Solved Infected with apype browser hacker virus

Status
Not open for further replies.
OTL didn't work. Whenever I run an OTL fix, the next time I start firefox, it takes some time to load the homepage. I think maybe its the malware configuring firefox to be as it was before the fix; so I guess the malware isn't integrated with firefox but some sort of an independent process just saying. It had downloaded a lot of malwares in a short time. It was a failure of my firewall as well. But the infection was controlled after I used PC Tools and it seems atleast for now that it isn't downloading any more malwares or rootkits. Is my other data safe except browser?

Here are the OTL fix logs and I have attached about:support page but I didn't understand how to do the same for the Troubleshooting Information_files folder so I haven't attached it. Did you mean that I click the show folder button next to Profile Folder under Application Basics and zip the entire folder and upload it here?

All processes killed
========== OTL ==========
Error: No service named acg89omk was found to stop!
Service\Driver key acg89omk not found.
Service REN2CAP_DRIVER stopped successfully!
Service REN2CAP_DRIVER deleted successfully!
C:\Windows\System32\drivers\ren2cap.sys moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Link Commander collection\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with Mipony\ deleted successfully.
C:\Program Files\MiPony\Browser\IEContext.htm moved successfully.
C:\Windows\System32\YuoTubeDownloader.xpi moved successfully.
C:\Windows\System32\LB603.dll moved successfully.
C:\Windows\System32\asxtract.dll moved successfully.
C:\Windows\System32\CNQ2414N.DAT moved successfully.
ADS C:\ProgramData\Temp:A5A1816B deleted successfully.
ADS C:\ProgramData\Temp:CBD3E4DE deleted successfully.
ADS C:\ProgramData\Temp:55B41E6A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: House
->Temp folder emptied: 65024 bytes
->Temporary Internet Files folder emptied: 809710 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 268876565 bytes
->Flash cache emptied: 2889 bytes

User: Public
->Temp folder emptied: 0 bytes

User: rwaals
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Vicky-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Vicky
->Temp folder emptied: 120281450 bytes
->Temporary Internet Files folder emptied: 72111526 bytes
->Java cache emptied: 21055000 bytes
->FireFox cache emptied: 648491347 bytes
->Flash cache emptied: 73393 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107324 bytes
RecycleBin emptied: 1428402 bytes

Total Files Cleaned = 1,081.00 mb


OTL by OldTimer - Version 3.2.66.0 log created on 10022012_000921

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Attachments

  • ff.zip
    2.5 KB · Views: 4
But I already have another account and its browser is corrupted as well. There is a lot of ongoing stuff on this user account and I don't want to lose it. If this is the only malware that has remained in the computer, I wouldn't mind doing a clean install of windows after I finish my ongoing things. But I need atleast some assurance that the virus won't creep into my external hdd when I connect it for transfering files before the format.
 
The one suggestion I have is if I take another good look at the system...

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.
2hd457o.gif


settingsslider.png


Set the slider to Maximum.

driversports.png


IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.


generaltab.png


On the General tab, make sure all of the boxes are checked.


misce.png


On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.


2ekm73m.gif

Click Create Report to run it.

beginscanning.png

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
 
Next fix for OTL, do just like normal...

:files
C:\Windows\System32\dcimam45.sys
C:\Windows\System32\netaf932.dll
C:\Windows\Downloaded Installations\{AB684908-3D30-49EB-8B86-B94C44680D99}

:commands
[emptytemp]
[reboot]
 
The homepage still changes back. Here are the logs. Can I uninstall Bitdefender and install Kaspersky Pure instead?

All processes killed
========== FILES ==========
C:\Windows\System32\dcimam45.sys moved successfully.
C:\Windows\System32\netaf932.dll moved successfully.
C:\Windows\Downloaded Installations\{AB684908-3D30-49EB-8B86-B94C44680D99} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: House
->Temp folder emptied: 67074 bytes
->Temporary Internet Files folder emptied: 284248 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19732888 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

User: rwaals
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Vicky-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vicky
->Temp folder emptied: 611875 bytes
->Temporary Internet Files folder emptied: 1369082 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 183776626 bytes
->Flash cache emptied: 2652 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 333555661 bytes

Total Files Cleaned = 514.00 mb


OTL by OldTimer - Version 3.2.66.0 log created on 10032012_022310

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Hang on for that until clean. Don't give up! :)

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *apype*
    *.tmp
    *youtube*
    *yuotube*
    *ilivid*

    :regfind
    apype
    SearchScopes
    ilivid
    youtube
    yuotube

    :folderfind
    *ilivid*
    *apype*
    *youtube*
    *yuotube*
    Click to expand...
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. You may need to upload it.
Note: The log can also be found on your Desktop entitled SystemLook.txt


(After we do this little spat, we may have to fully remove Firefox from the system, with no remnants.)
 
The links were for 64-bit systems. I am running 32-bit so I searched on google for the site to those links and downloaded the 32-bit version and scanned with that. Here are the logs. By the way I have a legit youtube downloader(ytd) still installed in the computer. I have been using it for quite some time and it was there long before the system got infected with yuotube downloader. If you want, I can uninstall ytd if it could help. When I had uninstalled Mozilla Firefox, I had selected everything for deletion so that it would be a really fresh install. I could try again with Revo uninstaller if you say or from All Programs. I am asking to change the AV because my current one has somehow due to some update, to push me to upgrade it, has disabled its firewall and I don't have any other firewall software installed.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:44 on 03/10/2012 by Vicky
Administrator - Elevation successful

========== filefind ==========

Searching for "*apype*"
No files found.

Searching for "*.tmp"
C:\Program Files\GUT1A06.tmp --a---- 4024320 bytes [07:30 14/07/2012] [07:30 14/07/2012] D9B40F617AF452482DBFE995D005C561
C:\Program Files\Canon\IJ Manual\CANON CANOSCAN LIDE 110\Uninstall.tmp --a---- 2167 bytes [07:34 14/07/2012] [07:34 14/07/2012] A8EB32E8251F968A641C859B239C2EB2
C:\Program Files\JDownloader\plugins\webinterface\all_info.tmpl --a---- 1439 bytes [18:06 01/01/2012] [08:27 07/09/2011] E732BE970D87F60AE1965D1030148A29
C:\Program Files\JDownloader\plugins\webinterface\bye.tmpl --a---- 533 bytes [18:06 01/01/2012] [08:27 07/09/2011] 6D2F0D2E9D543FAF2121DCE11D665C3A
C:\Program Files\JDownloader\plugins\webinterface\index.tmpl --a---- 8114 bytes [18:06 01/01/2012] [08:27 07/09/2011] ACF80E1E58DB40E7BB0862B13388A1BD
C:\Program Files\JDownloader\plugins\webinterface\link_adder.tmpl --a---- 5124 bytes [18:06 01/01/2012] [08:27 07/09/2011] 08E30E57042DAD9B92602F1543DA39AE
C:\Program Files\JDownloader\plugins\webinterface\nojs.tmpl --a---- 637 bytes [18:06 01/01/2012] [08:27 07/09/2011] 713E17D6D88560D2FFB3328F9879BF31
C:\Program Files\JDownloader\plugins\webinterface\passwd.tmpl --a---- 2181 bytes [18:06 01/01/2012] [08:27 07/09/2011] 95BA77429C7CBA08248D579038397519
C:\Program Files\JDownloader\plugins\webinterface\reconnect.tmpl --a---- 796 bytes [18:06 01/01/2012] [08:27 07/09/2011] 578963A5B67F0063F251F30D91AA420E
C:\Program Files\JDownloader\plugins\webinterface\restart.tmpl --a---- 793 bytes [18:06 01/01/2012] [08:27 07/09/2011] 19137BFEEA347043991E200265009E0D
C:\Program Files\JDownloader\plugins\webinterface\single_info.tmpl --a---- 1442 bytes [18:06 01/01/2012] [08:27 07/09/2011] 3645A2FC55480A0BCB1867A59B66CE41
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp --ahs-- 0 bytes [05:09 26/06/2012] [05:09 26/06/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\Microsoft\Windows\DRM\Cache\Indiv01.tmp --ahs-- 0 bytes [05:09 26/06/2012] [05:09 26/06/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA23.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA24.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA25.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA26.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA27.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA28.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA29.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA2A.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA2B.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5A.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5B.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5C.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5D.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5E.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5F.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF60.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF61.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF62.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\~bdE04F.tmp --a---- 0 bytes [20:57 02/10/2012] [20:57 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Roaming\uTorrent\app.1345936460.tmp --a---- 16438 bytes [23:14 25/08/2012] [23:14 25/08/2012] 08384E8CB677E80D4A69709186677A46
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtEF8C.tmp --a---- 212992 bytes [11:28 20/06/2012] [11:28 20/06/2012] 61235E29D462BD81DF751C2AEF50DC90

Searching for "*youtube*"
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube.dll --a---- 760344 bytes [08:42 11/11/2011] [08:42 11/11/2011] E7F3158FB8F036B0543CFE09843B86C9
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube_core.dll --a---- 362520 bytes [08:42 11/11/2011] [08:42 11/11/2011] A87D0C8E213D5A9102BF713AB5FE4171
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.png --a---- 611 bytes [08:35 11/11/2011] [08:35 11/11/2011] 791EB5B748F1B133FDE0506F10B68D93
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.xml --a---- 2186 bytes [08:35 11/11/2011] [08:35 11/11/2011] EFD561D737F690054E3BD58BAD075358
C:\Program Files\JDownloader\jd\captcha\methods\prtctt\images\youtube.png --a---- 5290 bytes [18:06 01/01/2012] [08:53 08/11/2009] C145F4D4543B1932BEA486BA2D5680EE
C:\Program Files\JDownloader\jd\img\hosterlogos\youtube.com.png --a---- 109 bytes [18:08 01/01/2012] [18:08 01/01/2012] 654568B1ACF8FA45D4D6EABDCBA23D5D
C:\Program Files\JDownloader\jd\plugins\hoster\Youtube.class --a---- 14304 bytes [18:06 01/01/2012] [16:13 23/09/2012] 66181F040D675D86B344447530D74B9C
C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac --a---- 5304 bytes [09:08 19/07/2012] [09:08 19/07/2012] 99EC45767C226789CA6BB273987EDC43
C:\Program Files\VideoLAN\VLC\lua\playlist\youtube_homepage.luac --a---- 1776 bytes [09:08 19/07/2012] [09:08 19/07/2012] 89585E5BC54B55DB25DE790F194DACF1
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\18131.gadget\images\youtube.gif --a---- 600 bytes [13:52 24/04/2012] [13:52 24/04/2012] AB7693DF88636553A3BA23152B60F681
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\18131.gadget\images\youtubedis.gif --a---- 394 bytes [13:52 24/04/2012] [13:52 24/04/2012] 2F57981796335FEFAFB3393C8895A561
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\181fm3gadget.gadget\images\youtube.gif --a---- 600 bytes [13:52 24/04/2012] [13:52 24/04/2012] AB7693DF88636553A3BA23152B60F681
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\181fm3gadget.gadget\images\youtubedis.gif --a---- 394 bytes [13:52 24/04/2012] [13:52 24/04/2012] 2F57981796335FEFAFB3393C8895A561
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\logs\FreeYouTubeDownload_v1.log --a---- 732280 bytes [14:08 01/01/2012] [17:15 09/02/2012] 3160461A3F8B33BE320EEAA7FC0C00CB
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\setup\FreeYouTubeDownload_setup.txt --a---- 52915 bytes [09:16 02/01/2012] [09:16 02/01/2012] CE427DA991F3166686FECCFC82D26BAB
C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm --a---- 253 bytes [14:08 01/01/2012] [09:16 02/01/2012] 40595A838EE34CA0449ADD45FA9C750F
C:\Users\Vicky\AppData\Roaming\uTorrent\Youtube Video Downloader 2.5.4.torrent --a---- 1555 bytes [16:35 21/01/2012] [16:35 21/01/2012] 86ACBA5EB023F4AEC311FFBF8B879698
C:\Users\Vicky\Desktop\Shortcuts\YTD YouTube Downloader & Converter.lnk --a---- 1004 bytes [13:32 04/06/2012] [13:32 04/06/2012] CB828D6900DA419D2F5789F151341725

Searching for "*yuotube*"
C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-YuoTubeDownloader_Helper.reg.dat --a---- 982 bytes [05:33 20/09/2012] [05:33 20/09/2012] 32722AF951B64A091B7444AD0A252633
C:\_OTL\MovedFiles\09232012_151559\C_Windows\System32\YuoTubeDownloader.dll --a---- 446464 bytes [11:10 05/09/2012] [11:10 05/09/2012] A62A7A97EA06BEF52DF1B2180531A6BB
C:\_OTL\MovedFiles\10022012_000921\C_Windows\System32\YuoTubeDownloader.xpi --a---- 46690 bytes [11:10 05/09/2012] [11:10 05/09/2012] 928D9CCA2EACFF2BD7A41BB9376FF566

Searching for "*ilivid*"
No files found.

========== regfind ==========

Searching for "apype"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="apype.com gigabase.ru conduit.com mystart.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://apype.com"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="apype.com gigabase.ru conduit.com mystart.com"

Searching for "SearchScopes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C0366-0000-0000-C000-000000000046}]
@="SearchScopes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1005\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]

Searching for "ilivid"
No data found.

Searching for "youtube"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\Manager\Links]
"youtube download"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\Manager\Links]
"youtube to mp3 converter"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\Manager\Links]
"youtube video downloader"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_CURRENT_USER\Software\GreenTree Applications\YTD Video Downloader]
@="C:\Program Files\YouTube Downloader"
[HKEY_CURRENT_USER\Software\LogiShrd\LWS\Preferences\Apps]
"YouTube"="false"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2424c3cc_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Users\Vicky\Desktop\New folder\z\Softwares\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\keygen\keygen.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5c84aa00_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\YouTube Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\716a0296_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\Bigasoft\YouTube Downloader\youtubedownloader.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\93ebc4ee_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\RocketDock\Icons]
"3-FileName"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_CURRENT_USER\Software\RocketDock\Icons]
"3-Command"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_CURRENT_USER\Software\RocketDock\Icons]
"3-WorkingDirectory"="C:\Program Files\YouTube Downloader"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath]
"13"="D:\Z\Softwares\New folder\Bigasoft YouTube Downloader\n12_Bigasoft.YouTube.Downloader.v1.0.1.4535_LAXiTY_softarchive.net\Bigasoft.YouTube.Downloader.v1.0.1.4535-LAXiTY\lxb14535"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVS4YOU\Navigator]
"AVS YouTube Uploader"="http://www.avs4you.com/Downloads/AV...urce=Navigator&utm_content=AVSYouTubeUploader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\4920FD12D9B61474BAF62BBABF2D83E7]
"YouTube"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7]
"ProductName"="LWS YouTube Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7\SourceList]
"PackageName"="YouTube_Release_x86.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Logitech\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\U7]
"DisplayName"="YouTube Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Logitech\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\U7]
"Description"=" Share your webcam videos on YouTube"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FreeYouTubeDownload_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FreeYouTubeDownload_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\g_youtube_downloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\g_youtube_downloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeConverter_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeConverter_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloaderSetup254_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloaderSetup254_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\youtubedownloaderToolbar-stub-1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\youtubedownloaderToolbar-stub-1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeGet_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeGet_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28067907F68824A4CB7A1178A4E5F840]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CB414A10116904F803DD0A86AABBF6]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A123496508EDC22449590FBEC0A83193]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube_core.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2001E1CEA933B74487658C45DBDC123]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4920FD12D9B61474BAF62BBABF2D83E7\Features]
"YouTube"="I{r3LWEdr?{NxJSesXO$`F8oCK~o=9*4]ota?=E6PHWBga7j&?7.PZ@!)%,4gPSg]g~Ki8gB^d[g%LvK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4920FD12D9B61474BAF62BBABF2D83E7\InstallProperties]
"DisplayName"="LWS YouTube Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"DisplayIcon"="C:\Program Files\YouTube Downloader\ytd.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"UninstallString"=""C:\Program Files\YouTube Downloader\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"URLInfoAbout"="http://www.youtubedownloadersite.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"InstallDir"="C:\Program Files\YouTube Downloader\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"MainApp"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}]
"DisplayName"="LWS YouTube Plugin"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\YouTube Downloader]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\DVDVideoSoft\Manager\Links]
"youtube download"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\DVDVideoSoft\Manager\Links]
"youtube to mp3 converter"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\DVDVideoSoft\Manager\Links]
"youtube video downloader"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\GreenTree Applications\YTD Video Downloader]
@="C:\Program Files\YouTube Downloader"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\LogiShrd\LWS\Preferences\Apps]
"YouTube"="false"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2424c3cc_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Users\Vicky\Desktop\New folder\z\Softwares\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\keygen\keygen.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5c84aa00_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\YouTube Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\716a0296_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\Bigasoft\YouTube Downloader\youtubedownloader.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\93ebc4ee_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\RocketDock\Icons]
"3-FileName"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\RocketDock\Icons]
"3-Command"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\RocketDock\Icons]
"3-WorkingDirectory"="C:\Program Files\YouTube Downloader"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\WinRAR\DialogEditHistory\ExtrPath]
"13"="D:\Z\Softwares\New folder\Bigasoft YouTube Downloader\n12_Bigasoft.YouTube.Downloader.v1.0.1.4535_LAXiTY_softarchive.net\Bigasoft.YouTube.Downloader.v1.0.1.4535-LAXiTY\lxb14535"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\YouTube Downloader]

Searching for "yuotube"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBarMFC.DeskBandImplD]
@="YuoTubeDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBarMFC.DeskBandImplD.1]
@="YuoTubeDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{942926A2-CC3B-4970-9AD6-D9056D197CE6}\1.0\0\win32]
@="C:\Windows\system32\YuoTubeDownloader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YuoTubeDownloader_Helper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YuoTubeDownloader_Helper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\YuoTubeDownloader]

========== folderfind ==========

Searching for "*ilivid*"
No folders found.

Searching for "*apype*"
No folders found.

Searching for "*youtube*"
C:\Program Files\YouTube Downloader d------ [16:38 21/01/2012]
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube d------ [14:35 13/07/2012]
C:\ProgramData\YTD YouTube Downloader & Converter d------ [06:13 11/04/2012]
C:\Users\All Users\YTD YouTube Downloader & Converter d------ [06:13 11/04/2012]
C:\Users\House\AppData\LocalLow\YouTube Downloader d------ [08:25 13/06/2012]
C:\Users\Vicky\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_youtubedownloade_935ac225f5fa9973ea299bcd98f7436a36d9316_057b6542 d----c- [18:21 29/06/2012]
C:\Users\Vicky\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Bigasoft YouTube Downloader 1.0.1.4535-30082012-114705 d------ [06:17 30/08/2012]
C:\Users\Vicky\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\GET Youtube Downloader Ultimate 6.7.7.0-26012012-154045 d------ [10:10 26/01/2012]
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\FreeYouTubeDownload d------ [09:16 02/01/2012]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\YouTube Downloader d------ [05:04 12/04/2012]

Searching for "*yuotube*"
C:\Users\Vicky\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\YuoTubeDownloader 3.0.0.0-18092012-121246 d------ [06:42 18/09/2012]

-= EOF =-
 
Hmm, I saw 64-bit system in the GSI report above, but that's fine. I understand about the internet security software, however, I don't want you to have to waste time installing it, because it could give some errors because of the malware. Did you already purchase it?

Delete any old copies of ComboFix. Download a new one and save to the Desktop. Don't run it yet!

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Download the attached CFScript.txt and save it in the same location as ComboFix (Desktop).
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 

Attachments

  • cfscript.txt
    2.8 KB · Views: 3
Okay I downloaded both and ran it as directed. But like before, it got stuck even though I had disabled my AV as much as possible. So I closed the software, deleted the file and redownloaded both files and ran it as directed in the safe mode this time. Everything was completed successfully and the computer rebooted once during the process but when I rebooted it again in normal mode and tried changing the homepage, it didn't work. Here are the logs

I don't know why it showed 64-bit in the report but I am sure I am running 32-bit Windows 7 Professional. Maybe it showed wrong because my processor supports 64-bit. No I haven't purchased any AV yet. I will have to a month later so I thought about giving kaspersky pure a try. If it won't give any problems in this malware removal, I would really like to install it as I want to connect my flash drive to it and offload some data.

ComboFix 12-10-03.03 - Vicky 05-Oct-12 0:16.4.2 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3071.2390 [GMT 5.5:30]
Running from: c:\users\Vicky\Desktop\ComboFix.exe
Command switches used :: c:\users\Vicky\Desktop\cfscript.txt
AV: BitDefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Vicky\Desktop\Shortcuts\YTD YouTube Downloader & Converter.lnk"
"c:\windows\system32\YuoTubeDownloader.dll"
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\YouTube Downloader
c:\program files\YouTube Downloader\COPYING.Apachev2
c:\program files\YouTube Downloader\COPYING.LGPLv2
c:\program files\YouTube Downloader\COPYING.LGPLv3
c:\program files\YouTube Downloader\FFMPEG.EXE
c:\program files\YouTube Downloader\Lang\res1025.ini
c:\program files\YouTube Downloader\Lang\res1026.ini
c:\program files\YouTube Downloader\Lang\res1029.ini
c:\program files\YouTube Downloader\Lang\res1030.ini
c:\program files\YouTube Downloader\Lang\res1031.ini
c:\program files\YouTube Downloader\Lang\res1032.ini
c:\program files\YouTube Downloader\Lang\res1033.ini
c:\program files\YouTube Downloader\Lang\res1034.ini
c:\program files\YouTube Downloader\Lang\res1035.ini
c:\program files\YouTube Downloader\Lang\res1036.ini
c:\program files\YouTube Downloader\Lang\res1038.ini
c:\program files\YouTube Downloader\Lang\res1040.ini
c:\program files\YouTube Downloader\Lang\res1043.ini
c:\program files\YouTube Downloader\Lang\res1044.ini
c:\program files\YouTube Downloader\Lang\res1045.ini
c:\program files\YouTube Downloader\Lang\res1048.ini
c:\program files\YouTube Downloader\Lang\res1049.ini
c:\program files\YouTube Downloader\Lang\res1050.ini
c:\program files\YouTube Downloader\Lang\res1051.ini
c:\program files\YouTube Downloader\Lang\res1052.ini
c:\program files\YouTube Downloader\Lang\res1053.ini
c:\program files\YouTube Downloader\Lang\res1055.ini
c:\program files\YouTube Downloader\Lang\res1059.ini
c:\program files\YouTube Downloader\Lang\res1061.ini
c:\program files\YouTube Downloader\Lang\res2052.ini
c:\program files\YouTube Downloader\Lang\res2070.ini
c:\program files\YouTube Downloader\Lang\res2074.ini
c:\program files\YouTube Downloader\Lang\res9999.ini
c:\program files\YouTube Downloader\librtmp.dll
c:\program files\YouTube Downloader\LICENSE
c:\program files\YouTube Downloader\manual.bat
c:\program files\YouTube Downloader\mediaplayer.swf
c:\program files\YouTube Downloader\scripts.yds
c:\program files\YouTube Downloader\Uninstall.exe
c:\program files\YouTube Downloader\ytd.exe
c:\programdata\YTD YouTube Downloader & Converter
c:\programdata\YTD YouTube Downloader & Converter\scripts0.yds
c:\programdata\YTD YouTube Downloader & Converter\ytd_installer.exe
c:\users\All Users\YTD YouTube Downloader & Converter\scripts0.yds
c:\users\All Users\YTD YouTube Downloader & Converter\ytd_installer.exe
c:\users\House\AppData\LocalLow\YouTube Downloader
c:\users\House\AppData\LocalLow\YouTube Downloader\res\widgets.xml
c:\users\Vicky\Desktop\Shortcuts\YTD YouTube Downloader & Converter.lnk
c:\windows\System32\config\systemprofile\AppData\LocalLow\YouTube Downloader
c:\windows\System32\config\systemprofile\AppData\LocalLow\YouTube Downloader\res\widgets.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-10-04 18:54 . 2012-10-04 18:56 -------- d-----w- c:\users\Vicky\AppData\Local\temp
2012-10-04 18:54 . 2012-10-04 18:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-04 18:54 . 2012-10-04 18:54 -------- d-----w- c:\users\UpdatusUser.Vicky-PC\AppData\Local\temp
2012-10-04 18:54 . 2012-10-04 18:54 -------- d-----w- c:\users\House\AppData\Local\temp
2012-10-04 18:54 . 2012-10-04 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 18:17 . 2012-10-04 18:17 -------- d-----w- C:\MyDrivers
2012-10-02 21:27 . 2012-10-02 21:28 -------- d-----w- C:\Z
2012-09-30 18:47 . 2012-09-30 18:48 -------- d-----w- c:\users\Vicky\AppData\Roaming\RapidTyping
2012-09-30 17:07 . 2012-09-30 17:07 -------- d-----w- c:\users\Vicky\AppData\Roaming\J River
2012-09-23 09:45 . 2012-09-23 09:45 -------- d-----w- C:\_OTL
2012-09-20 19:06 . 2012-09-20 19:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-09-18 16:51 . 2012-09-18 16:51 -------- d-----w- c:\users\Vicky\AppData\Roaming\PC Tools
2012-09-18 14:33 . 2012-09-18 14:33 -------- d-----w- c:\users\Vicky\AppData\Local\Threat Expert
2012-09-18 07:51 . 2012-06-22 06:08 767960 ----a-w- c:\windows\BDTSupport.dll0947.old
2012-09-18 07:51 . 2012-06-22 06:09 149464 ----a-w- c:\windows\SGDetectionTool.dll0947.old
2012-09-18 07:51 . 2012-06-22 06:09 2267096 ----a-w- c:\windows\PCTBDCore.dll0947.old
2012-09-18 07:50 . 2012-06-22 10:03 17880 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-09-18 07:15 . 2012-09-18 21:17 -------- d-----w- c:\program files\Common Files\PC Tools
2012-09-18 07:15 . 2012-06-22 10:04 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-18 07:14 . 2012-09-18 07:14 -------- d-----w- c:\users\Vicky\AppData\Roaming\TestApp
2012-09-17 17:58 . 2012-08-07 10:36 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-09-17 17:55 . 2012-09-30 15:45 -------- d-----w- c:\users\Vicky\AppData\Roaming\calibre
2012-09-17 17:43 . 2012-09-17 17:43 -------- d-----w- c:\users\Vicky\AppData\Local\Usmania_Code
2012-09-17 17:26 . 2012-09-17 17:36 -------- d-----w- c:\users\Vicky\AppData\Roaming\SurfAnonymousFree
2012-09-17 17:22 . 2012-09-17 17:36 -------- d-----w- c:\users\Vicky\AppData\Local\DeskShare
2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\users\Vicky\AppData\Local\DeskShare Data
2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\programdata\Deskshare
2012-09-17 17:22 . 2012-09-17 17:22 -------- d-----w- c:\users\Vicky\AppData\Local\Spoon
2012-09-17 17:17 . 2012-04-18 11:42 19392 ----a-w- c:\windows\system32\drivers\rxbsknl.sys
2012-09-17 17:07 . 2006-01-30 03:02 5632 ----a-w- c:\windows\system32\pxc25pm.dll
2012-09-17 17:05 . 2012-09-17 17:05 -------- d-----w- c:\users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\users\Vicky\AppData\Roaming\CommonDataMSI
2012-09-17 17:01 . 2012-09-17 17:01 -------- d-----w- c:\users\Vicky\AppData\Roaming\Iconico
2012-09-17 16:52 . 2012-09-17 16:52 -------- d-----w- c:\program files\GtkSharp
2012-09-17 16:50 . 2012-09-17 16:50 -------- d-----w- c:\program files\ChordWizard
2012-09-17 15:59 . 2012-08-13 16:00 585728 ------w- c:\windows\system32\AReadyLB.dll
2012-09-17 15:59 . 2012-08-13 16:00 229376 ------w- c:\windows\system32\AudDevicePlugin.dll
2012-09-17 15:46 . 2012-09-17 15:46 -------- d-----w- c:\users\Vicky\AppData\Roaming\DiskSpaceFan
2012-09-17 15:44 . 2012-09-17 15:45 -------- d-----w- c:\users\Vicky\AppData\Roaming\Direct Folders
2012-09-17 15:44 . 2012-09-17 15:44 -------- d-----w- c:\program files\Direct Folders
2012-09-17 15:37 . 2012-09-17 15:38 -------- d-----w- c:\program files\BitTorrent Ultra Accelerator
2012-09-17 15:31 . 2012-09-17 15:31 -------- d-----w- c:\users\Vicky\AppData\Roaming\Scooter Software
2012-09-17 15:19 . 2012-09-30 17:56 -------- d-----w- c:\users\Vicky\AppData\Roaming\Writer's Cafe 2
2012-09-14 20:59 . 2012-09-14 20:59 -------- d-----w- c:\users\Vicky\AppData\Roaming\dvdcss
2012-09-13 12:02 . 2012-09-13 12:02 -------- d-----w- c:\program files\Office 2010 Trial Extender
2012-09-05 08:33 . 2012-09-05 08:33 -------- d-----w- c:\users\House\AppData\Roaming\Design Science
2012-09-04 22:59 . 2012-09-05 18:52 -------- d-----w- c:\users\Vicky\AppData\Local\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-01 08:05 . 2012-09-01 08:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 08:05 . 2012-01-01 17:17 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-01 08:05 . 2011-12-16 09:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-22 18:01 . 2012-04-10 16:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 18:01 . 2011-12-15 11:14 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-17 19:20 . 2012-08-12 15:11 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-07-20 06:36 . 2012-07-20 06:36 136008 ----a-w- c:\windows\system32\MSINET.Ocx
2012-07-14 07:30 . 2012-07-14 07:30 4024320 ----a-w- c:\program files\GUT1A06.tmp
2012-07-13 14:34 . 2012-07-13 14:34 53248 ----a-r- c:\users\Vicky\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-12 09:28 . 2012-07-12 08:45 233888 ----a-w- c:\windows\system32\DreamScene.dll
2010-07-08 05:07 . 2010-07-08 05:07 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
2012-09-06 01:27 . 2012-09-29 11:27 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-15 718208]
"Chameleon Folder"="c:\program files\Chameleon Folder 2\chfolder.exe" [2012-03-09 2906112]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-12-26 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-12-26 1451928]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\House\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BitTorrent Ultra Accelerator.lnk
backup=c:\windows\pss\BitTorrent Ultra Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DFX.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DFX.lnk
backup=c:\windows\pss\DFX.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
backup=c:\windows\pss\MobileGo Service.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SkinPackMenu.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SkinPackMenu.lnk
backup=c:\windows\pss\SkinPackMenu.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UberIcon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^YzShadow.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
backup=c:\windows\pss\YzShadow.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Direct Folders.lnk]
path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Direct Folders.lnk
backup=c:\windows\pss\Direct Folders.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Vicky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk]
path=c:\users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk
backup=c:\windows\pss\PersonalBrain.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 04:48 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2010-08-20 04:27 107816 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2012-04-11 23:08 1163072 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-01 14:32 136176 ----atw- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LearnWords Launcher]
2012-03-26 23:18 792576 ----a-w- c:\program files\LearnWords\LearnWords.exe
.
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [x]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [x]
R2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [x]
R3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
R4 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 14:32]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
- c:\users\Vicky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-01 14:32]
.
2012-10-04 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-01 07:56]
.
2012-10-03 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-01-01 07:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.in/
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\
FF - prefs.js: browser.search.selectedEngine - Custom search
FF - prefs.js: browser.startup.homepage - hxxp://apype.com
FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iTurbo - c:\program files\iNTERNET Turbo\ITTray.exe
MSConfigStartUp-MMReminderService - e:\vicky\Installed\Mindjet MindManager\MMReminderService.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-TkBellExe - c:\program files\Real\RealPlayer\update\realsched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{381FFDE8-2394-4F90-B10D-FC6124A40F8C}"=hex:51,66,7a,6c,4c,1d,38,12,86,fe,0c,
3c,a6,6d,fe,0a,ce,1b,bf,21,21,fa,4b,98
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}"=hex:51,66,7a,6c,4c,1d,38,12,f1,24,4e,
ea,29,46,6a,01,e6,5b,85,f6,0f,f0,fe,79
"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,
0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}"=hex:51,66,7a,6c,4c,1d,38,12,d8,cf,e9,
98,0d,61,19,04,eb,fc,4e,6b,77,8d,c0,d5
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{C08DF07A-3E49-4E25-9AB0-D3882835F153}"=hex:51,66,7a,6c,4c,1d,38,12,14,f3,9e,
c4,7b,70,4b,0b,e5,a6,90,c8,2d,6b,b5,47
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}"=hex:51,66,7a,6c,4c,1d,38,12,95,22,87,
ed,ef,26,9e,05,cb,ba,f4,42,79,f0,6b,0e
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:cc,40,94,66,28,f9,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,9e,eb,b9,6a,e6,93,4d,9a,1e,5c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,9e,eb,b9,6a,e6,93,4d,9a,1e,5c,\
.
[HKEY_USERS\.Default\Software\SetId\Internal]
@Denied: (A 2) (LocalSystem)
"DEVICE2"="vrfIyq7KygA="
"DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"0\" InstallIS=\"1289332796\" isSubsc=\"0\" authStat_is=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"2\" moduleId1=\"8\" moduleId2=\"0\" relType=\"1\" />"
.
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8B9462F1-CA22-C48C-8A89-885E3BB03B97}*]
"bbbhmnpdoafdfgaaoflnafbkcbfofhnpegfk"=hex:69,61,66,6d,6f,6a,69,6b,65,6a,6f,6e,
6c,6a,66,6a,6c,70,00,00
"ablhknooeaogpfiemgonfiaghlejoigfed"=hex:6a,61,69,6d,64,6a,6e,6f,6f,67,63,64,
69,62,6e,6b,69,62,6c,6a,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-10-05 00:29:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-04 18:59
.
Pre-Run: 9,590,636,544 bytes free
Post-Run: 9,285,332,992 bytes free
.
- - End Of File - - 1AEB0D289FB03EE69BBFB4E270794FD0
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    Firefox::
    FF - ProfilePath - c:\users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\
    FF - prefs.js: browser.search.selectedEngine - Custom search
    FF - prefs.js: browser.startup.homepage - hxxp://apype.com
    FF - prefs.js: keyword.URL - hxxp://apype.com/results.php?q=
    Click to expand...
  • Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
Even though I disabled my AV before doing the fix, it still showed a window that Bitdefender is still active and it would interfere with its operations and that could have unknown consequences. So I closed that window and closed another window that popped up after that and I restarted the computer and tried to run it once again. Then I tried to run it in safe mode. Still the same message popped up again and again. I had disabled the AV just like before but now it is showing this message. What must I do?
 
[LEFT]I think that bitdefender has been interfering in all virus removal tools which is why they have been ineffective. Here are the OTL Quick Scan logs[/LEFT]
[LEFT] [/LEFT]
[LEFT]OTL logfile created on: 06-Oct-12 11:53:25 PM - Run 5
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Vicky\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 60.77% Memory free
5.99 Gb Paging File | 4.72 Gb Available in Paging File | 78.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.62 Gb Total Space | 10.34 Gb Free Space | 19.28% Space Free | Partition Type: NTFS
Drive D: | 89.63 Gb Total Space | 4.27 Gb Free Space | 4.77% Space Free | Partition Type: NTFS
Drive E: | 58.64 Gb Total Space | 5.18 Gb Free Space | 8.84% Space Free | Partition Type: NTFS
Drive F: | 30.89 Gb Total Space | 0.38 Gb Free Space | 1.23% Space Free | Partition Type: NTFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
PRC - [2012-08-22 20:24:50 | 000,369,544 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2012-08-22 20:24:48 | 000,677,256 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012-05-15 14:57:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2012-03-09 16:58:08 | 002,906,112 | ---- | M] (NeoSoft Tools) -- C:\Program Files\Chameleon Folder 2\chfolder.exe
PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011-12-26 21:06:50 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011-12-26 21:03:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-03-16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012-06-28 17:30:25 | 016,531,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\bcee5d59d5cc1be6caddd114461e60b6\mscorlib.ni.dll
MOD - [2012-03-09 13:15:40 | 000,894,464 | ---- | M] () -- C:\Program Files\Chameleon Folder 2\cf.dll
MOD - [2011-12-26 21:05:09 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2011-12-26 21:03:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011-12-26 21:02:38 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011-11-11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011-11-11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011-11-11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011-11-11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011-11-11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010-11-30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010-07-23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vicky\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aqmu0mnx)
DRV - [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012-05-24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012-05-15 15:56:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-04-29 13:48:14 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012-04-29 13:46:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-04-18 22:38:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012-02-02 21:08:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012-01-18 12:14:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-12-26 21:03:38 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011-12-26 21:02:05 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011-06-23 12:13:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011-05-06 23:29:32 | 000,024,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC)
DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010-11-29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010-11-29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010-08-20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010-05-13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC ED 73 4E 17 BB CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{48444E1A-FD18-45C6-92C1-3A8819B65AE0}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
FF - prefs.js..extensions.enabledAddons: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.7.2
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-29 16:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-01 00:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]

[2012-09-29 16:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
[2012-10-06 20:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\extensions
[2012-09-27 21:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions
[2012-09-27 21:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012-10-06 01:08:25 | 000,069,304 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\extensions\fbp@fbpurity.com.xpi
[2012-10-02 15:48:42 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012-09-30 23:57:06 | 000,021,014 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2012-10-02 15:54:05 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012-09-29 16:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-10-04 23:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2012-06-08 00:37:26 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012-09-06 06:57:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-07-31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012-09-06 06:56:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-09-06 06:56:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012-10-05 00:26:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Chameleon Folder] C:\Program Files\Chameleon Folder 2\chfolder.exe (NeoSoft Tools)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-05 23:35:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-10-05 23:34:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-10-05 23:32:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-10-05 00:29:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-10-05 00:24:37 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\temp
[2012-10-04 23:47:22 | 000,000,000 | ---D | C] -- C:\MyDrivers
[2012-10-03 23:25:06 | 004,761,955 | R--- | C] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
[2012-10-03 02:57:56 | 000,000,000 | ---D | C] -- C:\Z
[2012-10-01 00:17:40 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\RapidTyping
[2012-09-30 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\J River
[2012-09-29 16:41:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\logs
[2012-09-24 00:59:50 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-23 15:15:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-21 00:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-09-19 23:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-09-19 23:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-09-19 23:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-09-19 23:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-19 23:38:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-09-18 22:21:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\PC Tools
[2012-09-18 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Threat Expert
[2012-09-18 13:21:02 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0947.old
[2012-09-18 13:21:02 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0947.old
[2012-09-18 13:20:00 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012-09-18 12:45:46 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012-09-18 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012-09-18 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-09-17 23:28:50 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
[2012-09-17 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\calibre
[2012-09-17 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Usmania_Code
[2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
[2012-09-17 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\SMP Data
[2012-09-17 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare
[2012-09-17 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare Data
[2012-09-17 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Deskshare
[2012-09-17 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Spoon
[2012-09-17 22:47:53 | 000,019,392 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\rxbsknl.sys
[2012-09-17 22:37:05 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
[2012-09-17 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2012-09-17 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
[2012-09-17 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Iconico
[2012-09-17 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp
[2012-09-17 22:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Music Theory 3.0
[2012-09-17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ChordWizard
[2012-09-17 21:29:59 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AReadyLB.dll
[2012-09-17 21:29:59 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AudDevicePlugin.dll
[2012-09-17 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
[2012-09-17 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders
[2012-09-17 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent Ultra Accelerator
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Ultra Accelerator
[2012-09-17 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
[2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
[2012-09-15 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\dvdcss
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office 2010 Trial Extender
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Office 2010 Trial Extender
[2012-09-08 12:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ][/LEFT]
 
========== Files - Modified Within 30 Days ==========

[2012-10-06 23:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
[2012-10-06 15:01:10 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012-10-06 10:24:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
[2012-10-06 02:16:47 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-06 02:16:47 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-06 02:09:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-06 02:09:12 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-05 00:26:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-10-03 23:26:35 | 004,761,955 | R--- | M] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
[2012-10-03 20:26:11 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012-09-30 23:37:48 | 000,440,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-09-29 16:57:49 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-09-29 16:43:08 | 000,138,645 | ---- | M] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-29.json
[2012-09-29 16:42:43 | 008,584,284 | ---- | M] () -- C:\Users\Vicky\Desktop\Firefox 15.0.1 (en-US) - 2012-09-29.pcv
[2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-18 22:20:42 | 001,318,816 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 18:07:04 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-18 01:56:14 | 000,000,048 | -HS- | M] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 21:07:15 | 000,001,229 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-14 22:11:24 | 000,663,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-14 22:11:24 | 000,121,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-14 16:45:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
[2012-09-07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-29 16:57:49 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-09-29 16:57:49 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-09-29 16:43:08 | 000,138,645 | ---- | C] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-29.json
[2012-09-29 16:42:34 | 008,584,284 | ---- | C] () -- C:\Users\Vicky\Desktop\Firefox 15.0.1 (en-US) - 2012-09-29.pcv
[2012-09-19 23:40:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-09-19 23:40:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-09-19 23:40:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-09-19 23:40:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-09-19 23:40:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-09-18 13:21:03 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0947.old
[2012-09-18 12:45:54 | 001,318,816 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 01:56:14 | 000,000,048 | -HS- | C] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 22:44:11 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-17 22:28:11 | 000,001,536 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 21:29:59 | 000,183,129 | ---- | C] () -- C:\Windows\System32\AM Install1.INF
[2012-09-17 21:07:15 | 000,001,229 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-04 14:56:36 | 000,000,218 | ---- | C] () -- C:\Users\Vicky\AppData\Local\recently-used.xbel
[2012-06-14 12:32:14 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012-06-09 06:52:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-06-08 10:50:34 | 000,000,103 | ---- | C] () -- C:\Windows\System32\_system.ini
[2012-06-08 09:57:00 | 000,107,008 | ---- | C] () -- C:\Windows\poetunin.exe
[2012-06-08 09:56:22 | 000,077,824 | ---- | C] () -- C:\Windows\zipexe_r.exe
[2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012-05-13 19:55:04 | 000,002,075 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
[2012-04-21 09:24:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qhwm.sys
[2012-03-11 22:35:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012-03-11 22:35:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2012-03-11 20:58:34 | 000,155,136 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
[2012-03-06 00:31:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\RandWTTime.dat
[2012-03-05 23:45:17 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
[2012-03-05 23:34:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2012-03-05 23:34:25 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2012-03-03 15:58:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-03-02 20:44:59 | 000,005,002 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2012-03-01 23:13:56 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012-03-01 02:33:09 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\ziprecovery.ini
[2012-03-01 02:32:20 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\rarrecovery.ini
[2012-01-21 19:41:06 | 000,248,832 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-21 19:39:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-01-21 19:14:27 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\V2WCDRV.sys
[2012-01-18 04:07:07 | 000,002,256 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012-01-01 23:16:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012-01-01 23:16:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012-01-01 23:16:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012-01-01 23:16:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012-01-01 23:16:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012-01-01 23:16:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012-01-01 23:16:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012-01-01 23:16:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012-01-01 23:16:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012-01-01 23:16:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012-01-01 23:16:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012-01-01 23:16:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012-01-01 23:16:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012-01-01 23:16:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012-01-01 23:16:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012-01-01 23:15:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\EEBAPI.dll
[2012-01-01 23:15:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\EEBDSCVR.dll
[2012-01-01 23:15:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EBAPI.dll
[2012-01-01 21:39:18 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-01-01 20:32:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012-01-01 19:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-27 18:45:44 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011-12-26 21:25:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011-12-26 20:36:14 | 000,655,512 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011-12-26 20:04:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-11-17 07:10:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011-10-09 02:52:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
[2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-08-30 09:51:25 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-02-03 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\5imyshow.Ltd
[2012-06-14 17:32:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Acapela Group
[2012-04-11 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AdultAdvantage
[2012-03-11 20:59:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Aimersoft Video Converter Ultimate
[2012-05-25 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AnvSoft
[2012-01-30 18:00:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Apowersoft
[2012-05-25 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BinarySense
[2011-12-26 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BitDefender
[2012-01-21 06:27:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\cald3
[2012-09-30 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\calibre
[2012-01-23 02:16:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canneverbe_Limited
[2012-07-14 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canon
[2012-06-27 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CLiPW
[2012-06-28 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CocotronLibrary
[2012-05-08 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ComfortSoftware
[2012-09-17 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-05-08 17:56:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\concept design
[2012-04-29 15:49:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DAEMON Tools Pro
[2012-07-04 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\deluge
[2012-06-08 12:02:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Design Science
[2012-03-01 17:01:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DeskSoft
[2012-09-17 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:16:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
[2011-12-29 01:44:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DonationCoder
[2011-12-29 01:52:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DuckLink
[2012-01-01 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVD-Cloner
[2012-04-24 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoft
[2012-01-01 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-08-30 11:54:03 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Easy Macro Recorder
[2012-05-08 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\EasyMP3Downloader
[2012-06-07 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FaceOffMax
[2012-01-01 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FreeArc
[2012-06-30 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\gtk-2.0
[2012-06-27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Hard Disk Sentinel
[2012-05-08 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\HideIPPrivacy
[2012-09-17 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Iconico
[2012-03-03 03:30:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IGC
[2012-04-12 14:41:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ImgBurn
[2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IN-MEDIAKG
[2012-06-27 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Informatik Scan
[2012-03-01 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Intermedia Software
[2012-09-30 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\J River
[2012-05-08 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Jutoh
[2012-07-13 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Leadertech
[2012-08-20 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mariner Software
[2012-05-08 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MechCAD
[2012-05-25 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\med2
[2012-09-16 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MediaMonkey
[2012-07-13 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mipony
[2012-05-25 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MOBILedit
[2012-10-04 23:39:01 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Movienizer
[2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\mresreg
[2012-07-20 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mythicsoft
[2012-05-16 01:13:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Need for Speed World
[2012-03-02 20:26:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Netscape
[2012-05-13 19:36:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Nuance
[2012-06-27 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\oald8
[2012-03-02 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ooVoo Details
[2012-03-01 02:35:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\OtakuSoftware
[2012-03-02 18:12:12 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain
[2012-03-02 18:01:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Resizer Pro
[2012-10-01 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Converter
[2012-03-02 18:16:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pelikan Software KFT
[2012-10-01 00:57:47 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PersonalBrain
[2012-03-02 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Photodex
[2012-03-03 16:41:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pixelplan
[2012-08-30 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
[2012-05-08 23:21:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PunkBuster
[2012-02-10 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\QuickScan
[2012-06-08 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rainmeter
[2012-10-01 00:18:31 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\RapidTyping
[2012-03-03 15:58:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Reasonable Software House Ltd
[2012-06-27 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Resort Labs
[2012-09-02 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rovio
[2012-09-17 21:01:08 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
[2012-06-07 20:22:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ScreenSteps
[2012-06-08 11:15:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Softplicity
[2012-05-09 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SuperMP3Download
[2012-09-17 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
[2012-09-30 23:05:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SwordSearcher
[2012-01-01 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Systweak
[2012-09-30 22:59:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TeraCopy
[2012-09-18 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-10-01 00:26:26 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Builder
[2012-10-01 00:54:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Reporter
[2012-06-14 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Thunderbird
[2012-03-03 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\UDC Profiles
[2012-03-03 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\USBSafelyRemove
[2012-10-06 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent
[2012-06-08 00:56:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent Turbo Booster
[2012-07-13 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Video2Webcam
[2012-01-01 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\VitySoft
[2012-02-22 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WeatherWatcherLive
[2012-06-29 04:24:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WebcamMax
[2012-09-30 23:24:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Wondershare
[2012-09-30 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
[2012-06-14 17:34:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Xtranormal
[2012-03-01 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\YCanPDF

========== Purity Check ==========



< End of report >
 
Run this OTL fix as usual:

:OTL
FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
[2012-04-24 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoft
[2012-01-01 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers

:commands
[emptytemp]
[reboot]
Click to expand...


Then, open AdwCleaner, press Uninstall. Then, download a new copy, run it, press Delete, and post a log.
 
All processes killed
========== OTL ==========
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\setup folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\logs folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\installation_logs folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\FreeYouTubeDownload folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\FreeVideoDub\Themes folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\FreeVideoDub folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\backup\FreeVideoDub folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\backup folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft folder moved successfully.
C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers folder moved successfully.
File ptytemp] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.66.0 log created on 10082012_045244

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



# AdwCleaner v2.004 - Logfile created 10/08/2012 at 05:00:22
# Updated 06/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Vicky - VICKY-PC
# Boot Mode : Normal
# Running from : C:\Users\Vicky\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\prefs.js

Deleted : user_pref("extensions.506ac23aca410.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.506ac2604bebc.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.506ac27c09a7a.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.506ac28d717f9.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.506ac2a3eca2b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.506ac2b3863b0.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.50704b385121e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.50713b1396516.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

Profile name : default
File : C:\Users\House\AppData\Roaming\Mozilla\Firefox\Profiles\asu9wrvh.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1858 octets] - [08/10/2012 05:00:22]

########## EOF - C:\AdwCleaner[S1].txt - [1918 octets] ##########
 
No dude its still active. I change the homepage then close firefox and start it again to see if the homepage changes back. I do the drill everytime we run a fix or scan. I have been following all instructions as you say but no luck. I know I know nothing about virus removal but I really think bitdefender is not allowing these AV to work as they should. Now due to some update it won't let ComboFix to even run. I really don't care if I am without a realtime AV in my pc. I would activate malwarebytes free trial for the time being. I pay well for a decent internet connection but I am not able to download anything since I have run out of space and am scared to connect any device to the computer.
 
YIPPIEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! IT WORKED IT WORKED!!!!!!!!!!

Opened the 'Show folder' from Troubleshooting Information in firefox, closed Firefox, started Revo Uninstaller Pro, uninstalled firefox using the official firefox uninstaller, deleted all the leftover files it showed in the scan after the uninstall, closed Revo uninstaller, deleted the appdata firefox folder and the program files folder was deleted already by Revo uninstaller, restarted windows, installed firefox again, changed the homepage to google, closed and started again, still stayed on google, installed all the bookmarks, closed and started again, still the homepage was google.

The virus was in the goddamn firefox appdata folder I suppose. Now I hope the pc is clean.
 
I almost forgot the OTL quick scan I did just before installing firefox

OTL logfile created on: 10-Oct-12 2:19:00 PM - Run 6
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Vicky\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.22% Memory free
5.99 Gb Paging File | 5.14 Gb Available in Paging File | 85.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.62 Gb Total Space | 10.63 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
Drive D: | 89.63 Gb Total Space | 4.27 Gb Free Space | 4.77% Space Free | Partition Type: NTFS
Drive E: | 58.64 Gb Total Space | 5.18 Gb Free Space | 8.83% Space Free | Partition Type: NTFS
Drive F: | 30.89 Gb Total Space | 0.38 Gb Free Space | 1.23% Space Free | Partition Type: NTFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
PRC - [2012-08-22 20:24:50 | 000,369,544 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2012-08-22 20:24:48 | 000,677,256 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012-05-15 14:57:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2012-03-09 16:58:08 | 002,906,112 | ---- | M] (NeoSoft Tools) -- C:\Program Files\Chameleon Folder 2\chfolder.exe
PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011-12-26 21:06:50 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011-12-26 21:03:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-03-16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012-03-09 13:15:40 | 000,894,464 | ---- | M] () -- C:\Program Files\Chameleon Folder 2\cf.dll
MOD - [2011-12-26 21:05:09 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2011-12-26 21:03:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011-12-26 21:02:38 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011-11-11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011-11-11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011-11-11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011-11-11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011-11-11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Services (SafeList) ==========

SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010-11-30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010-07-23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vicky\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (assk84ni)
DRV - [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012-05-24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012-05-15 15:56:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-04-29 13:48:14 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012-04-29 13:46:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-04-18 22:38:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012-02-02 21:08:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012-01-18 12:14:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-12-26 21:03:38 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011-12-26 21:02:05 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011-06-23 12:13:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011-05-06 23:29:32 | 000,024,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC)
DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010-11-29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010-11-29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010-08-20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010-05-13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC ED 73 4E 17 BB CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{48444E1A-FD18-45C6-92C1-3A8819B65AE0}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012-10-05 00:26:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Chameleon Folder] C:\Program Files\Chameleon Folder 2\chfolder.exe (NeoSoft Tools)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-05 23:35:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-10-05 23:34:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012-10-05 23:32:38 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012-10-05 00:29:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-10-05 00:24:37 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\temp
[2012-10-04 23:47:22 | 000,000,000 | ---D | C] -- C:\MyDrivers
[2012-10-03 23:25:06 | 004,761,955 | R--- | C] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
[2012-10-03 02:57:56 | 000,000,000 | ---D | C] -- C:\Z
[2012-09-29 16:41:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\logs
[2012-09-24 00:59:50 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-23 15:15:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-21 00:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-09-19 23:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-09-19 23:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-09-19 23:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-09-19 23:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-19 23:38:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-09-18 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Threat Expert
[2012-09-18 13:21:02 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0947.old
[2012-09-18 13:21:02 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0947.old
[2012-09-18 13:20:00 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012-09-18 12:45:46 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012-09-18 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012-09-18 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-09-17 23:28:50 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
[2012-09-17 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Usmania_Code
[2012-09-17 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\SMP Data
[2012-09-17 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare
[2012-09-17 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare Data
[2012-09-17 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Deskshare
[2012-09-17 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Spoon
[2012-09-17 22:47:53 | 000,019,392 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\rxbsknl.sys
[2012-09-17 22:37:05 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
[2012-09-17 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2012-09-17 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
[2012-09-17 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-09-17 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp
[2012-09-17 22:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Music Theory 3.0
[2012-09-17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ChordWizard
[2012-09-17 21:29:59 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AReadyLB.dll
[2012-09-17 21:29:59 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AudDevicePlugin.dll
[2012-09-17 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders
[2012-09-17 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent Ultra Accelerator
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Ultra Accelerator
[2012-09-15 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\dvdcss
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office 2010 Trial Extender
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Office 2010 Trial Extender
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-10 14:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-10 14:17:40 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-10 14:11:38 | 010,247,691 | ---- | M] () -- C:\Users\Vicky\Desktop\Firefox 15.0.1 (en-US) - 2012-10-10.pcv
[2012-10-10 13:24:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
[2012-10-10 10:24:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
[2012-10-09 21:03:54 | 000,663,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-10-09 21:03:54 | 000,121,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-10-09 15:01:09 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012-10-08 05:10:24 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-10-08 05:10:24 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-10-08 04:59:49 | 000,538,327 | ---- | M] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
[2012-10-05 00:26:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-10-03 23:26:35 | 004,761,955 | R--- | M] (Swearware) -- C:\Users\Vicky\Desktop\ComboFix.exe
[2012-10-03 20:26:11 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012-09-30 23:37:48 | 000,440,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-09-29 16:43:08 | 000,138,645 | ---- | M] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-29.json
[2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-18 22:20:42 | 001,318,816 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 18:07:04 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-18 01:56:14 | 000,000,048 | -HS- | M] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 21:07:15 | 000,001,229 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-14 16:45:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-10-10 14:11:28 | 010,247,691 | ---- | C] () -- C:\Users\Vicky\Desktop\Firefox 15.0.1 (en-US) - 2012-10-10.pcv
[2012-10-08 04:59:48 | 000,538,327 | ---- | C] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
[2012-09-29 16:43:08 | 000,138,645 | ---- | C] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-29.json
[2012-09-19 23:40:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-09-19 23:40:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-09-19 23:40:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-09-19 23:40:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-09-19 23:40:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-09-18 13:21:03 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0947.old
[2012-09-18 12:45:54 | 001,318,816 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 01:56:14 | 000,000,048 | -HS- | C] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 22:44:11 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-17 22:28:11 | 000,001,536 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 21:29:59 | 000,183,129 | ---- | C] () -- C:\Windows\System32\AM Install1.INF
[2012-09-17 21:07:15 | 000,001,229 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-04 14:56:36 | 000,000,218 | ---- | C] () -- C:\Users\Vicky\AppData\Local\recently-used.xbel
[2012-06-14 12:32:14 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012-06-09 06:52:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-06-08 10:50:34 | 000,000,103 | ---- | C] () -- C:\Windows\System32\_system.ini
[2012-06-08 09:57:00 | 000,107,008 | ---- | C] () -- C:\Windows\poetunin.exe
[2012-06-08 09:56:22 | 000,077,824 | ---- | C] () -- C:\Windows\zipexe_r.exe
[2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012-05-13 19:55:04 | 000,002,075 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
[2012-04-21 09:24:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qhwm.sys
[2012-03-11 22:35:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012-03-11 22:35:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2012-03-11 20:58:34 | 000,155,136 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
[2012-03-06 00:31:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\RandWTTime.dat
[2012-03-05 23:45:17 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
[2012-03-05 23:34:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2012-03-05 23:34:25 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2012-03-03 15:58:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-03-02 20:44:59 | 000,005,002 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2012-03-01 23:13:56 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012-03-01 02:33:09 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\ziprecovery.ini
[2012-03-01 02:32:20 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\rarrecovery.ini
[2012-01-21 19:41:06 | 000,248,832 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-21 19:39:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-01-21 19:14:27 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\V2WCDRV.sys
[2012-01-18 04:07:07 | 000,002,256 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012-01-01 23:16:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012-01-01 23:16:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012-01-01 23:16:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012-01-01 23:16:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012-01-01 23:16:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012-01-01 23:16:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012-01-01 23:16:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012-01-01 23:16:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012-01-01 23:16:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012-01-01 23:16:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012-01-01 23:16:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012-01-01 23:16:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012-01-01 23:16:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012-01-01 23:16:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012-01-01 23:16:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012-01-01 23:15:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\EEBAPI.dll
[2012-01-01 23:15:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\EEBDSCVR.dll
[2012-01-01 23:15:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EBAPI.dll
[2012-01-01 21:39:18 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-01-01 20:32:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012-01-01 19:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-27 18:45:44 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011-12-26 21:25:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011-12-26 20:36:14 | 000,655,512 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011-12-26 20:04:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-11-17 07:10:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011-10-09 02:52:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
[2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-08-30 09:51:25 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-04-11 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AdultAdvantage
[2011-12-26 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BitDefender
[2012-01-21 06:27:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\cald3
[2012-01-23 02:16:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canneverbe_Limited
[2012-07-14 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canon
[2012-06-27 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CLiPW
[2012-09-17 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-05-08 17:56:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\concept design
[2012-04-29 15:49:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DAEMON Tools Pro
[2012-07-04 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\deluge
[2012-09-17 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2011-12-29 01:44:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DonationCoder
[2011-12-29 01:52:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DuckLink
[2012-01-01 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVD-Cloner
[2012-01-01 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FreeArc
[2012-06-30 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\gtk-2.0
[2012-06-27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Hard Disk Sentinel
[2012-03-03 03:30:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IGC
[2012-04-12 14:41:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ImgBurn
[2012-07-13 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Leadertech
[2012-05-25 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\med2
[2012-09-16 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MediaMonkey
[2012-07-13 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mipony
[2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\mresreg
[2012-05-16 01:13:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Need for Speed World
[2012-06-27 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\oald8
[2012-03-02 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ooVoo Details
[2012-08-30 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
[2012-02-10 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\QuickScan
[2012-03-03 15:58:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Reasonable Software House Ltd
[2012-06-27 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Resort Labs
[2012-09-02 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rovio
[2012-01-01 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Systweak
[2012-09-18 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-06-14 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Thunderbird
[2012-03-03 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\UDC Profiles
[2012-03-03 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\USBSafelyRemove
[2012-10-10 14:14:35 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent
[2012-06-08 00:56:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent Turbo Booster
[2012-01-01 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\VitySoft

========== Purity Check ==========



< End of report >
 
Status
Not open for further replies.

Similar threads

UnderGod
  • Locked
Inactive Chrone Browser
Replies
1
Views
3K
Broni
Broni
Cal Jeffrey
Bitwarden's password manager browser extension has a known exploit it hasn't addressed...
Replies
16
Views
902
anastrophe
anastrophe
Cal Jeffrey
Nintendo hacker Bowser settles Switch piracy lawsuit for $10 million in restitution
Replies
11
Views
1K
Squid Surprise
Squid Surprise

Latest posts

Back