84481-0141-4853-9400-6F9EB455F231}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
"{D5E80788-E7D0-41F8-9365-8B884650232B}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF203C5-5AA6-4761-9A04-4466BDD503D5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{1E52F0A4-E2E7-4ECE-BB97-993C1E7BA046}" = protocol=6 | dir=in | app=c:\program files\riptiger\videodownloadapp_rtmp.exe |
"{2042D5B9-4FB2-4D92-8E0A-9B8F0E3F79E1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{233FDADD-CAB8-4DC9-90E2-F6DE7E2BF7B6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2DAED8E1-343F-4DFB-B399-75D7581F0B68}" = protocol=6 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{2E7A0B8B-FF24-46AC-817F-D8B8AF643FB2}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{349DA1D4-D62C-4791-83D2-E90F60FCC3C8}" = protocol=6 | dir=in | app=d:\z\dungeon siege\steam\steam.exe |
"{350B8D1D-8C34-4509-A106-467FEB0E810C}" = protocol=17 | dir=in | app=c:\program files\riptiger\httpdownloaderapp.exe |
"{36AB8EB1-4D2F-496A-B7E9-C043F5D45703}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{457E4078-2C6C-4C1F-811F-5A9676C2BBF8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{498B01CC-BC9C-4A61-8084-BA479D1AB846}" = protocol=17 | dir=in | app=c:\program files\riptiger\videodownloadapp_rtmp.exe |
"{4F125923-B48C-4538-A1DF-F750F2B5BFC1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{4F4FBC18-CAE9-4A92-B538-C1BA1DB2DD8C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{60669B6C-BDD0-4201-A0CB-859740E1254F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{68C90766-0D51-4B2C-90F8-C1BC9E3A92B1}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6E0E34EA-8889-4395-AF26-BF9A06216624}" = dir=in | app=c:\program files\rapidsolution\audials 9\audials.exe |
"{7699BD83-27EF-429D-A07F-9CA76F363901}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7881AA5D-1282-4D6D-9194-3D39CDD6BB93}" = protocol=6 | dir=in | app=c:\program files\gammadyne mailer\gm.exe |
"{7B471D1F-355C-40B3-848E-A06942604D86}" = protocol=6 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{7EBFDF4A-2F98-4032-8042-99E110FBC5C5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8D275BB0-B095-45E7-9A84-373A76751A25}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{907BA857-F8A0-4F7D-AEE0-7B566F5F5A02}" = protocol=17 | dir=in | app=c:\program files\riptiger\rtmpdownloaderapp.exe |
"{90C3F623-2A7B-4C87-9E56-C7A7E0037E87}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9C404D37-21C1-4239-A295-851D4E1F8426}" = protocol=6 | dir=in | app=c:\program files\riptiger\riptiger.exe |
"{A402F9CF-B93F-458A-BA23-8A1731611E85}" = protocol=17 | dir=in | app=d:\z\dungeon siege\steam\steam.exe |
"{B1678D15-4DFE-4A92-8D22-6D816EC39BB5}" = protocol=6 | dir=in | app=c:\program files\riptiger\mmsdownloaderapp.exe |
"{B8322321-DD0C-46A9-8A9A-D60724FC9256}" = protocol=6 | dir=in | app=c:\program files\riptiger\rtmpdownloaderapp.exe |
"{BC7E5BFE-B570-4065-907B-B197212EBAD6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C341EA0D-B925-471E-8791-7A9363A70C7D}" = protocol=17 | dir=in | app=c:\program files\riptiger\mmsdownloaderapp.exe |
"{C41CEB8C-8384-4807-8AC5-11CA1550C1E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C683DF75-30CA-4B8C-BBC4-DC2F7AE15C03}" = protocol=17 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{C99185F0-D955-4F83-9D38-764E157911DA}" = protocol=17 | dir=in | app=c:\users\vicky\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{CAF1A2AD-C373-4AC0-AE32-B81486D1AEF0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{CD18B59A-4BCC-4FB1-8B29-134D7563F30A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CEEF45C9-D180-4FE0-A603-5FEF62089EE0}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{E72880EE-ADDA-4251-896A-F463D9B9C37C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{EA302F70-4F30-4657-B723-30E031F31D85}" = protocol=17 | dir=in | app=c:\program files\gammadyne mailer\gm.exe |
"{EC5DB20D-7423-4FF9-8CDA-D2E0332E6F89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F8549789-4F12-4500-9A92-7253EB18833B}" = protocol=6 | dir=in | app=c:\program files\riptiger\httpdownloaderapp.exe |
"{FD2A5A2C-695F-462F-85ED-70C6974F0127}" = protocol=17 | dir=in | app=c:\program files\riptiger\riptiger.exe |
"TCP Query User{28F8F8E4-FE5E-4896-9C0B-3F9AF9DC598C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3548E34D-4B09-4394-85BE-9BD1A56DB8DE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18562567-BC92-9861-00B8-90B8F5545EA8}" = LangoMax Adult Advantage
"{1959CCD2-1227-4de4-97E7-04F29D526762}_is1" = AnyMedia Player 3.3.3
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1A834332-A9EE-440C-9505-2D07F445F05A}" = MOBILedit! Support Libraries
"{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1" = Wondershare MobileGo ( Version 1.1.0 )
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2367FAB6-057A-4973-875F-F57F7BBBA363}_is1" = DreamScene Seven version 1.4
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}" = EpsonNet Config V3
"{2E195120-A063-43D4-90AA-F1B9952EEF61}" = Usmania Calculator
"{2EE6D53B-957E-48d1-801B-0B7DE81BACED}_is1" = RipTiger Extras 3.3.3
"{2FCFFE64-B076-4C21-874E-1C8ADEE8B378}_is1" = PearlMountain Image Converter 1.2.8
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3408E5D6-4925-4496-AB67-AB8643C3685C}_is1" = Mouse and Keyboard Recorder 3.2.0.8
"{39163F04-0B69-402F-9E70-A9CDA1488E8A}" = Acme Id Card Maker 5.0
"{3A6A34D3-37EE-40F3-BF81-EC7A4BF7F24D}" = Photo to Cartoon
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DCF00F5-04A5-4543-A088-70548081120E}_is1" = Compiled Driver Disc (Full) 1.0
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{44B185C4-2566-4F38-A4F1-092FCDBB51A5}" = CalcTape
"{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1" = MOBILedit! ver. 6.1.0.1634
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{550B72C4-F404-4812-971F-947E835A877E}" = Gtk# for .Net 2.12.10
"{5a34ce77-6efc-432d-b846-65c270c18c72}_is1" = Line Reader 2.7
"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62686E52-2094-11D9-BAFA-444553540001}" = Archiva 7
"{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}" = TTS
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.3
"{6DEB44D1-7A66-4E60-9010-E6E7B116B8C9}" = HDDlife Rus 4.0
"{6EA51254-AAA9-47AC-BF0D-3D0F0DA81316}" = BlackBerry Smartphone Simulators 4.5.0.173 (8830)
"{6ED9555A-A4DE-463D-A76C-8371E80C8913}" = Audials
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7D466431-D6EE-4732-BF02-74BD0817E881}_is1" = PearlMountain Image Resizer Pro 1.4.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64C35E-093A-43B9-B7E5-9966581FC143}" = iSCC
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90D583BE-D60B-4BDB-A696-711723815D1A}_is1" = Excel Password Unlocker 4.0.2.3
"{912853A4-C655-4BEF-88EE-3FD9EDC50EAB}_is1" = Photo Calendar Maker 2.35
"{928501C9-CB3B-416C-99D7-9B6B89751FAD}" = Angry Birds Seasons
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC
"{94B97E1E-9B67-4012-A126-6319E211A298}_is1" = Primo Ramdisk Ultimate Edition 5.6.0
"{952B2529-EB26-4998-BBB1-826234DA8942}" = AKVIS Decorator
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D393A06-B96D-473A-0001-5A4713FCA3A6}" = android converter
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FDD51C9-F7AA-40AF-A4FF-0500E45E4A06}" = AKVIS Magnifier
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A669A70D-2E2C-37D5-A025-E1CB61F2CC96}" = Microsoft .NET Framework 4.5 RC
"{A8405D99-9D76-4456-8752-87DA930CC3A3}" = Comic Life 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AEB8F226-C238-4636-A289-E540B725B5BB}_is1" = AnyReader
"{AF57D22B-B5AF-46CD-BC3F-62FE8CF566B5}" = Jyotish Tools
"{AFD4597D-56CC-447F-AA68-C1BF1AEA448E}_is1" = RipTiger 3.3.3
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B559F2B9-E0BE-484C-A0E1-59C79B8C9325}" = Microsoft WorldWide Telescope
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{B6CA7A3C-35FD-401F-9335-FFFD2BCD5FF3}" = BitDefender Internet Security 2011
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BDDB58A5-F98E-4D3C-B554-4A4D31C6D405}_is1" = Phone Drivers Downloader 1.1
"{C1611681-E8F9-4C89-A6A4-36DD0DA6E089}_is1" = DepositFiles FileManager 0.9.9.206
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4898BA0-7ACA-11DE-8A39-0800200C9A66}_is1" = mirabyte Feed Writer 2.7.2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E0F87496-6367-4226-B379-1EA873CFF11C}" = FileLocator Pro
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17C58F5-2646-4743-A779-A24976F46571}" = Mindjet MindManager 2012
"{F18ADBD4-320F-4A67-9709-0FE9412BB0FA}_is1" = Office 2010 Trial Extender
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3812D83-86D2-4445-A841-3E0BA4F9A11C}" = Merriam-Webster 3.0
"{FA15594C-88DB-406D-B856-37A9A7F763D8}" = Microsoft WorldWide Telescope
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FD0F8123-9035-44B0-B331-2596979E74ED}_is1" = Book Collector
"{FED8A2C2-A0FB-4473-80E0-1F1CA0C4C87C}" = Lee's Bingo V.6.0.3
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1190-3857-8766-9166" = PersonalBrain 5
"5513-1208-7298-9440" = JDownloader 0.9

 

[vicky279]

"7 Sins" = 7 Sins
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdultAdvantage" = LangoMax Adult Advantage
"Advanced Emailer_is1" = Advanced Emailer
"Advanced Office Repair v1.6" = Advanced Office Repair v1.6
"Aimersoft Video Converter Ultimate_is1" = Aimersoft Video Converter Ultimate(Build 4.2.1.0)
"Any DVD Converter for Android_is1" = Any DVD Converter for Android 4.3.5
"Aostsoft All Document Converter Professional_is1" = Aostsoft All Document Converter Professional 3.8.2
"Ashampoo HDD Control 2_is1" = Ashampoo HDD Control 2 v.2.1.0
"Audiobook Downloader Pro" = Audiobook Downloader Pro 1.3
"AutoClick_is1" = AutoClick
"AV Voice Changer Software 3.0" = AV Voice Changer Software 3.0
"Basic Bookkeeping_is1" = Basic Bookkeeping 7.1.1
"Beauty Guide_is1" = Beauty Guide 1.5
"BitDefender" = BitDefender Internet Security 2011
"BitTorrent Ultra Accelerator" = BitTorrent Ultra Accelerator
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Chameleon Folder 2" = Chameleon Folder Lite 2.0.10.392
"Comodo IceDragon" = Comodo IceDragon
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.6.2
"DAEMON Tools Pro" = DAEMON Tools Pro
"DeblurMyImagePlugIn" = DeblurMyImagePlugIn
"Deluge" = Deluge 1.3.5
"Digital Physiognomy" = Digital Physiognomy (remove only)
"DirectFoldersAppID_is1" = Direct Folders
"Disk Space Fan 4_is1" = Disk Space Fan 4 4.4.1.113
"DiskCheckup_is1" = DiskCheckup v3.1
"DjVuLibre+DjView" = DjVuLibre+DjView
"DreamCalcDC4P_is1" = DreamCalc DCP4.8.0 Professional Calculator
"Driver Checker_is1" = Driver Checker v2.7.5
"DSMT6" = MathType 6
"DVD-Cloner 8_is1" = DVD-Cloner V8.10 Build 1005
"eMail Extractor_is1" = eMail Extractor 3.6.0
"EPSON Stylus T11 Series" = EPSON Stylus T11 Series Printer Uninstall
"ExpressAccounts" = Express Accounts
"ExtractNow_is1" = ExtractNow
"File Splitter and Joiner_is1" = File Splitter and Joiner (FFSJ v3.3)
"FileHippo.com" = FileHippo.com Update Checker
"Free Video Dub_is1" = Free Video Dub version 2.0.6.403
"FreeArc" = FreeArc 0.666
"FreePortScanner_is1" = FreePortScanner 2.9
"FriendBlasterPro_is1" = FriendBlasterPro
"FrostWire 5" = FrostWire 5.3.9
"GamePlayLabs Plugin" = GamePlayLabs Plugin
"Gammadyne Mailer" = Gammadyne Mailer
"GE_3_0_is1" = Geometry Expressions v3.0
"GOM Player" = GOM Player
"GTK2-Runtime" = GTK2-Runtime
"Halotea" = Halotea v1.302
"Hard Drive Inspector" = Hard Drive Inspector
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICL-Icon Extractor" = ICL-Icon Extractor
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"iNTERNET Turbo" = iNTERNET Turbo
"Kepard1.0.7.0" = Kepard
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.2.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Media Center 17" = Media Center 17
"MediaMonkey_is1" = MediaMonkey 4.0
"MiniLyrics" = MiniLyrics
"MiPony" = MiPony 2.0.0
"Movienizer_is1" = Movienizer 5.2
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird 13.0 (x86 en-US)" = Mozilla Thunderbird 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MPE" = MyPhoneExplorer
"MS Word Recover File Password Software_is1" = MS Word Recover File Password Software
"NetSetMan_is1" = NetSetMan 3.4.2
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office Password Recovery Toolbox_is1" = Office Password Recovery Toolbox 3.5
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OmniFormat" = OmniFormat
"OpenAL" = OpenAL
"Password Recovery Bundle 2012_is1" = Password Recovery Bundle 2012
"PDF Converter Pro 11.01" = PDF Converter Pro 11.01
"PDF Image Extraction Wizard_is1" = PDF Image Extraction Wizard 6.01
"Pdf995" = Pdf995
"PDF-XChange 3_is1" = PDF-XChange 3
"Photo Stamp Remover_is1" = Photo Stamp Remover 5.0
"ProcessLasso" = Process Lasso
"Protected Music Converter_is1" = Protected Music Converter version 1.9.7.4
"QUICKfind" = QUICKfind server v1.1
"RapidTyping" = RapidTyping
"RAR Password Recovery v2.0_is1" = RAR Password Recovery v2.0
"RAR Repair Tool_is1" = RAR Repair Tool v.4.0
"RealPlayer 15.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Reminder Commander_is1" = Reminder Commander 4
"Repair My Excel_is1" = Repair My Excel
"RocketDock_is1" = RocketDock 1.3.5
"save2pc Ultimate_is1" = save2pc Ultimate 5.11
"SEP4_is1" = SizeExplorer Pro 4.11
"Sketchpad" = Sketchpad
"SpotOnTheMouse_is1" = SpotOnTheMouse 2.5.1
"STDU Extractor_is1" = STDU Extractor version 1.0.137.0
"Stellar Phoenix Excel Recovery_is1" = Stellar Phoenix Excel Recovery
"Stellar Phoenix PowerPoint Recovery_is1" = Stellar Phoenix PowerPoint Recovery
"Stellar Phoenix Zip Recovery v2.0_is1" = Stellar Phoenix Zip Recovery v2.0
"Street Fighter X Tekken_is1" = Street Fighter X Tekken
"SWF-AVI-GIF Converter_is1" = SWF-AVI-GIF Converter 2.3
"SwordSearcher_5_InnoSetup_is1" = SwordSearcher 6.2.2.3
"TeamViewer 7" = TeamViewer 7
"TeraCopy_is1" = TeraCopy 2.12
"The Complete Genealogy Builder_is1" = The Complete Genealogy Builder
"The Complete Genealogy Reporter_is1" = The Complete Genealogy Reporter
"Throttle_is1" = Throttle
"ThunderSoft Flash to Video Converter_is1" = ThunderSoft Flash to Video Converter (1.4.0.1)
"Total Doc Converter_is1" = TotalDocConverter
"Total Image Converter_is1" = TotalImageConverter
"UltraISO_is1" = UltraISO Premium V9.36
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"uTorrent" = µTorrent
"uTorrent SpeedUp Pro" = uTorrent SpeedUp Pro
"uTorrent Turbo Booster" = uTorrent Turbo Booster
"VLC media player" = VLC media player 2.0.3
"whois_is1" = whois 2.7.6
"WinMend File Copy_is1" = WinMend File Copy 1.3.7.2
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.42
"Writer's Café_is1" = Writer's Café 2.32
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YouWave" = YouWave for Android
"ZIP Password Recovery v2.0_is1" = ZIP Password Recovery v2.0
"Zip Repair Pro_is1" = Zip Repair Pro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.3.5
"Email Sender Deluxe" = Email Sender Deluxe
"Mouse Button Control" = Mouse Button Control
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20-Sep-12 1:17:19 AM | Computer Name = Vicky-PC | Source = VSS | ID = 18
Description =

Error - 20-Sep-12 1:17:19 AM | Computer Name = Vicky-PC | Source = VSS | ID = 8193
Description =

Error - 20-Sep-12 3:26:44 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\cleanup.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20-Sep-12 3:27:26 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\uninstall.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20-Sep-12 3:27:37 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\install.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20-Sep-12 3:31:25 AM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20-Sep-12 7:26:35 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\cleanup.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20-Sep-12 7:27:02 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\uninstall.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20-Sep-12 7:27:09 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\RapidSolution\Audials
9\tbhsd\tools64\install.exe". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 20-Sep-12 7:29:36 PM | Computer Name = Vicky-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\pdf995\res\drivedir\copy64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 21-Sep-12 1:50:11 AM | Computer Name = Vicky-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 15.0.1.4631 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 7b0 Start
Time: 01cd97bb895f8945 Termination Time: 112 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 2ab42217-03b0-11e2-962c-002197130e22

[ System Events ]
Error - 14-May-12 5:30:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Event Log service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 14-May-12 5:30:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7031
Description = The TCP/IP NetBIOS Helper service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 100 milliseconds:
Restart the service.

Error - 14-May-12 5:30:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7031
Description = The Security Center service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 120000 milliseconds:
Restart the service.

Error - 14-May-12 5:31:18 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Audio service, but
this action failed with the following error: %%1056

Error - 15-May-12 5:49:33 AM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058

Error - 15-May-12 6:09:17 AM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058

Error - 15-May-12 5:30:43 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058

Error - 18-May-12 3:03:28 AM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058

Error - 18-May-12 5:12:16 PM | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description = The WebcamMax, WDM Video Capture service failed to start due to the
following error: %%1058

Error - 20-May-12 9:07:07 AM | Computer Name = Vicky-PC | Source = Ntfs | ID = 262281
Description = The default transaction resource manager on volume J: encountered
a non-retryable error and could not start. The data contains the error code.


< End of report >

 

[vicky279]

OTL logfile created on: 21-Sep-12 8:55:19 PM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Vicky\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 71.15% Memory free
5.99 Gb Paging File | 4.95 Gb Available in Paging File | 82.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.62 Gb Total Space | 9.64 Gb Free Space | 17.99% Space Free | Partition Type: NTFS
Drive D: | 89.63 Gb Total Space | 24.24 Gb Free Space | 27.04% Space Free | Partition Type: NTFS
Drive E: | 58.64 Gb Total Space | 11.67 Gb Free Space | 19.90% Space Free | Partition Type: NTFS
Drive F: | 30.89 Gb Total Space | 9.54 Gb Free Space | 30.90% Space Free | Partition Type: NTFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-21 20:45:55 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.com
PRC - [2012-09-17 22:41:17 | 000,458,752 | ---- | M] (ElectraSoft) -- C:\Program Files\ElectraSoft\mbc\MBC.EXE
PRC - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
PRC - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-08-22 20:24:50 | 000,369,544 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2012-08-22 20:24:48 | 000,677,256 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-05-15 14:57:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2012-03-09 16:58:08 | 002,906,112 | ---- | M] (NeoSoft Tools) -- C:\Program Files\Chameleon Folder 2\chfolder.exe
PRC - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe
PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011-12-26 21:06:50 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011-12-26 21:03:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-03-16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-09 13:15:40 | 000,894,464 | ---- | M] () -- C:\Program Files\Chameleon Folder 2\cf.dll
MOD - [2011-12-26 21:05:09 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2011-12-26 21:03:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011-12-26 21:02:38 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011-11-11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011-11-11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011-11-11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011-11-11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011-11-11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV - [2012-09-17 21:32:18 | 000,394,920 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)
SRV - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
SRV - [2012-09-08 12:38:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-27 17:21:31 | 003,081,220 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-04-23 16:16:08 | 000,484,304 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -- (HDDSvc)
SRV - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012-01-23 22:21:20 | 000,249,856 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\GSService.exe -- (GSService)
SRV - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010-11-30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010-07-23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe -- (DfSdkS)
SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vicky\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (actv8src)
DRV - [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012-06-24 14:38:10 | 000,158,144 | ---- | M] (Romex Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fancyrd.sys -- (FancyRd)
DRV - [2012-05-24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2012-05-15 15:56:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-04-29 13:48:14 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012-04-29 13:46:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-04-18 22:38:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012-02-02 21:08:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012-01-18 12:14:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-12-26 21:03:38 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011-12-26 21:02:05 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011-11-07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011-07-15 23:43:12 | 000,135,680 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011-06-23 12:13:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011-05-06 23:29:32 | 000,024,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC)
DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010-11-29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010-11-29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010-08-20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010-05-13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\..\URLSearchHook: {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC ED 73 4E 17 BB CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.gigabase.ru/search?q={searchTerms}&clid=1
IE - HKCU\..\SearchScopes\{289bd87f-a29f-41a5-88da-19d7a6531bf6}: "URL" = http://apype.com/results.php?q={searchTerms}
IE - HKCU\..\SearchScopes\{48444E1A-FD18-45C6-92C1-3A8819B65AE0}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: optimizegoogle@optimizegoogle.com:0.79.1
FF - prefs.js..extensions.enabledAddons: trafficlight@bitdefender.com:0.1.28
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
FF - prefs.js..extensions.enabledAddons: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.7.2
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.44
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Vicky\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-13 17:48:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-08 12:38:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-09-08 12:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012-06-14 01:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]

[2011-12-24 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
[2012-09-21 13:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions
[2012-04-25 19:19:57 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012-09-16 21:10:41 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2012-08-24 18:48:32 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\customization@adblockplus.org.xpi
[2012-09-13 11:42:12 | 000,067,038 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbp@fbpurity.com.xpi
[2012-09-13 11:42:09 | 000,162,292 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbsidebardisabler@vittgam.net.xpi
[2011-11-12 20:29:12 | 000,236,088 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012-08-24 18:48:38 | 000,097,710 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\tabutils@ithinc.cn.xpi
[2012-02-10 18:52:01 | 000,792,865 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\trafficlight@bitdefender.com.xpi
[2012-07-11 11:44:22 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012-09-18 12:31:27 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2011-08-12 07:58:54 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011-07-26 05:40:30 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012-09-11 12:23:53 | 000,021,014 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2012-07-27 07:18:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011-10-30 01:44:28 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012-07-21 22:46:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012-09-16 22:47:17 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012-09-13 16:03:12 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2012-06-08 00:37:26 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012-09-08 12:38:57 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-07-31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012-07-13 17:47:55 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012-08-29 00:22:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-09-18 18:07:04 | 000,002,261 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Custom search.xml
[2012-07-12 14:14:41 | 000,005,137 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ergative.xml
[2012-08-29 00:22:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2010-12-09 02:51:24 | 000,002,224 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml

O1 HOSTS File: ([2012-09-20 10:59:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (YuoTubeDownloader) - {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (YuoTubeDownloader) - {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Chameleon Folder] C:\Program Files\Chameleon Folder 2\chfolder.exe (NeoSoft Tools)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk = C:\Program Files\ElectraSoft\mbc\MBC.EXE (ElectraSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Link Commander collection - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send Image To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk - C:\Program Files\BitTorrent Ultra Accelerator\BitTorrent Ultra Accelerator.exe - (TrafficSpeeders)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk - C:\Program Files\Wondershare\MobileGo\MobileGoService.exe - (Wondershare)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkinPackMenu.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Direct Folders.lnk - C:\Program Files\Direct Folders\df.exe - (Code Sector)
MsConfig - StartUpFolder: C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk - C:\Program Files\PersonalBrain\PersonalBrain.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: CanonSolutionMenuEx - hkey= - key= - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTurbo - hkey= - key= - C:\Program Files\iNTERNET Turbo\ITTray.exe (Clasys Ltd.)
MsConfig - StartUpReg: LearnWords Launcher - hkey= - key= - C:\Program Files\LearnWords\LearnWords.exe (LearnWords Software)
MsConfig - StartUpReg: MMReminderService - hkey= - key= - E:\Vicky\Installed\Mindjet MindManager\MmReminderService.exe (Mindjet)
MsConfig - StartUpReg: Power2GoExpress - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2

 

[vicky279]

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {05466845-FF44-4671-92C1-A5FD0F9EEE1C} - Microsoft Reader
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - E:\Vicky\Installed\Mindjet MindManager\sys\MmInternetExplorerActiveSetup.vbs
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A669A70D-2E2C-37D5-A025-E1CB61F2CC96} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.pspgru - C:\Windows\System32\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iscc - C:\Windows\System32\iscc.dll (innoheim)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012-09-21 20:45:46 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.com
[2012-09-21 00:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-09-20 11:04:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-09-20 10:59:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-09-20 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\temp
[2012-09-19 23:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-09-19 23:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-09-19 23:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-09-19 23:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-19 23:38:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-09-18 22:21:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\PC Tools
[2012-09-18 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Threat Expert
[2012-09-18 13:21:02 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0947.old
[2012-09-18 13:21:02 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0947.old
[2012-09-18 13:20:00 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012-09-18 13:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012-09-18 12:45:46 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012-09-18 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012-09-18 12:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012-09-18 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-09-18 11:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mindjet
[2012-09-17 23:28:50 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
[2012-09-17 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012-09-17 23:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012-09-17 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Calibre Library
[2012-09-17 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\calibre
[2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012-09-17 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2012-09-17 23:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2012-09-17 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Usmania_Code
[2012-09-17 23:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Usmania Code
[2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Usmania Code
[2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Usmania Code
[2012-09-17 23:13:02 | 000,000,000 | R--D | C] -- C:\AHCache
[2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Throttle
[2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Throttle
[2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
[2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfAnonymousFree
[2012-09-17 22:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CalcTape
[2012-09-17 22:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\CalcTape
[2012-09-17 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\SMP Data
[2012-09-17 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare
[2012-09-17 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2012-09-17 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare Data
[2012-09-17 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Deskshare
[2012-09-17 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Spoon
[2012-09-17 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Deskshare
[2012-09-17 22:49:07 | 001,791,920 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v13.1.0.ocx
[2012-09-17 22:49:07 | 001,226,672 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v13.1.0.ocx
[2012-09-17 22:49:07 | 000,538,544 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
[2012-09-17 22:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reminder Commander
[2012-09-17 22:49:06 | 002,320,304 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.1.0.ocx
[2012-09-17 22:49:06 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012-09-17 22:49:06 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DB.DLL
[2012-09-17 22:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reminder Commander
[2012-09-17 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Primo Ramdisk Ultimate Edition
[2012-09-17 22:47:53 | 000,158,144 | ---- | C] (Romex Software) -- C:\Windows\System32\drivers\fancyrd.sys
[2012-09-17 22:47:53 | 000,019,392 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\rxbsknl.sys
[2012-09-17 22:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Primo Ramdisk Ultimate Edition
[2012-09-17 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Stamp Remover
[2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
[2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
[2012-09-17 22:40:59 | 000,000,000 | ---D | C] -- C:\mbc
[2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\RobotSoft
[2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\RobotSoft
[2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse and Keyboard Recorder
[2012-09-17 22:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mirabyte Feed Writer
[2012-09-17 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\mirabyte
[2012-09-17 22:37:05 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
[2012-09-17 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2012-09-17 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\My Maps
[2012-09-17 22:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 2012
[2012-09-17 22:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2012-09-17 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
[2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Maxprog
[2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Maxprog
[2012-09-17 22:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMail Extractor
[2012-09-17 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\eMail Extractor
[2012-09-17 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineReader
[2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Iconico
[2012-09-17 22:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\LineReader
[2012-09-17 22:30:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\MyPhoneExplorer
[2012-09-17 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2012-09-17 22:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sketchpad
[2012-09-17 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp
[2012-09-17 22:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kepard
[2012-09-17 22:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kepard
[2012-09-17 22:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Music Theory 3.0
[2012-09-17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ChordWizard
[2012-09-17 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRiver Media Center 17
[2012-09-17 21:30:00 | 000,381,608 | ---- | C] (JRiver, Inc.) -- C:\Windows\System32\MC17.exe
[2012-09-17 21:29:59 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AReadyLB.dll
[2012-09-17 21:29:59 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AudDevicePlugin.dll
[2012-09-17 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\J River
[2012-09-17 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\J River
[2012-09-17 21:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halotea
[2012-09-17 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirolit
[2012-09-17 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mirolit
[2012-09-17 21:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geometry Expressions v3.0
[2012-09-17 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Geometry Expressions v3.0
[2012-09-17 21:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gammadyne
[2012-09-17 21:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System-G
[2012-09-17 21:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gammadyne Mailer
[2012-09-17 21:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft
[2012-09-17 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThunderSoft
[2012-09-17 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamCalc DC4P
[2012-09-17 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\DreamCalc DC4P
[2012-09-17 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
[2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4
[2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cookapp
[2012-09-17 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders
[2012-09-17 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
[2012-09-17 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Anthemion Writer's Café 2.32
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent Ultra Accelerator
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Ultra Accelerator
[2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Tint Guide
[2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beauty Guide
[2012-09-17 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Beauty Guide
[2012-09-17 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
[2012-09-17 21:01:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
[2012-09-17 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
[2012-09-17 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012-09-17 20:51:49 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2012-09-17 20:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Writer's Cafe Documents
[2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
[2012-09-17 20:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anthemion Writer's Café 2.32
[2012-09-17 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Writer's Cafe 2
[2012-09-17 20:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Acmework
[2012-09-15 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\dvdcss
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office 2010 Trial Extender
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Office 2010 Trial Extender
[2012-09-08 12:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-09-05 16:40:10 | 000,446,464 | ---- | C] (HotSummerWind Software) -- C:\Windows\System32\YuoTubeDownloader.dll
[2012-09-05 04:29:25 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Apple Computer
[2012-09-03 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012-09-03 13:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2012-09-03 12:21:02 | 003,405,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsrchvw.exe
[2012-09-03 12:20:59 | 000,354,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
[2012-09-03 12:20:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SoundRecorder.exe
[2012-09-03 12:20:57 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2012-09-03 12:20:56 | 000,262,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2012-09-03 12:20:55 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\recdisc.exe
[2012-09-03 12:20:51 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2012-09-03 12:20:50 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Narrator.exe
[2012-09-03 12:20:47 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msra.exe
[2012-09-03 12:20:46 | 006,376,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe
[2012-09-03 12:20:45 | 000,303,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2012-09-03 12:20:44 | 000,233,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msconfig.exe
[2012-09-03 12:20:41 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MdSched.exe
[2012-09-03 12:20:40 | 000,941,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012-09-03 12:20:39 | 000,629,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2012-09-03 12:20:37 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012-09-03 12:20:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012-09-03 12:20:34 | 000,586,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfrgui.exe
[2012-09-03 12:20:34 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DisplaySwitch.exe
[2012-09-03 12:20:33 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\control.exe
[2012-09-03 12:20:32 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\colorcpl.exe
[2012-09-03 12:20:31 | 000,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cleanmgr.exe
[2012-09-03 12:20:30 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\charmap.exe
[2012-09-03 12:20:29 | 000,776,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\calc.exe
[2012-09-03 12:20:27 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2012-09-03 12:20:24 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012-09-03 12:20:23 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imagesp1.dll
[2012-09-03 12:20:20 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.dll
[2012-09-03 12:20:14 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2012-09-03 12:20:13 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2012-09-03 12:20:12 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
[2012-09-03 12:20:11 | 000,379,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2012-09-03 12:20:10 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2012-09-03 12:20:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ActionCenter.dll
[2012-09-02 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Rovio
[2012-09-02 11:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2012-09-01 13:35:38 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012-09-01 13:35:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012-09-01 13:35:31 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012-09-01 13:35:31 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012-08-30 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ProcessLasso
[2012-08-30 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
[2012-08-30 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
[2012-08-30 13:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
[2012-08-30 12:35:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Wise Disk Cleaner
[2012-08-30 12:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Research
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-21 20:58:16 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-21 20:58:16 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-21 20:50:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-21 20:50:40 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-21 20:45:55 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.com
[2012-09-21 20:45:32 | 000,512,737 | ---- | M] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
[2012-09-21 20:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
[2012-09-21 15:01:09 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012-09-21 10:24:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
[2012-09-20 10:59:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-09-19 22:18:18 | 000,215,597 | ---- | M] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
[2012-09-19 20:26:14 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012-09-18 22:20:42 | 001,318,816 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 18:07:04 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-18 01:56:47 | 000,449,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-09-18 01:56:14 | 000,000,048 | -HS- | M] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 23:23:17 | 000,001,211 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
[2012-09-17 23:21:47 | 000,000,007 | ---- | M] () -- C:\Users\Vicky\AppData\Local\~wmrg
[2012-09-17 22:42:17 | 000,001,841 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
[2012-09-17 22:36:42 | 000,002,902 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
[2012-09-17 22:33:07 | 000,000,049 | -H-- | M] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
[2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 22:22:16 | 000,001,821 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
[2012-09-17 21:19:25 | 000,001,775 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
[2012-09-17 21:07:15 | 000,001,229 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-14 22:11:24 | 000,663,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-14 22:11:24 | 000,121,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-14 16:45:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
[2012-09-05 16:40:12 | 000,046,690 | ---- | M] () -- C:\Windows\System32\YuoTubeDownloader.xpi
[2012-09-05 16:40:10 | 000,446,464 | ---- | M] (HotSummerWind Software) -- C:\Windows\System32\YuoTubeDownloader.dll
[2012-09-01 13:35:25 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012-09-01 13:35:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012-09-01 13:35:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012-09-01 13:35:23 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012-09-01 13:35:23 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012-09-01 13:35:23 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012-08-30 13:11:20 | 000,002,256 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2012-08-22 23:31:43 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-08-22 23:31:43 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-21 20:45:28 | 000,512,737 | ---- | C] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
[2012-09-19 23:40:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-09-19 23:40:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-09-19 23:40:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-09-19 23:40:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-09-19 23:40:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-09-19 22:18:16 | 000,215,597 | ---- | C] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
[2012-09-18 13:21:03 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0947.old
[2012-09-18 12:45:54 | 001,318,816 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 01:56:14 | 000,000,048 | -HS- | C] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 23:29:00 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012-09-17 23:23:17 | 000,001,211 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
[2012-09-17 23:20:47 | 000,000,007 | ---- | C] () -- C:\Users\Vicky\AppData\Local\~wmrg
[2012-09-17 22:44:11 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-17 22:41:19 | 000,001,841 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
[2012-09-17 22:36:42 | 000,002,902 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
[2012-09-17 22:33:07 | 000,000,049 | -H-- | C] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
[2012-09-17 22:28:11 | 000,001,536 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 22:22:16 | 000,001,821 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
[2012-09-17 21:29:59 | 000,183,129 | ---- | C] () -- C:\Windows\System32\AM Install1.INF
[2012-09-17 21:19:12 | 000,001,775 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
[2012-09-17 21:07:15 | 000,001,229 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cropping Tool.lnk
[2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acme ID Card Maker 5.0.lnk
[2012-09-05 16:40:12 | 000,046,690 | ---- | C] () -- C:\Windows\System32\YuoTubeDownloader.xpi
[2012-07-20 12:07:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\LB603.dll
[2012-07-20 12:06:58 | 000,157,696 | ---- | C] () -- C:\Windows\System32\asxtract.dll
[2012-07-14 13:04:19 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-04 14:56:36 | 000,000,218 | ---- | C] () -- C:\Users\Vicky\AppData\Local\recently-used.xbel
[2012-06-14 12:32:14 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012-06-09 06:52:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-06-08 10:50:34 | 000,000,103 | ---- | C] () -- C:\Windows\System32\_system.ini
[2012-06-08 09:57:00 | 000,107,008 | ---- | C] () -- C:\Windows\poetunin.exe
[2012-06-08 09:56:22 | 000,077,824 | ---- | C] () -- C:\Windows\zipexe_r.exe
[2012-05-25 23:06:49 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012-05-13 19:55:04 | 000,002,075 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
[2012-04-21 09:24:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qhwm.sys
[2012-03-11 22:35:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012-03-11 22:35:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2012-03-11 20:58:34 | 000,155,136 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
[2012-03-06 00:31:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\RandWTTime.dat
[2012-03-05 23:45:17 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
[2012-03-05 23:34:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2012-03-05 23:34:25 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2012-03-03 15:58:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-03-02 20:44:59 | 000,005,002 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2012-03-01 23:13:56 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012-03-01 02:33:09 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\ziprecovery.ini
[2012-03-01 02:32:20 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\rarrecovery.ini
[2012-03-01 02:17:54 | 000,000,990 | ---- | C] () -- C:\Windows\System32\dcimam45.sys
[2012-02-29 23:52:21 | 000,006,852 | ---- | C] () -- C:\Windows\System32\drivers\Vcs.sys
[2012-01-26 01:26:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\GSService.exe
[2012-01-25 23:30:15 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2012-01-21 19:41:06 | 000,248,832 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-21 19:39:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-01-21 19:14:27 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\V2WCDRV.sys
[2012-01-18 04:07:07 | 000,002,256 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012-01-01 23:16:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012-01-01 23:16:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012-01-01 23:16:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012-01-01 23:16:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012-01-01 23:16:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012-01-01 23:16:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012-01-01 23:16:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012-01-01 23:16:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012-01-01 23:16:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012-01-01 23:16:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012-01-01 23:16:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012-01-01 23:16:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012-01-01 23:16:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012-01-01 23:16:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012-01-01 23:16:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012-01-01 23:15:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\EEBAPI.dll
[2012-01-01 23:15:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\EEBDSCVR.dll
[2012-01-01 23:15:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EBAPI.dll
[2012-01-01 21:39:18 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-01-01 20:32:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012-01-01 19:44:44 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2012-01-01 19:44:44 | 000,004,027 | ---- | C] () -- C:\Windows\unins000.dat
[2012-01-01 19:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-27 18:45:44 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011-12-26 21:25:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011-12-26 20:36:14 | 000,655,512 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011-12-26 20:04:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-12-26 19:19:13 | 000,029,462 | ---- | C] () -- C:\Windows\System32\netaf932.dll
[2011-11-17 07:10:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011-10-09 02:52:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
[2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-01-21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EmRegSys.dll
[2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

 

[vicky279]

========== ZeroAccess Check ==========

[2008-11-27 16:07:36 | 000,001,289 | ---- | M] () -- C:\Users\All Users\The Complete Genealogy Reporter\HTML Templates\l.gif
[2008-11-27 16:08:10 | 000,001,316 | ---- | M] () -- C:\Users\All Users\The Complete Genealogy Reporter\HTML Templates\n.gif
[2008-11-27 16:10:20 | 000,001,320 | ---- | M] () -- C:\Users\All Users\The Complete Genealogy Reporter\HTML Templates\u.gif
[2012-03-01 22:54:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\LocalLow\Microsoft\Silverlight\is\kyxpvn3r.ttf\rfwglurk.ys0\1\l
[2012-05-16 17:32:49 | 000,000,887 | ---- | M] () -- C:\Users\Vicky\Desktop\New folder\txt\L.txt
[2012-07-04 22:45:59 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\L
[2012-07-04 22:45:59 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\N
[2012-07-03 10:59:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\U
[2012-08-24 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrange\L
[2012-07-10 22:16:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrange\N
[2012-08-25 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrange\U
[2012-08-24 22:13:30 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeCovers\L
[2012-08-24 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeCovers\N
[2012-07-01 14:48:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeHomePhotos\L
[2012-06-08 10:43:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeHomePhotos\N
[2012-07-01 14:47:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMainPhoto\N
[2012-09-15 21:06:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMoviePhotos\L
[2012-09-15 21:07:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMoviePhotos\N
[2012-08-25 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeMoviePhotos\U
[2012-08-25 21:57:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeScreenshots\L
[2012-08-24 22:14:22 | 000,000,000 | ---D | M] -- C:\Users\Vicky\My Documents\Movienizer\Covers\ThumbsOrangeScreenshots\N
[2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /HideShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /ShowShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\open\command\\: C:\Program Files\Comodo\IceDragon\icedragon.exe [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\properties\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -preferences [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\safemode\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -safe-mode [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\\: Link Commander Pro
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationDescription: Link Commander Pro is a unique fully-automated, bookmarks manager that allows you to surf the web more easily.
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationName: Link Commander Pro
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.lc: LinkCommanderProCollection
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.htm: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.html: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.xml: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.url: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mht: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mhtml: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\StartMenu\\StartMenuInternet: Link.Commander.Pro
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\ftp: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\http: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\https: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\InstallInfo\\IconsVisible: 1
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\shell\open\command\\: "C:\Program Files\Link Commander Pro\LinkCommanderPro.exe"

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-08 12:38:57 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012-09-08 12:38:57 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /HideShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /ShowShortcuts [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Comodo\IceDragon\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012-09-10 19:14:46 | 000,883,232 | ---- | M] (Comodo Inc)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\open\command\\: C:\Program Files\Comodo\IceDragon\icedragon.exe [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\properties\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -preferences [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\ICEDRAGON.EXE\shell\safemode\command\\: "C:\Program Files\Comodo\IceDragon\icedragon.exe" -safe-mode [2012-09-10 19:07:48 | 000,436,936 | ---- | M] (COMODO Security Solutions)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011-12-26 19:39:08 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011-12-26 19:39:08 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\\: Link Commander Pro
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationDescription: Link Commander Pro is a unique fully-automated, bookmarks manager that allows you to surf the web more easily.
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\\ApplicationName: Link Commander Pro
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.lc: LinkCommanderProCollection
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.htm: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.html: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.xml: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.url: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mht: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\FileAssociations\\.mhtml: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\StartMenu\\StartMenuInternet: Link.Commander.Pro
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\ftp: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\http: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\Capabilities\URLAssociations\\https: LinkCommanderProHTML
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\InstallInfo\\IconsVisible: 1
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Link.Commander.Pro\shell\open\command\\: "C:\Program Files\Link Commander Pro\LinkCommanderPro.exe"

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012-06-24 14:38:10 | 000,158,144 | ---- | M] (Romex Software) -- C:\Windows\system32\drivers\fancyrd.sys
[2012-07-03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) -- C:\Windows\system32\drivers\teamviewervpn.sys

< %systemroot%\System32\config\*.sav >
[2012-08-30 13:10:38 | 051,908,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011-12-26 22:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2012-09-17 20:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\Acmework
[2012-07-20 11:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012-04-11 03:07:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adult Advantage
[2012-07-05 13:05:45 | 000,000,000 | ---D | M] -- C:\Program Files\Advanced Emailer
[2012-03-11 20:58:28 | 000,000,000 | ---D | M] -- C:\Program Files\Aimersoft
[2012-06-28 16:57:34 | 000,000,000 | ---D | M] -- C:\Program Files\AKVIS
[2012-06-28 16:57:37 | 000,000,000 | ---D | M] -- C:\Program Files\Akvis Decorator
[2012-06-27 15:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\Akvis Magnifier
[2012-05-25 22:29:59 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2012-01-26 02:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\AnyMedia Player
[2012-06-08 09:35:29 | 000,000,000 | ---D | M] -- C:\Program Files\AOFR
[2012-03-01 01:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Aostsoft All Document Converter Professional
[2012-01-01 20:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2012-06-08 11:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Appnimi
[2012-09-17 20:51:44 | 000,000,000 | ---D | M] -- C:\Program Files\Ashampoo
[2012-04-11 19:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\AutoClick3
[2012-03-01 00:14:40 | 000,000,000 | ---D | M] -- C:\Program Files\AV VCS 3.0
[2012-09-17 21:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Beauty Guide
[2012-09-17 21:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Beyond Compare 3
[2012-05-25 22:35:48 | 000,000,000 | ---D | M] -- C:\Program Files\BinarySense
[2011-12-26 20:49:26 | 000,000,000 | ---D | M] -- C:\Program Files\BitDefender
[2012-09-17 21:08:07 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent Ultra Accelerator
[2012-09-17 22:55:53 | 000,000,000 | ---D | M] -- C:\Program Files\CalcTape
[2012-09-17 23:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\Calibre2
[2012-09-15 02:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\Cambridge
[2012-07-14 13:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2012-07-14 13:04:07 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2012-03-01 02:04:38 | 000,000,000 | ---D | M] -- C:\Program Files\Caricature Software
[2012-07-05 13:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\Chameleon Folder 2
[2012-09-17 22:20:53 | 000,000,000 | ---D | M] -- C:\Program Files\ChordWizard
[2012-06-27 16:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\CodeMeter
[2012-08-30 12:18:37 | 000,000,000 | ---D | M] -- C:\Program Files\Collectorz.com
[2012-09-20 10:55:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2012-08-12 20:41:26 | 000,000,000 | ---D | M] -- C:\Program Files\Comodo
[2012-05-25 22:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\COMPELSON Labs
[2012-05-25 22:47:50 | 000,000,000 | ---D | M] -- C:\Program Files\Compiled Driver Disc (Full)
[2012-09-17 21:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\Cookapp
[2012-06-08 09:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\CrystalDiskInfo
[2012-04-21 11:48:02 | 000,000,000 | -HSD | M] -- C:\Program Files\CSJ
[2012-01-01 19:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2012-04-29 13:46:40 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2012-06-27 16:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\Data Crow
[2012-04-11 04:42:15 | 000,000,000 | ---D | M] -- C:\Program Files\Deluge
[2011-12-27 00:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\DepositFiles
[2012-09-17 22:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\Deskshare
[2012-01-01 20:45:44 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2012-06-08 09:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Physiognomy
[2012-09-17 21:14:35 | 000,000,000 | ---D | M] -- C:\Program Files\Direct Folders
[2012-06-27 17:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\DiskCheckup
[2012-01-01 19:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone
[2012-09-17 21:18:25 | 000,000,000 | ---D | M] -- C:\Program Files\DreamCalc DC4P
[2012-07-12 14:14:51 | 000,000,000 | ---D | M] -- C:\Program Files\DreamScene Seven
[2012-06-09 06:49:44 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Checker
[2012-09-03 12:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2012-01-01 19:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\DVD-Cloner
[2012-05-08 23:45:01 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2012-09-17 22:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\ElectraSoft
[2012-09-17 22:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\eMail Extractor
[2012-07-05 14:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\Email Sender Deluxe
[2012-06-08 09:37:08 | 000,000,000 | ---D | M] -- C:\Program Files\Engelmann Media
[2012-01-01 23:14:04 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2012-01-01 23:13:24 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2012-01-01 23:15:59 | 000,000,000 | ---D | M] -- C:\Program Files\EpsonNet
[2012-06-08 09:40:05 | 000,000,000 | ---D | M] -- C:\Program Files\Essential Data Tools
[2012-01-26 05:20:33 | 000,000,000 | ---D | M] -- C:\Program Files\Excel Password Unlocker
[2012-06-27 10:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\ExtractNow
[2012-03-02 22:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\FDRLab
[2012-01-01 21:16:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileHippo.com
[2012-01-01 19:43:30 | 000,000,000 | ---D | M] -- C:\Program Files\FreeArc
[2012-03-01 00:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\FriendBlasterPro
[2012-09-17 23:23:17 | 000,000,000 | ---D | M] -- C:\Program Files\FrostWire 5
[2012-09-17 22:14:46 | 000,000,000 | ---D | M] -- C:\Program Files\Gammadyne Mailer
[2012-09-17 21:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\Geometry Expressions v3.0
[2012-06-27 17:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\GetData
[2012-08-30 11:37:32 | 000,000,000 | ---D | M] -- C:\Program Files\GIV Graphics
[2012-09-03 11:44:54 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2012-01-01 19:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2012-03-01 17:16:40 | 000,000,000 | ---D | M] -- C:\Program Files\GTK2-Runtime
[2012-09-17 22:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\GtkSharp
[2012-07-14 13:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\GUM1A05.tmp
[2012-06-08 10:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Hard Drive Inspector
[2012-06-27 17:05:25 | 000,000,000 | ---D | M] -- C:\Program Files\ICL-Icon Extractor
[2012-01-21 06:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\IDM
[2012-01-01 20:04:39 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2012-08-30 12:03:23 | 000,000,000 | ---D | M] -- C:\Program Files\Informatik Inc
[2012-05-08 17:52:41 | 000,000,000 | ---D | M] -- C:\Program Files\innoheim
[2012-07-13 18:27:58 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011-12-15 21:44:05 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012-08-30 12:01:02 | 000,000,000 | ---D | M] -- C:\Program Files\Intermedia Software
[2012-09-03 12:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2012-06-06 22:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\iNTERNET Turbo
[2012-09-17 21:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\J River
[2012-06-22 00:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012-09-13 23:36:38 | 000,000,000 | ---D | M] -- C:\Program Files\JDownloader
[2012-06-08 10:36:49 | 000,000,000 | ---D | M] -- C:\Program Files\Jyotish Tools
[2012-09-17 23:34:48 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2012-09-17 22:22:16 | 000,000,000 | ---D | M] -- C:\Program Files\Kepard
[2012-07-13 18:04:35 | 000,000,000 | ---D | M] -- C:\Program Files\LearnWords
[2012-07-20 12:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\Lees Bingo
[2012-09-17 22:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\LineReader
[2012-06-27 17:18:42 | 000,000,000 | ---D | M] -- C:\Program Files\Link Commander Pro
[2012-01-01 19:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\LizardTech
[2012-07-13 20:04:54 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2012-07-13 17:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012-08-30 11:49:42 | 000,000,000 | ---D | M] -- C:\Program Files\MarinerSoftware
[2012-06-08 12:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\MathType
[2012-07-20 12:12:41 | 000,000,000 | ---D | M] -- C:\Program Files\MediaMonkey
[2012-01-01 21:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Merriam-Webster
[2012-01-01 21:31:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2012-01-01 19:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2012-01-01 21:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012-01-01 20:17:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Reader
[2012-04-24 18:00:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Research
[2012-05-26 15:52:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2012-01-01 21:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012-01-01 21:33:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2012-01-01 21:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2012-01-01 21:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2012-01-30 21:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012-09-18 11:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mindjet
[2012-09-19 02:18:08 | 000,000,000 | ---D | M] -- C:\Program Files\MiniLyrics
[2012-01-01 20:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\MiPony
[2012-09-17 22:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\mirabyte
[2012-09-17 21:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mirolit
[2012-05-26 16:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\MOBILedit!
[2012-07-01 23:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\Movienizer
[2011-12-26 23:09:15 | 000,000,000 | ---D | M] -- C:\Program Files\MozBackup
[2012-09-17 22:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012-09-08 12:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2012-06-14 01:11:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2012-06-27 17:19:09 | 000,000,000 | ---D | M] -- C:\Program Files\MS Word Recover File Password Software
[2012-01-01 21:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012-09-17 23:27:42 | 000,000,000 | ---D | M] -- C:\Program Files\MyPhoneExplorer
[2012-07-20 11:54:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mythicsoft
[2012-06-27 17:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2012-05-27 15:14:18 | 000,000,000 | ---D | M] -- C:\Program Files\NetSetMan
[2012-06-27 18:11:39 | 000,000,000 | ---D | M] -- C:\Program Files\Nsasoft
[2012-06-14 12:33:15 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2012-09-13 17:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Office 2010 Trial Extender
[2012-03-02 22:16:23 | 000,000,000 | ---D | M] -- C:\Program Files\Office Password Recovery Toolbox
[2012-03-05 23:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\omniformat
[2012-06-14 10:42:07 | 000,000,000 | ---D | M] -- C:\Program Files\ooVoo
[2012-04-24 10:40:05 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2012-06-22 00:32:55 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
[2012-01-30 20:11:21 | 000,000,000 | ---D | M] -- C:\Program Files\owl_sb
[2012-09-15 02:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\Oxford
[2012-09-18 13:19:46 | 000,000,000 | ---D | M] -- C:\Program Files\PC Tools
[2012-03-03 03:30:31 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Converter Pro
[2012-07-05 13:28:37 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Image Extraction Wizard
[2012-03-05 23:34:57 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
[2012-07-17 16:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\PearlMountain Image Converter
[2012-03-02 18:01:05 | 000,000,000 | ---D | M] -- C:\Program Files\PearlMountain Image Resizer Pro
[2012-01-19 13:17:27 | 000,000,000 | ---D | M] -- C:\Program Files\PersonalBrain
[2012-05-25 22:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Phone Drivers Downloader
[2012-01-30 20:27:21 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Calendar Maker
[2012-09-17 22:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Stamp Remover
[2012-06-28 17:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\plasq
[2012-09-18 03:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Primo Ramdisk Ultimate Edition
[2012-08-30 13:23:47 | 000,000,000 | ---D | M] -- C:\Program Files\Process Lasso
[2012-05-22 21:15:38 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012-06-28 16:59:30 | 000,000,000 | ---D | M] -- C:\Program Files\RapidSolution
[2012-05-25 23:00:59 | 000,000,000 | ---D | M] -- C:\Program Files\RapidTyping
[2012-03-01 02:32:04 | 000,000,000 | ---D | M] -- C:\Program Files\RAR Password Recovery
[2012-01-01 20:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\Rar Repair Tool
[2012-03-01 04:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2012-06-09 06:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009-07-14 10:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012-01-01 20:26:50 | 000,000,000 | ---D | M] -- C:\Program Files\RegClean Pro
[2012-09-17 22:49:32 | 000,000,000 | ---D | M] -- C:\Program Files\Reminder Commander
[2012-05-25 22:31:40 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2012-01-26 02:20:28 | 000,000,000 | ---D | M] -- C:\Program Files\RipTiger
[2012-09-17 22:39:21 | 000,000,000 | ---D | M] -- C:\Program Files\RobotSoft
[2012-09-03 13:43:49 | 000,000,000 | ---D | M] -- C:\Program Files\RocketDock
[2012-06-27 17:08:59 | 000,000,000 | ---D | M] -- C:\Program Files\SecurityXploded
[2012-03-02 22:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\SizeExplorer Pro 4
[2012-09-03 12:21:53 | 000,000,000 | ---D | M] -- C:\Program Files\Skin Pack
[2012-07-11 14:31:03 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2012-06-27 17:45:39 | 000,000,000 | ---D | M] -- C:\Program Files\SpotOnTheMouse
[2012-01-26 02:33:05 | 000,000,000 | ---D | M] -- C:\Program Files\STDU Extractor
[2012-03-01 20:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Excel Recovery
[2012-03-02 18:14:36 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix PowerPoint Recovery
[2012-03-02 18:02:27 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Zip Recovery
[2012-06-09 07:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\SuperSpeed
[2012-06-27 16:02:41 | 000,000,000 | ---D | M] -- C:\Program Files\SuperUtils.com
[2012-01-26 02:50:20 | 000,000,000 | ---D | M] -- C:\Program Files\SWF-AVI-GIF Converter
[2012-07-20 12:14:29 | 000,000,000 | ---D | M] -- C:\Program Files\SwordSearcher
[2012-09-17 23:28:50 | 000,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2012-01-01 20:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2012-01-26 02:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\TeraCopy
[2012-05-25 23:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\The Complete Genealogy Builder
[2012-05-25 23:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\The Complete Genealogy Reporter
[2012-09-17 23:12:37 | 000,000,000 | ---D | M] -- C:\Program Files\Throttle
[2012-09-17 21:19:52 | 000,000,000 | ---D | M] -- C:\Program Files\ThunderSoft
[2012-09-17 21:05:33 | 000,000,000 | ---D | M] -- C:\Program Files\Tint Guide
[2012-06-08 10:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\Top Password
[2012-03-03 16:22:22 | 000,000,000 | ---D | M] -- C:\Program Files\TotalDocConverter
[2012-06-08 11:15:43 | 000,000,000 | ---D | M] -- C:\Program Files\TotalImageConverter
[2012-01-01 20:43:17 | 000,000,000 | ---D | M] -- C:\Program Files\UltraISO
[2009-07-14 10:23:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012-03-03 00:02:26 | 000,000,000 | ---D | M] -- C:\Program Files\Universal Document Converter
[2012-09-17 23:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\Usmania Code
[2012-05-12 00:22:39 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2012-06-27 18:11:32 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent SpeedUp Pro
[2012-06-08 15:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent Turbo Booster
[2012-04-24 17:33:37 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2011-12-26 21:57:45 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2012-09-03 12:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009-07-14 10:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011-12-26 20:16:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2012-06-16 16:38:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2012-03-03 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files\WinMend
[2012-06-27 18:13:20 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2012-08-23 17:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2012-07-05 13:53:16 | 000,000,000 | ---D | M] -- C:\Program Files\Wise
[2012-01-26 01:23:03 | 000,000,000 | ---D | M] -- C:\Program Files\WMA-MP3.com
[2012-05-25 23:09:37 | 000,000,000 | ---D | M] -- C:\Program Files\Wondershare
[2012-09-17 20:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\Writer's Cafe 2
[2012-06-27 15:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Xpress Software
[2012-06-14 17:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Xtranormal
[2012-06-14 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2012-04-11 11:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
[2012-06-27 20:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\YouWave_Android
[2012-01-10 13:39:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry
[2012-03-01 02:32:56 | 000,000,000 | ---D | M] -- C:\Program Files\ZIP Password Recovery

 

[vicky279]

< %appdata%\*.* >
[2012-09-17 21:19:25 | 000,001,775 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
[2012-09-17 22:33:07 | 000,000,049 | -H-- | M] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
[2012-07-04 23:30:57 | 000,000,083 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Not_added_movies.txt
[2012-05-13 19:55:04 | 000,002,075 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
[2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat

< MD5 for: AFD.SYS >
[2011-04-25 08:05:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010-11-20 14:10:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011-04-25 07:48:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011-04-25 07:48:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011-04-25 07:57:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011-04-25 08:54:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009-07-14 04:42:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009-07-14 06:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2009-07-14 06:45:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010-11-20 17:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\erdnt\cache\cryptsvc.dll
[2010-11-20 17:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\System32\cryptsvc.dll
[2010-11-20 17:48:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2010-11-20 17:48:33 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=2FE30D71919C51131405797620E0A714 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsrslvr.dll
[2011-03-03 11:08:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\System32\dnsrslvr.dll
[2011-03-03 11:08:01 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=33EF4861F19A0736B11314AAD9AE28D0 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsrslvr.dll
[2011-03-03 10:59:23 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B15BE77A2BACF9C3177D27518AFE26A9 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_e1c0a9a6e3a78582\dnsrslvr.dll
[2011-03-03 11:20:46 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=B3A0A4414D8EC1DD28018004CE8DCBEE -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_e28d2873fc92ad7b\dnsrslvr.dll
[2009-07-14 06:45:12 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=D0722E963D3C6145446874241401B209 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_e1b8d300e3acf8dc\dnsrslvr.dll
[2011-03-03 10:42:25 | 000,132,608 | ---- | M] (Microsoft Corporation) MD5=F3501CA4E93BF218C71CF9DEECEE838F -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsrslvr.dll

< MD5 for: ES.DLL >
[2009-07-14 06:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\erdnt\cache\es.dll
[2009-07-14 06:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\System32\es.dll
[2009-07-14 06:45:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll

< MD5 for: EXPLORER.EXE >
[2011-02-26 10:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009-07-14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011-02-26 11:21:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009-10-31 11:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011-02-26 11:03:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010-11-20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009-08-03 11:19:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009-08-03 11:05:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009-10-31 11:30:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009-07-14 06:45:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\System32\ipnathlp.dll
[2009-07-14 06:45:33 | 000,300,544 | ---- | M] (Microsoft Corporation) MD5=D1A079A0DE2EA524513B6930C24527A2 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_04a3b4c9aa9fddd8\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010-11-20 14:09:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010-11-20 14:09:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys
[2009-07-14 04:42:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< MD5 for: NETMAN.DLL >
[2009-07-14 06:46:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\erdnt\cache\netman.dll
[2009-07-14 06:46:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\System32\netman.dll
[2009-07-14 06:46:03 | 000,280,576 | ---- | M] (Microsoft Corporation) MD5=7CCCFCA7510684768DA22092D1FA4DB2 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll

< MD5 for: QMGR.DLL >
[2009-07-14 06:46:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010-11-20 17:50:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\erdnt\cache\qmgr.dll
[2010-11-20 17:50:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010-11-20 17:50:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010-11-20 17:51:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\erdnt\cache\rpcss.dll
[2010-11-20 17:51:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010-11-20 17:51:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009-07-14 06:46:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009-07-14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009-07-14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009-07-14 06:44:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 06:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2011-04-25 10:26:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011-09-29 21:32:44 | 001,301,872 | ---- | M] (Microsoft Corporation) MD5=22F7E7CBCA308DEE3428B097D4F8A61C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_b38e8546e0cbe4a1\tcpip.sys
[2011-04-25 10:01:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009-07-14 06:49:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010-11-20 18:00:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011-09-29 21:47:18 | 001,303,920 | ---- | M] (Microsoft Corporation) MD5=3C1C41E317710F74CEC1E7F0D5325993 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_b5a84e10ddca7566\tcpip.sys
[2011-09-29 21:13:37 | 001,285,488 | ---- | M] (Microsoft Corporation) MD5=56C198AC82EFA622DD93E9E43575F79C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_b2f8731bc7b62d86\tcpip.sys
[2011-09-29 21:33:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\erdnt\cache\tcpip.sys
[2011-09-29 21:33:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\System32\drivers\tcpip.sys
[2011-09-29 21:33:04 | 001,290,608 | ---- | M] (Microsoft Corporation) MD5=65D10B191C59C5501A1263FC33F6894B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_b4d1ffa1c4e682b5\tcpip.sys
[2011-04-25 12:01:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011-04-25 10:14:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys

< MD5 for: TDX.SYS >
[2010-11-20 14:09:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\erdnt\cache\tdx.sys
[2010-11-20 14:09:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010-11-20 14:09:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[2009-07-14 04:42:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: USERINIT.EXE >
[2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 17:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009-07-14 06:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2009-07-14 06:49:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010-11-20 18:00:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010-11-20 18:00:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010-11-20 18:00:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009-07-14 06:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache\wininit.exe
[2009-07-14 06:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009-07-14 06:44:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009-10-28 11:47:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 11:22:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010-11-20 17:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012-07-03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009-07-14 06:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009-07-14 06:46:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\System32\wbem\WMIsvc.dll
[2009-07-14 06:46:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_a08911f35844b3ff\WMIsvc.dll
[2009-07-14 06:46:19 | 000,168,960 | ---- | M] (Microsoft Corporation) MD5=F62E510B6AD4C21EB9FE8668ED251826 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_a2ba25bb55333799\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2009-07-14 06:46:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\System32\wscsvc.dll
[2009-07-14 06:46:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_1a16b3d6136c6bb2\wscsvc.dll
[2009-07-14 06:46:20 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=6F5D49EFE0E7164E03AE773A3FE25340 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll
[2010-12-21 11:08:24 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=A661A76333057B383A06E65F0073222F -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_1a559a62133d85fa\wscsvc.dll
[2010-12-21 10:59:14 | 000,073,728 | ---- | M] (Microsoft Corporation) MD5=FC6DB3FF10A271A83A2CAFB340120FC4 -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_1ab2f7332c7c7c31\wscsvc.dll

========== Files - Unicode (All) ==========
[2011-12-26 20:49:26 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011-12-26 20:49:26 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:8331D35A
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A5A1816B
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:054B9966
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0C6951A3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:ACC6783C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:CBD3E4DE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:55B41E6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:EBC2DB92

< End of report >

 

[Jay Pfoutz]

Please run OTL. Copy and paste the following in the Custom Scans/Fixes box:

:OTL
IE - HKCU\..\URLSearchHook: {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.gigabase.ru/search?q={searchTerms}&clid=1
IE - HKCU\..\SearchScopes\{289bd87f-a29f-41a5-88da-19d7a6531bf6}: "URL" = http://apype.com/results.php?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.defaulturl: "http://www.gigabase.ru/search?clid=1&q="
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
[2012-08-24 18:48:38 | 000,097,710 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\tabutils@ithinc.cn.xpi
[2012-09-18 18:07:04 | 000,002,261 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Custom search.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (YuoTubeDownloader) - {3d175337-41e3-48eb-a754-493577f658b9} - C:\Windows\System32\YuoTubeDownloader.dll (HotSummerWind Software)
@Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:8331D35A
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A5A1816B
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:054B9966
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:0C6951A3
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:ACC6783C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TempFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0FF263E8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:CBD3E4DE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:55B41E6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:EBC2DB92

Then hit Run Fix!

Post the fix log once done, and tell me if the problem remains.

 

[vicky279]

The firefox homepage still changes to apype dot com(shows in options) / starwebsearch dot com(shows in the address bar). There was a YuoTubeDownloader toolbar in IE that I noticed before running OTL fix. Atleast that is now gone. Here are the logs

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{3d175337-41e3-48eb-a754-493577f658b9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d175337-41e3-48eb-a754-493577f658b9}\ deleted successfully.
C:\Windows\System32\YuoTubeDownloader.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{289bd87f-a29f-41a5-88da-19d7a6531bf6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289bd87f-a29f-41a5-88da-19d7a6531bf6}\ not found.
Prefs.js: "Custom search" removed from browser.search.defaultenginename
Prefs.js: "http://www.gigabase.ru/search?clid=1&q=" removed from browser.search.defaulturl
Prefs.js: "Custom search" removed from browser.search.selectedEngine
Prefs.js: "http://apype.com" removed from browser.startup.homepage
Prefs.js: "http://apype.com/results.php?q=" removed from keyword.URL
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\tabutils@ithinc.cn.xpi moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Custom search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d175337-41e3-48eb-a754-493577f658b9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d175337-41e3-48eb-a754-493577f658b9}\ not found.
File C:\Windows\System32\YuoTubeDownloader.dll not found.
ADS C:\ProgramData\Temp:8331D35A deleted successfully.
ADS C:\ProgramData\Temp:A5A1816B deleted successfully.
ADS C:\ProgramData\Temp:054B9966 deleted successfully.
ADS C:\ProgramData\Temp:0C6951A3 deleted successfully.
ADS C:\ProgramData\Temp:ACC6783C deleted successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
ADS C:\ProgramData\Temp:0FF263E8 deleted successfully.
ADS C:\ProgramData\Temp:CBD3E4DE deleted successfully.
ADS C:\ProgramData\Temp:55B41E6A deleted successfully.
ADS C:\ProgramData\Temp:EBC2DB92 deleted successfully.

OTL by OldTimer - Version 3.2.66.0 log created on 09232012_151559

 

[Jay Pfoutz]

Open OTL, press Quick Scan button, and post log(s).

 

[vicky279]

OTL logfile created on: 24-Sep-12 1:00:22 AM - Run 2
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Vicky\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 69.61% Memory free
5.99 Gb Paging File | 4.78 Gb Available in Paging File | 79.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.62 Gb Total Space | 7.76 Gb Free Space | 14.47% Space Free | Partition Type: NTFS
Drive D: | 89.63 Gb Total Space | 8.47 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Drive E: | 58.64 Gb Total Space | 1.20 Gb Free Space | 2.04% Space Free | Partition Type: NTFS
Drive F: | 30.89 Gb Total Space | 9.54 Gb Free Space | 30.90% Space Free | Partition Type: NTFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
PRC - [2012-09-17 22:41:17 | 000,458,752 | ---- | M] (ElectraSoft) -- C:\Program Files\ElectraSoft\mbc\MBC.EXE
PRC - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe
PRC - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012-08-22 20:24:50 | 000,369,544 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2012-08-22 20:24:48 | 000,677,256 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-05-15 14:57:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2012-03-09 16:58:08 | 002,906,112 | ---- | M] (NeoSoft Tools) -- C:\Program Files\Chameleon Folder 2\chfolder.exe
PRC - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe
PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011-12-26 21:06:50 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011-12-26 21:03:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-03-16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-09 13:15:40 | 000,894,464 | ---- | M] () -- C:\Program Files\Chameleon Folder 2\cf.dll
MOD - [2011-12-26 21:05:09 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2011-12-26 21:03:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011-12-26 21:02:38 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011-11-11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011-11-11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011-11-11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011-11-11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011-11-11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV - [2012-09-17 21:32:18 | 000,394,920 | ---- | M] (JRiver, Inc.) [On_Demand | Stopped] -- C:\Program Files\J River\Media Center 17\JRService.exe -- (Media Center 17 Service)
SRV - [2012-09-10 19:05:26 | 000,446,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\IceDragon\icedragon_updater.exe -- (IceDragonUpdater)
SRV - [2012-09-08 12:38:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-08-31 19:32:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-30 10:48:16 | 001,518,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe -- (AHDDC2)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-27 17:21:31 | 003,081,220 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-04-23 16:16:08 | 000,484,304 | ---- | M] (AltrixSoft (http://www.altrixsoft.com/)) [On_Demand | Stopped] -- C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe -- (HDDSvc)
SRV - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2012-03-05 16:13:04 | 000,845,640 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service)
SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2012-01-23 22:21:20 | 000,249,856 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\GSService.exe -- (GSService)
SRV - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010-11-30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010-07-23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-08-24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe -- (DfSdkS)
SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vicky\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aicqys6h)
DRV - [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012-06-24 14:38:10 | 000,158,144 | ---- | M] (Romex Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fancyrd.sys -- (FancyRd)
DRV - [2012-05-24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012-05-24 16:34:53 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2012-05-15 15:56:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-04-29 13:48:14 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012-04-29 13:46:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-04-18 22:38:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012-02-02 21:08:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012-01-18 12:14:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-12-26 21:03:38 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011-12-26 21:02:05 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011-11-07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011-07-15 23:43:12 | 000,135,680 | ---- | M] (Oracle Corporation) [Kernel | Auto | Running] -- C:\Program Files\YouWave_Android\vb\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011-06-23 12:13:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011-05-06 23:29:32 | 000,024,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC)
DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010-11-29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010-11-29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010-08-20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010-05-13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\..\URLSearchHook: {3d175337-41e3-48eb-a754-493577f658b9} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC ED 73 4E 17 BB CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95853F18-90B6-4472-A2AD-3BFAF5F5A51F}
IE - HKCU\..\SearchScopes\{48444E1A-FD18-45C6-92C1-3A8819B65AE0}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: optimizegoogle@optimizegoogle.com:0.79.1
FF - prefs.js..extensions.enabledAddons: trafficlight@bitdefender.com:0.1.28
FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
FF - prefs.js..extensions.enabledAddons: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.7.2
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: {FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}:0.44
FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledAddons: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.9.1
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Vicky\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-07-13 17:48:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-08 12:38:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-09-08 12:38:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012-06-14 01:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]

[2011-12-24 23:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
[2012-09-23 15:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions
[2012-04-25 19:19:57 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012-09-16 21:10:41 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2012-08-24 18:48:32 | 000,024,018 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\customization@adblockplus.org.xpi
[2012-09-13 11:42:12 | 000,067,038 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbp@fbpurity.com.xpi
[2012-09-13 11:42:09 | 000,162,292 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\fbsidebardisabler@vittgam.net.xpi
[2011-11-12 20:29:12 | 000,236,088 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012-02-10 18:52:01 | 000,792,865 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\trafficlight@bitdefender.com.xpi
[2012-07-11 11:44:22 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012-09-18 12:31:27 | 000,506,361 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2011-08-12 07:58:54 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011-07-26 05:40:30 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012-09-11 12:23:53 | 000,021,014 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2012-07-27 07:18:36 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011-10-30 01:44:28 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012-07-21 22:46:07 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012-09-16 22:47:17 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
[2012-09-13 16:03:12 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2012-06-08 00:37:26 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012-09-08 12:38:57 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-07-31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012-07-13 17:47:55 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012-08-29 00:22:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-07-12 14:14:41 | 000,005,137 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\ergative.xml
[2012-08-29 00:22:58 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2010-12-09 02:51:24 | 000,002,224 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\webblog.xml

O1 HOSTS File: ([2012-09-20 10:59:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {3d175337-41e3-48eb-a754-493577f658b9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Chameleon Folder] C:\Program Files\Chameleon Folder 2\chfolder.exe (NeoSoft Tools)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk = C:\Program Files\ElectraSoft\mbc\MBC.EXE (ElectraSoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Link Commander collection - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send Image To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - E:\Vicky\Installed\Mindjet MindManager\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

 

[vicky279]

[2012-09-24 00:59:50 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-23 15:15:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-21 00:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-09-20 11:04:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-09-20 10:59:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-09-20 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\temp
[2012-09-19 23:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-09-19 23:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-09-19 23:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-09-19 23:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-19 23:38:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-09-18 22:21:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\PC Tools
[2012-09-18 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Threat Expert
[2012-09-18 13:21:02 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0947.old
[2012-09-18 13:21:02 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0947.old
[2012-09-18 13:20:00 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012-09-18 13:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012-09-18 12:45:46 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012-09-18 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012-09-18 12:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012-09-18 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-09-18 11:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mindjet
[2012-09-17 23:28:50 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
[2012-09-17 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012-09-17 23:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
[2012-09-17 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Calibre Library
[2012-09-17 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\calibre
[2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012-09-17 23:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012-09-17 23:23:17 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2012-09-17 23:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire 5
[2012-09-17 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Usmania_Code
[2012-09-17 23:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Usmania Code
[2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Usmania Code
[2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Usmania Code
[2012-09-17 23:13:02 | 000,000,000 | R--D | C] -- C:\AHCache
[2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Throttle
[2012-09-17 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Throttle
[2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
[2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfAnonymousFree
[2012-09-17 22:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CalcTape
[2012-09-17 22:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\CalcTape
[2012-09-17 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\SMP Data
[2012-09-17 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare
[2012-09-17 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2012-09-17 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare Data
[2012-09-17 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Deskshare
[2012-09-17 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Spoon
[2012-09-17 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Deskshare
[2012-09-17 22:49:07 | 001,791,920 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.Controls.v13.1.0.ocx
[2012-09-17 22:49:07 | 001,226,672 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v13.1.0.ocx
[2012-09-17 22:49:07 | 000,538,544 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.SkinFramework.Unicode.v12.0.2.ocx
[2012-09-17 22:49:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reminder Commander
[2012-09-17 22:49:06 | 002,320,304 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.1.0.ocx
[2012-09-17 22:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reminder Commander
[2012-09-17 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Primo Ramdisk Ultimate Edition
[2012-09-17 22:47:53 | 000,158,144 | ---- | C] (Romex Software) -- C:\Windows\System32\drivers\fancyrd.sys
[2012-09-17 22:47:53 | 000,019,392 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\rxbsknl.sys
[2012-09-17 22:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Primo Ramdisk Ultimate Edition
[2012-09-17 22:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Stamp Remover
[2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
[2012-09-17 22:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Button Control
[2012-09-17 22:40:59 | 000,000,000 | ---D | C] -- C:\mbc
[2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\RobotSoft
[2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\RobotSoft
[2012-09-17 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse and Keyboard Recorder
[2012-09-17 22:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mirabyte Feed Writer
[2012-09-17 22:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\mirabyte
[2012-09-17 22:37:05 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
[2012-09-17 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2012-09-17 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\My Maps
[2012-09-17 22:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mindjet MindManager 2012
[2012-09-17 22:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2012-09-17 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
[2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Maxprog
[2012-09-17 22:32:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Maxprog
[2012-09-17 22:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMail Extractor
[2012-09-17 22:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\eMail Extractor
[2012-09-17 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LineReader
[2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Iconico
[2012-09-17 22:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\LineReader
[2012-09-17 22:30:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\MyPhoneExplorer
[2012-09-17 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyPhoneExplorer
[2012-09-17 22:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sketchpad
[2012-09-17 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp
[2012-09-17 22:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kepard
[2012-09-17 22:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Kepard
[2012-09-17 22:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Music Theory 3.0
[2012-09-17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ChordWizard
[2012-09-17 21:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRiver Media Center 17
[2012-09-17 21:30:00 | 000,381,608 | ---- | C] (JRiver, Inc.) -- C:\Windows\System32\MC17.exe
[2012-09-17 21:29:59 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AReadyLB.dll
[2012-09-17 21:29:59 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AudDevicePlugin.dll
[2012-09-17 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\J River
[2012-09-17 21:29:41 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\J River
[2012-09-17 21:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halotea
[2012-09-17 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirolit
[2012-09-17 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mirolit
[2012-09-17 21:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geometry Expressions v3.0
[2012-09-17 21:23:34 | 000,000,000 | ---D | C] -- C:\Program Files\Geometry Expressions v3.0
[2012-09-17 21:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gammadyne
[2012-09-17 21:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System-G
[2012-09-17 21:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Gammadyne Mailer
[2012-09-17 21:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft
[2012-09-17 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThunderSoft
[2012-09-17 21:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DreamCalc DC4P
[2012-09-17 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files\DreamCalc DC4P
[2012-09-17 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
[2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4
[2012-09-17 21:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Cookapp
[2012-09-17 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders
[2012-09-17 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
[2012-09-17 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Anthemion Writer's Café 2.32
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent Ultra Accelerator
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Ultra Accelerator
[2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Tint Guide
[2012-09-17 21:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beauty Guide
[2012-09-17 21:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Beauty Guide
[2012-09-17 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
[2012-09-17 21:01:03 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beyond Compare 3
[2012-09-17 21:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
[2012-09-17 20:51:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012-09-17 20:51:49 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2012-09-17 20:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Writer's Cafe Documents
[2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
[2012-09-17 20:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anthemion Writer's Café 2.32
[2012-09-17 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Writer's Cafe 2
[2012-09-17 20:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Acmework
[2012-09-15 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\dvdcss
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office 2010 Trial Extender
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Office 2010 Trial Extender
[2012-09-08 12:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-09-05 04:29:25 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Apple Computer
[2012-09-03 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012-09-03 13:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2012-09-02 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Rovio
[2012-09-02 11:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2012-08-30 13:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ProcessLasso
[2012-08-30 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Lasso
[2012-08-30 13:15:47 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
[2012-08-30 13:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Process Lasso
[2012-08-30 12:35:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Wise Disk Cleaner
[2012-08-30 12:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Research
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-24 00:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
[2012-09-23 20:13:36 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-23 20:13:36 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-23 20:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-09-23 20:05:57 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012-09-23 15:01:09 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012-09-23 10:24:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
[2012-09-20 10:59:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-09-19 22:18:18 | 000,215,597 | ---- | M] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
[2012-09-19 20:26:14 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012-09-18 22:20:42 | 001,318,816 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 18:07:04 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-18 01:56:47 | 000,449,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-09-18 01:56:14 | 000,000,048 | -HS- | M] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 23:23:17 | 000,001,211 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
[2012-09-17 23:21:47 | 000,000,007 | ---- | M] () -- C:\Users\Vicky\AppData\Local\~wmrg
[2012-09-17 22:42:17 | 000,001,841 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
[2012-09-17 22:36:42 | 000,002,902 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
[2012-09-17 22:33:07 | 000,000,049 | -H-- | M] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
[2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 22:22:16 | 000,001,821 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
[2012-09-17 21:19:25 | 000,001,775 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
[2012-09-17 21:07:15 | 000,001,229 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-14 22:11:24 | 000,663,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-14 22:11:24 | 000,121,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-14 16:45:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
[2012-09-05 16:40:12 | 000,046,690 | ---- | M] () -- C:\Windows\System32\YuoTubeDownloader.xpi
[2012-08-30 13:11:20 | 000,002,256 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-19 23:40:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-09-19 23:40:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-09-19 23:40:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-09-19 23:40:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-09-19 23:40:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-09-19 22:18:16 | 000,215,597 | ---- | C] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-19.json
[2012-09-18 13:21:03 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0947.old
[2012-09-18 12:45:54 | 001,318,816 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 01:56:14 | 000,000,048 | -HS- | C] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 23:29:00 | 000,001,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012-09-17 23:23:17 | 000,001,211 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.9.lnk
[2012-09-17 23:20:47 | 000,000,007 | ---- | C] () -- C:\Users\Vicky\AppData\Local\~wmrg
[2012-09-17 22:44:11 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-17 22:41:19 | 000,001,841 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mouse Button Control.lnk
[2012-09-17 22:36:42 | 000,002,902 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Mindjet MindManager 2012.lnk
[2012-09-17 22:33:07 | 000,000,049 | -H-- | C] () -- C:\Users\Vicky\AppData\Roaming\eMail Extractor registration.ini
[2012-09-17 22:28:11 | 000,001,536 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 22:22:16 | 000,001,821 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\Kepard.lnk
[2012-09-17 21:29:59 | 000,183,129 | ---- | C] () -- C:\Windows\System32\AM Install1.INF
[2012-09-17 21:19:12 | 000,001,775 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\DreamCalc DC4P.dat
[2012-09-17 21:07:15 | 000,001,229 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cropping Tool.lnk
[2012-09-17 20:46:56 | 000,003,019 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acme ID Card Maker 5.0.lnk
[2012-09-05 16:40:12 | 000,046,690 | ---- | C] () -- C:\Windows\System32\YuoTubeDownloader.xpi
[2012-07-20 12:07:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\LB603.dll
[2012-07-20 12:06:58 | 000,157,696 | ---- | C] () -- C:\Windows\System32\asxtract.dll
[2012-07-14 13:04:19 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-04 14:56:36 | 000,000,218 | ---- | C] () -- C:\Users\Vicky\AppData\Local\recently-used.xbel
[2012-06-14 12:32:14 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012-06-09 06:52:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-06-08 10:50:34 | 000,000,103 | ---- | C] () -- C:\Windows\System32\_system.ini
[2012-06-08 09:57:00 | 000,107,008 | ---- | C] () -- C:\Windows\poetunin.exe
[2012-06-08 09:56:22 | 000,077,824 | ---- | C] () -- C:\Windows\zipexe_r.exe
[2012-05-25 23:06:49 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012-05-13 19:55:04 | 000,002,075 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
[2012-04-21 09:24:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qhwm.sys
[2012-03-11 22:35:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012-03-11 22:35:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2012-03-11 20:58:34 | 000,155,136 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
[2012-03-06 00:31:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\RandWTTime.dat
[2012-03-05 23:45:17 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
[2012-03-05 23:34:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2012-03-05 23:34:25 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2012-03-03 15:58:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-03-02 20:44:59 | 000,005,002 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2012-03-01 23:13:56 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012-03-01 02:33:09 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\ziprecovery.ini
[2012-03-01 02:32:20 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\rarrecovery.ini
[2012-03-01 02:17:54 | 000,000,990 | ---- | C] () -- C:\Windows\System32\dcimam45.sys
[2012-02-29 23:52:21 | 000,006,852 | ---- | C] () -- C:\Windows\System32\drivers\Vcs.sys
[2012-01-26 01:26:55 | 000,249,856 | ---- | C] () -- C:\Windows\System32\GSService.exe
[2012-01-25 23:30:15 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2012-01-21 19:41:06 | 000,248,832 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-21 19:39:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-01-21 19:14:27 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\V2WCDRV.sys
[2012-01-18 04:07:07 | 000,002,256 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012-01-01 23:16:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012-01-01 23:16:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012-01-01 23:16:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012-01-01 23:16:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012-01-01 23:16:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012-01-01 23:16:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012-01-01 23:16:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012-01-01 23:16:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012-01-01 23:16:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012-01-01 23:16:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012-01-01 23:16:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012-01-01 23:16:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012-01-01 23:16:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012-01-01 23:16:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012-01-01 23:16:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012-01-01 23:15:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\EEBAPI.dll
[2012-01-01 23:15:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\EEBDSCVR.dll
[2012-01-01 23:15:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EBAPI.dll
[2012-01-01 21:39:18 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-01-01 20:32:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012-01-01 19:44:44 | 000,794,906 | ---- | C] () -- C:\Windows\unins000.exe
[2012-01-01 19:44:44 | 000,004,027 | ---- | C] () -- C:\Windows\unins000.dat
[2012-01-01 19:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-27 18:45:44 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011-12-26 21:25:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011-12-26 20:36:14 | 000,655,512 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011-12-26 20:04:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-12-26 19:19:13 | 000,029,462 | ---- | C] () -- C:\Windows\System32\netaf932.dll
[2011-11-17 07:10:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011-10-09 02:52:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
[2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-01-21 12:30:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\EmRegSys.dll
[2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-08-30 09:51:25 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-02-03 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\5imyshow.Ltd
[2012-06-14 17:32:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Acapela Group
[2012-04-11 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AdultAdvantage
[2012-03-11 20:59:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Aimersoft Video Converter Ultimate
[2012-05-25 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AnvSoft
[2012-01-30 18:00:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Apowersoft
[2012-05-25 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BinarySense
[2011-12-26 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BitDefender
[2012-01-21 06:27:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\cald3
[2012-09-17 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\calibre
[2012-01-23 02:16:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canneverbe_Limited
[2012-07-14 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canon
[2012-06-27 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CLiPW
[2012-06-28 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CocotronLibrary
[2012-05-08 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ComfortSoftware
[2012-09-17 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-05-08 17:56:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\concept design
[2012-04-29 15:49:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DAEMON Tools Pro
[2012-07-04 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\deluge
[2012-06-08 12:02:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Design Science
[2012-03-01 17:01:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DeskSoft
[2012-09-17 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:16:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
[2011-12-29 01:44:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DonationCoder
[2011-12-29 01:52:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DuckLink
[2012-01-01 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVD-Cloner
[2012-04-24 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoft
[2012-01-01 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-08-30 11:54:03 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Easy Macro Recorder
[2012-05-08 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\EasyMP3Downloader
[2012-06-07 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FaceOffMax
[2012-01-01 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FreeArc
[2012-06-30 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\gtk-2.0
[2012-06-27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Hard Disk Sentinel
[2012-05-08 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\HideIPPrivacy
[2012-09-17 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Iconico
[2012-03-03 03:30:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IGC
[2012-04-12 14:41:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ImgBurn
[2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IN-MEDIAKG
[2012-06-27 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Informatik Scan
[2012-03-01 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Intermedia Software
[2012-09-17 21:29:41 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\J River
[2012-05-08 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Jutoh
[2012-07-13 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Leadertech
[2012-08-20 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mariner Software
[2012-09-17 22:32:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Maxprog
[2012-05-08 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MechCAD
[2012-05-25 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\med2
[2012-09-16 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MediaMonkey
[2012-09-15 02:06:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MiniLyrics
[2012-07-13 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mipony
[2012-05-25 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MOBILedit
[2012-06-08 10:42:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Movienizer
[2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\mresreg
[2012-09-17 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MyPhoneExplorer
[2012-07-20 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mythicsoft
[2012-05-16 01:13:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Need for Speed World
[2012-03-02 20:26:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Netscape
[2012-05-13 19:36:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Nuance
[2012-06-27 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\oald8
[2012-03-02 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ooVoo Details
[2012-03-01 02:35:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\OtakuSoftware
[2012-03-02 18:12:12 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain
[2012-03-02 18:01:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Resizer Pro
[2012-07-17 16:44:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Converter
[2012-03-02 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Resizer Pro
[2012-03-02 18:16:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pelikan Software KFT
[2012-01-19 13:17:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PersonalBrain
[2012-03-02 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Photodex
[2012-03-03 16:41:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pixelplan
[2012-08-30 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
[2012-05-08 23:21:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PunkBuster
[2012-02-10 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\QuickScan
[2012-06-08 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rainmeter
[2012-05-25 23:37:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\RapidTyping
[2012-03-03 15:58:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Reasonable Software House Ltd
[2012-06-27 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Resort Labs
[2012-09-02 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rovio
[2012-09-17 21:01:08 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
[2012-06-07 20:22:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ScreenSteps
[2012-06-08 11:15:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Softplicity
[2012-05-09 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SuperMP3Download
[2012-06-27 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SuperUtils.com
[2012-09-17 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
[2012-08-30 12:27:16 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SwordSearcher
[2012-01-01 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Systweak
[2012-07-20 00:14:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TeraCopy
[2012-09-18 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-05-25 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Builder
[2012-05-25 23:36:30 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Reporter
[2012-06-14 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Thunderbird
[2012-03-03 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\UDC Profiles
[2012-03-03 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\USBSafelyRemove
[2012-09-23 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent
[2012-06-08 00:56:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent Turbo Booster
[2012-07-13 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Video2Webcam
[2012-01-01 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\VitySoft
[2012-02-22 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WeatherWatcherLive
[2012-06-29 04:24:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WebcamMax
[2012-08-30 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Wise Disk Cleaner
[2012-05-25 23:36:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Wondershare
[2012-09-17 20:49:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
[2012-06-14 17:34:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Xtranormal
[2012-03-01 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\YCanPDF

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011-12-26 20:49:26 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011-12-26 20:49:26 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:55B41E6A

< End of report >