Solved Need help: Trojan:Win64/Sirefef.Y

2011/01/10 16:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions
[2012/05/29 12:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions
[2011/06/15 17:00:30 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/04/13 17:18:48 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/08/09 15:45:00 | 000,000,000 | ---D | M] (WhiteSmoke Toolbar) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}
[2011/02/27 21:01:45 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/15 16:47:20 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions\engine@conduit.com
[2012/05/28 23:36:32 | 000,001,212 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\searchplugins\amazon-distro.xml
[2011/08/23 21:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\searchplugins\askcom.xml
[2012/05/10 15:20:05 | 000,000,942 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\searchplugins\yahoo.xml
[2011/12/31 16:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/19 14:42:49 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/01/30 15:09:59 | 000,001,983 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8A3G8COG.DEFAULT\EXTENSIONS\{47F7DAA8-DB46-4FE2-87B0-C6D7C8DD2F23}.XPI
[2012/03/23 13:20:18 | 000,147,986 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8A3G8COG.DEFAULT\EXTENSIONS\{86C18B42-E466-45A9-AE7A-9B95BA6F5640}.XPI
[2012/05/29 12:12:00 | 000,502,682 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8A3G8COG.DEFAULT\EXTENSIONS\ABB@AMAZON.COM.XPI
[2012/02/04 15:32:22 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\ALEXANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8A3G8COG.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
[2012/06/06 19:46:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/12 17:37:47 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/27 12:25:15 | 000,002,348 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/03/19 22:24:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/05/13 21:46:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/03/19 22:24:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alexander\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Twitter = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\acagpmkffiipcpcjopahdcipcpoognlp\1.4_0\
CHR - Extension: Bible = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\adplcelpohamiijahbaanmoimmnoaiaf\1_0\
CHR - Extension: Wikileaks Search = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeglpglcaioaldkjkipgmlhbojklefoc\1.0_0\
CHR - Extension: PriceBlink = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoiidodopnnhiflaflbfeblnojefhigh\3.4_0\
CHR - Extension: Google Docs = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.4_0\
CHR - Extension: News Reader (by Google) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhhcdlggicnjoobiphdkdgmblbknkjjp\2.2.1_0\
CHR - Extension: WOT = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.14.6_0\
CHR - Extension: Ge.tt = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc\0.99_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: AdBlock+ = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao\1.1.9.18_0\
CHR - Extension: Google Related (by Google) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikfgcnnhcibkipoldbjegmeojnkaled\0.7.9.0_0\
CHR - Extension: World clock Toolbox = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckckpgefkpjfopjppjfcikppehdhceah\1.0.7_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\
CHR - Extension: Flag for Chrome = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn\0.4.1_0\
CHR - Extension: Good Noows = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\deegloljmdbfbjhlimieancmcfombgjj\3.4.100_0\
CHR - Extension: Better Google Dictionary = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhenokkenhignmdfneogkemjejadedhh\1.0_0\
CHR - Extension: True Chrome = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\djaeojidpcgkemhnfljfmccekkfddfbd\1.3.1_0\
CHR - Extension: commercial ads blocker for facebook = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\djkncpfhommbpbjihphicfpmfjpeddco\0.1.4_0\
CHR - Extension: Learn for Google Dictionary = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnpejjgidgdhbenhneabjbggohllcmnj\1.0.2_0\
CHR - Extension: Nice Translator = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\echdnikijbegadnenjfmhfjflclkjcbp\3_0\
CHR - Extension: reddit = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\efadmbgcpdighlpjfbdpgakcdibbpjif\2.0_0\
CHR - Extension: Google Calendar = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Ads Blocker = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\eommhojjeeaapcofdjleiamnokcfdnna\1.1.0_0\
CHR - Extension: After the Deadline = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcdjadjbdihbaodagojiomdljhjhjfho\1.2_1\
CHR - Extension: 1-ClickWeather for Chrome = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa\1.1.0.3_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.5_0\
CHR - Extension: Full Screen Weather = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: DivX HiQ = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_1\
CHR - Extension: MUSIC = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggdnongihnengempmndkncnlkjhkleml\1.0.3_0\
CHR - Extension: AdBlock = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.35_0\
CHR - Extension: Wikileaks Cables Map = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gijenpebckinngccfejchnbfmgciinda\1.0_0\
CHR - Extension: Phras.in = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndekfibfmobgcogjdcgepehfbhgdfdp\1.1.0.3_0\
CHR - Extension: Keyword Search = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdbldiihihmhgenceelgaekmfimhgli\1.0.1.4_0\
CHR - Extension: Mibbit webchat = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi\1.12_0\
CHR - Extension: Text4FreeOnline = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhiboopoofbabnfbcpolfjgbckecbcl\1_0\
CHR - Extension: Android Push Contacts = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjljblonahjepdfnkajfieaflndmhok\1_0\
CHR - Extension: NPR for Chrome = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf\1.0_0\
CHR - Extension: SimilarWeb = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoklmmgfnpapgjgcpechhaamimifchmp\1.5_0\
CHR - Extension: Page Creator = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaogedadokfiddgbginlnilbpmdlejji\1.0.0.2_0\
CHR - Extension: Crackle = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.3_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: EasyRevu = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiaiecddhdcblfigkfnkelgnklbdokif\2.1.1_0\
CHR - Extension: WordReference Lookup = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljkdiphoadeehmlplkjgjpojdpdfgfa\1.0.3_0\
CHR - Extension: Google Contacts = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\imhkodacbkfpnngcmecaimmbbmaaeoll\1.4_0\
CHR - Extension: Free Dictionary = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\inokggilobmhmkgeafklfmopfijfnhej\0.5_0\
CHR - Extension: Quick Dictionary Reference = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifccliebhjmlfeilmenmngafjcfdaaa\1.1_0\
CHR - Extension: Urban Dictionary Search = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaafclpocgfpcibgkdggkldhflbgccg\1.2_0\
CHR - Extension: Typing Test - KeyHero = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0\
CHR - Extension: Google Voice (by Google) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.3.6.8_0\
CHR - Extension: Digg = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkaodmpkbaenhnnfinhmlonngcnffmaf\1_0\
CHR - Extension: Translate And Speak! = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbnbkjocmknnifdpllfjjphhdjfopofl\1.7_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: TV for Google Chrome\u2122 = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\licccgnfdlgmmmgaddmbcepikfadcmpe\1.7.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Facebook for Google Chrome = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkdedmbpkaiahjjibfdmpoefffnbdkli\2.0.9_0\
CHR - Extension: Google Maps = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: Ask Both = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaapifeklnhpdnkekdlchejlaeodble\0.0.1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: Mint = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg\1.5_0\
CHR - Extension: Quick Note = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.3.7_0\
CHR - Extension: eBuddy Web Messenger = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkojhhiphdgeliplnclnbmdiofhgnimi\2.0.9_0\
CHR - Extension: YouTube Ads Block, Skip, Remove by ScrewAds = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbnjoljpgkhiaicaejkdcjbfjknipnc\2.1.4.2_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.2.1_0\
CHR - Extension: Google Play Books = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.3_0\
CHR - Extension: Typing Game = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobfbeogeanchbdhboilncgnkfkibjjg\1.0.3.0_0\
CHR - Extension: deviantART muro = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\
CHR - Extension: Autofill = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_1\
CHR - Extension: WordReference Search = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nojccehodnnnebenbnkhdnminilehnie\1.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Paltalk Express = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\oainjhllibnjfalecnohojnocpcobgpn\4.0.1474_0\
CHR - Extension: Clicker.TV = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaodinjbnakgknmblmhblapgpmfaciba\1_0\
CHR - Extension: Auto-Translate = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgoiaeapddkeekbocomnjlckbbfapmk\2.0.3_0\
CHR - Extension: FREE TV = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofddcjfikfghkmoapnjnmmflbcjohbic\0.0.0.1_0\
CHR - Extension: WordReference Extension = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofnmflhedfocnfnoafgcojkllnmdipoj\4.1.2_0\
CHR - Extension: Vyew = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogcldakngnllchlnncngiailfhidjjdp\4.11.0_0\
CHR - Extension: Google Quick Scroll = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\1.83_0\
CHR - Extension: Type Fu = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0\
CHR - Extension: Amazon for Chrome = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\1.0_0\
CHR - Extension: Maldi Stream = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhibokfmlbonieidpbbdbinbmebjiom\2.3.0_1\
CHR - Extension: Evernote Web Clipper = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5_0\
CHR - Extension: Google Reader = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.2_0\
CHR - Extension: Gmail = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Similar Pages beta (by Google) = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjnfggphgdjblhfjaphkjhfpiiekbbej\0.5.5.1_0\
CHR - Extension: Facebook AdBlock = C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkoaaaiiaalegemhdeadohejihbdfbho\1.5_0\

O1 HOSTS File: ([2012/06/13 18:07:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (TBLayoutBHO Class) - {008f6853-9cb4-41c5-a950-39d55e5e06ba} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3626317991-3059357334-302776294-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3626317991-3059357334-302776294-1000..\Run: [Camfrog] C:\Program Files (x86)\Camfrog\Camfrog Video Chat\CamfrogNet.exe (Camshare Inc.)
O4 - HKU\S-1-5-21-3626317991-3059357334-302776294-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD)
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AntiCrash.lnk = C:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3626317991-3059357334-302776294-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3626317991-3059357334-302776294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alexander\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll (SpeedBit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3366C957-967B-4C75-9A7C-303A7994C29C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32:64bit: vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.trspch - C:\Windows\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 17:26:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012/06/14 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/14 13:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/14 13:15:09 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/14 13:15:09 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/14 13:14:46 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/14 13:14:46 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/14 09:37:23 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2012/06/14 09:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/14 09:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 09:37:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/14 09:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/13 18:07:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/13 18:01:57 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/13 17:53:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/13 17:53:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/13 17:53:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/13 17:53:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/13 17:53:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/13 17:52:08 | 004,557,191 | ---- | C] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
[2012/06/13 16:45:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B1D78D98-DD0A-4187-840D-9687CA04A729}
[2012/06/13 16:45:08 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{5FEDA24B-564B-4A8D-AE95-F6380A52B7F1}
[2012/06/13 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{E1608206-791C-4C97-B83B-F2A8B8F7E52D}
[2012/06/13 13:41:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{E283FB57-A52D-4CD7-9274-04A535C648BB}
[2012/06/13 13:34:36 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B4C2897A-8944-4A19-972F-61A95E17BAC3}
[2012/06/13 13:34:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B63CE4AA-AB14-4DAE-8424-B074CBC342D1}
[2012/06/13 12:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/13 12:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/13 12:33:24 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/13 12:33:24 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/13 12:27:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{341A53B5-1B34-4F2B-B373-05206DE2E694}
[2012/06/13 12:27:15 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{EA3E04C9-CEA1-4F3C-8DF5-37B966A90921}
[2012/06/13 12:09:13 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 12:09:13 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 12:09:12 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 12:09:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 12:09:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 12:09:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 12:09:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 12:09:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 12:09:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 12:09:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 12:09:08 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 12:09:08 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 12:09:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 11:58:08 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 11:58:08 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 11:57:48 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 11:57:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 11:57:45 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 11:57:45 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 11:57:34 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 11:57:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 11:57:34 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 11:42:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{DA3BF0B4-2515-4075-A2E5-7F2E8D9F2642}
[2012/06/13 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{104F7C0F-044E-46D5-877C-EDFE55BDB708}
[2012/06/13 11:20:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{9BF7B518-3916-4416-AC23-2938E5FAD1C3}
[2012/06/13 00:12:45 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{86633EAD-97AB-4084-91B8-C96FADF075A5}
[2012/06/13 00:12:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{794CFF70-C276-413E-B584-E8FAB49C9368}
[2012/06/12 09:38:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{906543BA-0E89-4E16-9F37-BA902F735CA5}
[2012/06/12 09:38:30 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{ACCD511E-56B0-441E-882C-ACC976E89C2F}
[2012/06/11 09:53:49 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{AD922EBF-7672-4DA9-90A7-3800C7E71AD7}
[2012/06/11 09:53:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{5765579F-9596-47E0-97F7-D792CA627F22}
[2012/06/10 22:41:07 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Macromedia
[2012/06/10 14:55:55 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{8BDEBE77-F22D-4ABB-8129-4D1617AE591D}
[2012/06/10 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{00ED97E2-CA32-4D19-AA20-852951D8A22F}
[2012/06/09 09:23:04 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{3BE440CB-22A4-4D1E-91EC-73EC98D664F7}
[2012/06/09 09:22:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{84F30D5D-4289-4013-B400-655B0DCA9EDB}
[2012/06/08 09:11:43 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{F79F8F58-D182-41F1-A08E-6B8972EC4F43}
[2012/06/08 09:11:16 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B24CCD84-6348-4CDE-8E1A-6D9487692FFF}
[2012/06/07 11:03:22 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/07 11:01:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Speedbit
[2012/06/07 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{983563D0-96A4-4B30-BEB1-8CDFED104B03}
[2012/06/07 09:40:42 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{0033088D-B33B-40F0-A643-6C4F5F5F8741}
[2012/06/06 13:42:44 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/06/06 13:42:44 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/06/06 13:42:36 | 000,035,680 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012/06/06 13:42:36 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012/06/06 08:57:57 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{73E21D4D-45C5-4B2C-AE47-AD0122417E0F}
[2012/06/06 08:57:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{E58C6F4D-2E3D-4A43-881D-4754DECD3134}
[2012/06/05 10:39:46 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.1
[2012/06/05 10:38:05 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{0C8C5E12-6023-4D93-A66F-7356EF870F06}
[2012/06/05 10:37:33 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{D8DE97AB-AA33-4647-B8FC-B1AE944DCAA1}
[2012/06/04 10:44:56 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{D9A4C100-74FA-45CE-B4BC-855C08F2AB7D}
[2012/06/03 11:51:48 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{D159404E-A573-4E9A-8217-9EF26D7B17BC}
[2012/06/03 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{539C9415-4A4F-40CC-9275-B1C705004EB8}
[2012/06/02 19:54:18 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{665CDE3B-EC25-42B4-BC0A-998AB69770D9}
[2012/06/02 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{DBC50411-3B5A-492D-BBAA-61C1E2557C59}
[2012/06/02 08:43:14 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B0C067CF-BE57-4B42-A2EC-CA45CFAC440A}
[2012/06/02 08:42:45 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{89C03C29-82FF-4E2A-885A-1D4AAD248BB7}
[2012/06/01 09:03:37 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{0B9F3348-96BC-407C-838E-349CD7375E7D}
[2012/06/01 09:03:11 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B2CF4BAC-6C07-494B-A36A-E646DAF5F3DE}
[2012/05/31 14:25:57 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{499C7AEF-46C7-4586-BBF7-E6446B76EFE1}
[2012/05/31 14:25:30 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{7D70BC7F-76B9-45CE-9417-AFCE7098D23A}
[2012/05/31 09:58:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{E5523BC9-BBB9-4F40-BEDE-7FAF87898FE9}
[2012/05/31 09:57:53 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{69D3AE9C-1F12-491D-A0AB-5E04C387BA6B}
[2012/05/30 09:00:22 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{9BFB78FF-4202-4B19-BE8C-6E152906D652}
[2012/05/30 08:59:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B558F2AE-FF00-42F5-89CD-890113E32F39}
[2012/05/28 23:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/05/28 21:07:31 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{80EBC2BE-BC46-4B49-8272-33CC9DD2C5D3}
[2012/05/28 21:07:03 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{8EDF6AC6-7900-4C14-B41C-631B4DF2D9D9}
[2012/05/28 09:45:07 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{B63C1AFC-6E53-4284-9B27-24C6A07ACB4E}
[2012/05/28 09:44:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{564BD947-2078-4413-967F-006D9D06ABF6}
[2012/05/27 18:29:19 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{F312CF80-23E5-4578-8AE7-5974BE28F753}
[2012/05/27 18:28:48 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{53C5BE6D-0560-456F-A672-4736687F4ABE}
[2012/05/27 09:15:35 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{86764A90-53E1-4F5D-B011-D4622FF246E4}
[2012/05/27 09:15:04 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{9B50449E-4532-45C1-A2AB-AED784216FEA}
[2012/05/26 13:48:54 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{D93A48C8-4E37-45DB-A557-2ED14654B130}
[2012/05/26 13:48:25 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{960EBF43-BA48-4471-B814-549C781E872A}
[2012/05/25 09:24:38 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{C6B49687-E5FA-4EF6-91D9-7C1D7BC446C2}
[2012/05/25 09:24:16 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{831B593B-6633-4365-A960-83C35B3AA312}
[2012/05/24 08:24:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\BOLSA
[2012/05/24 08:01:17 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{3253E3A0-BAEE-4E5F-9EEB-E8FA5FC0238A}
[2012/05/24 08:00:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{6DEA1DC0-00E0-4A84-972E-2BD43624E1E5}
[2012/05/23 10:03:43 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{88B65D72-3B5F-486D-9A6E-939AA797E05A}
[2012/05/23 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{94144DCE-2C6A-4414-8C76-F04BA8DD6960}
[2012/05/22 10:36:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{150AF656-4C69-45D1-B632-E84C65735C03}
[2012/05/22 10:36:15 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{E9CB97B6-6091-4C3C-B7D9-8857ECF89A14}
[2012/05/21 16:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/21 09:15:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{544E0958-96FE-45E5-94E3-0D87E214D18D}
[2012/05/21 09:15:18 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{6318D426-F086-4858-BA78-61F4CD5F894B}
[2012/05/20 09:26:15 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{49FD1A1D-F166-4EB2-B8F8-DF5C058CD8D3}
[2012/05/20 09:25:47 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{6F908789-EE7A-44AB-90D4-9A82B2BB625D}
[2012/05/19 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{CCDB2EFD-E579-45FA-A3B2-02D37CEA835E}
[2012/05/19 08:44:40 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{48BDBF24-5BD4-44FB-B904-022C7D685D01}
[2012/05/18 22:48:30 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{4802F155-8FBA-461A-836D-46922AB308DA}
[2012/05/18 22:48:06 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\{4C72A789-5962-475D-A2D4-AB7125EDD1FC}
[2012/05/16 19:27:34 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Documents\AFTER EFFECTS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 18:08:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/15 17:55:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 17:49:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000UA.job
[2012/06/15 17:28:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 17:28:37 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/15 17:26:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2012/06/15 17:25:28 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000UA.job
[2012/06/15 17:20:44 | 000,064,512 | -H-- | M] () -- C:\Users\Alexander\AppData\Roaming\dach100.dll
[2012/06/15 17:20:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 17:20:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/15 17:20:13 | 2407,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/15 10:25:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000Core.job
[2012/06/14 20:56:30 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000Core.job
[2012/06/14 13:14:35 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/14 13:14:35 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/14 10:40:58 | 000,000,512 | ---- | M] () -- C:\Users\Alexander\Desktop\MBR.dat
[2012/06/14 09:37:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 19:59:33 | 000,733,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/13 19:59:33 | 000,629,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/13 19:59:33 | 000,108,410 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 18:07:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/13 17:52:18 | 004,557,191 | ---- | M] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
[2012/06/13 12:51:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/13 12:50:54 | 000,747,542 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/13 12:24:28 | 005,105,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 11:48:04 | 000,000,189 | ---- | M] () -- C:\Users\Alexander\Desktop\register.bat
[2012/06/12 10:27:18 | 000,002,425 | ---- | M] () -- C:\Users\Alexander\Desktop\Google Chrome.lnk
[2012/06/11 20:00:03 | 000,001,456 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/06/10 18:31:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/10 18:31:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/10 14:52:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAlexander.job
[2012/06/06 13:36:38 | 000,031,974 | ---- | M] () -- C:\Users\Alexander\Documents\statement June 5 2012.pdf
[2012/06/05 10:39:46 | 000,002,169 | ---- | M] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Camfrog Video Chat 6.1.lnk
[2012/06/05 10:39:46 | 000,002,145 | ---- | M] () -- C:\Users\Alexander\Desktop\Camfrog Video Chat 6.1.lnk
[2012/05/31 10:17:39 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/05/29 11:00:52 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/05/29 11:00:48 | 000,035,680 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012/05/29 11:00:48 | 000,029,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012/05/29 11:00:48 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/05/29 11:00:48 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/05/28 23:36:44 | 000,001,350 | ---- | M] () -- C:\Users\Alexander\Desktop\Install Schizophrenia Online Chat Room.lnk
[2012/05/24 15:11:41 | 000,001,456 | ---- | M] () -- C:\Users\Alexander\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/05/21 16:46:58 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/17 22:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/05/17 21:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/05/17 21:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/17 21:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/05/17 21:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/05/17 21:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/17 21:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/17 18:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/05/17 18:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/17 18:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/05/17 18:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/17 18:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/17 18:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/14 10:40:58 | 000,000,512 | ---- | C] () -- C:\Users\Alexander\Desktop\MBR.dat
[2012/06/14 09:37:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/14 09:26:58 | 000,064,512 | -H-- | C] () -- C:\Users\Alexander\AppData\Roaming\dach100.dll
[2012/06/13 17:53:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/13 17:53:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/13 17:53:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/13 17:53:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/13 17:53:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/13 12:50:59 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/13 11:48:04 | 000,000,189 | ---- | C] () -- C:\Users\Alexander\Desktop\register.bat
[2012/06/06 13:36:38 | 000,031,974 | ---- | C] () -- C:\Users\Alexander\Documents\statement June 5 2012.pdf
[2012/06/05 10:39:46 | 000,002,169 | ---- | C] () -- C:\Users\Alexander\Application Data\Microsoft\Internet Explorer\Quick Launch\Camfrog Video Chat 6.1.lnk
[2012/06/05 10:39:46 | 000,002,145 | ---- | C] () -- C:\Users\Alexander\Desktop\Camfrog Video Chat 6.1.lnk
[2012/05/28 23:36:44 | 000,001,350 | ---- | C] () -- C:\Users\Alexander\Desktop\Install Schizophrenia Online Chat Room.lnk
[2012/05/21 16:46:58 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/15 12:06:43 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012/04/06 14:34:36 | 000,001,456 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Adobe Save for Web 13.0 Prefs
[2011/10/26 19:45:48 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/26 19:45:47 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/08/06 15:44:10 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/08/06 15:44:10 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/08/06 15:44:10 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/08/06 15:44:10 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/06/29 14:21:08 | 000,001,308 | ---- | C] () -- C:\Windows\SysWow64\tsdigsgn.dat
[2011/06/08 22:03:13 | 000,000,029 | ---- | C] () -- C:\Windows\wordpad.ini
[2011/06/08 22:03:12 | 000,010,677 | ---- | C] () -- C:\Windows\coolkb2k.ini
[2011/06/08 21:55:39 | 000,000,029 | ---- | C] () -- C:\Windows\winzip32.ini
[2011/06/08 21:54:19 | 000,005,124 | ---- | C] () -- C:\Windows\COOL.INI
[2011/05/04 21:41:55 | 000,028,672 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/05 18:05:39 | 000,001,456 | ---- | C] () -- C:\Users\Alexander\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/03/03 21:14:25 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\wklnhst.dat
[2011/01/20 23:27:12 | 000,000,211 | -H-- | C] () -- C:\Windows\winshell.dat
[2011/01/11 20:07:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/01/11 16:17:57 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\tsd32.dll
[2011/01/10 20:33:35 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/01/10 20:33:35 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/01/10 20:33:35 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/01/10 20:33:35 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/01/10 20:33:35 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/01/10 20:33:35 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/01/10 20:33:35 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/01/10 20:33:34 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/01/10 20:33:34 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/01/10 20:33:34 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/01/10 20:33:34 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/01/10 20:33:34 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/01/10 20:33:34 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/01/10 20:33:34 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/01/10 20:33:34 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/01/10 20:33:34 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/01/10 20:32:27 | 000,000,083 | ---- | C] () -- C:\Windows\EPSPR260.ini
[2011/01/10 15:15:21 | 000,747,542 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/10 15:07:41 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
[2011/01/10 15:07:39 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/13 19:55:46 | 000,034,935 | ---- | M] () -- C:\ComboFix.txt
[2012/06/15 17:20:13 | 2407,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2012/06/15 17:20:16 | 3209,879,552 | -HS- | M] () -- C:\pagefile.sys
[2012/06/14 09:53:16 | 000,000,000 | ---- | M] () -- C:\temp.txt
[2012/03/27 12:25:30 | 000,000,237 | ---- | M] () -- C:\user.js
[2011/06/29 15:18:07 | 000,009,615 | ---- | M] () -- C:\voicmail.wav

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/22 20:21:55 | 000,000,221 | -HS- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2001/10/05 00:43:36 | 000,970,752 | ---- | M] (ElcomSoft Co. Ltd.) -- C:\Users\Alexander\Desktop\AeePro.exe
[2012/01/21 15:30:12 | 007,553,104 | ---- | M] (Camshare Inc.) -- C:\Users\Alexander\Desktop\camfrog_6.1.exe
[2012/06/13 17:52:18 | 004,557,191 | ---- | M] (Swearware) -- C:\Users\Alexander\Desktop\ComboFix.exe
[2012/06/15 17:26:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/15 18:08:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/14 20:56:30 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000Core.job
[2012/06/15 17:49:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000UA.job
[2012/06/15 17:20:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/15 17:55:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/15 10:25:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000Core.job
[2012/06/15 17:25:28 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3626317991-3059357334-302776294-1000UA.job
[2012/06/10 14:52:07 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAlexander.job
[2012/05/31 10:17:39 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/06/15 17:20:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/05/12 12:18:17 | 000,032,636 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/02/24 23:14:14 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/02/24 23:14:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/02/24 23:14:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/02/24 23:14:14 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/02/24 23:14:14 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/02/24 23:14:14 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/15 17:38:59 | 000,000,402 | -HS- | M] () -- C:\Users\Alexander\Favorites\desktop.ini
[2012/03/15 00:44:06 | 000,000,298 | ---- | M] () -- C:\Users\Alexander\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >
 
OTL Extras logfile created on: 6/15/2012 5:34:52 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\Alexander\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 54.68% Memory free
5.98 Gb Paging File | 4.06 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.17 Gb Total Space | 167.01 Gb Free Space | 58.36% Space Free | Partition Type: NTFS
Drive D: | 11.83 Gb Total Space | 2.15 Gb Free Space | 18.17% Space Free | Partition Type: NTFS

Computer Name: ALEXANDER-PC | User Name: Alexander | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{81BE5F50-A27E-4D95-A526-502046488DE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E972FACC-E270-41AF-84E8-7398D78CB0D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{31A1224F-692A-4123-9B1F-2A30447E5E71}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{8C2B424E-7BA3-4596-A0DD-EA082C90E063}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{D780B9B7-919F-4843-8A2E-AE07121BDE65}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{212C94CE-312C-4DC6-9FBC-2A6DE0EB2B0D}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{6643A439-ED83-4A47-BA55-514F92EFA73D}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{FAA6ACE2-0DB9-4AFC-B276-F03876190988}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}" = Trapcode Particular
"{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}" = PowerDirector
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048CD767-219E-4F04-AA84-3128F6A35948}_is1" = Callnote version 1.5.0.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D106581-6726-4D1B-ABEC-0CA02410F24F}" = Adobe Photoshop CS6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F8BF57-47FA-4F8D-9404-1B41321743AF}" = AntiCrash 3.6.1
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{56B777D9-9D85-4A81-BF59-1EED7401ADC4}" = Google Cloud Connect for Microsoft Office
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85C5E551-9210-4851-AC69-86E30112B463}_is1" = SkyRemote 1.6.0.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}" = WhiteSmoke
"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BACB4018-4813-B978-CE55-E61326FDE71B}" = Link Bounder
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED3E411-B3C3-4154-A3F7-AE2EFC98FDBA}" = TuneUp Utilities Language Pack (es-ES)
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED7D48D6-EA6F-38D4-A4F8-00101B6C7A42}" = Google Talk Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F491018F-5B58-4F43-8253-544967F6A45A}_is1" = Y!Supra version 1.0.0.71
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Email Extractor PRO" = Advanced Email Extractor PRO
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Camfrog 6.1" = Camfrog Video Chat 6.1
"Camfrog 6.2" = Camfrog Video Chat 6.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.infomastery.linkbounder-rmv" = Link Bounder
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DesktopAssistant_is1" = DesktopAssistant 1.6.173.0
"Detect-Email_is1" = Detect-Email
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FileZilla Client" = FileZilla Client 3.5.3
"Foxit PDF Editor" = Foxit PDF Editor
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.17.221
"Gaa Moa's Plugins for Cool Edit Pro" = Gaa Moa's Plugins for Cool Edit Pro
"HandyBits Voice Mail" = HandyBits Voice Mail
"Homepage Protection" = Homepage Protection
"HP Remote Solution" = HP Remote Solution
"IDroo" = IDroo 1.0.0.154
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E489BCB7-D57D-4751-AAB6-589AF66E2F7F}" = Trapcode Particular
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"ManyCam" = ManyCam 3.0.68 (remove only)
"Mikogo" = Mikogo
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 11.64.1403" = Opera 11.64
"PalTalk8.2" = Paltalk Messenger
"Picasa 3" = Picasa 3
"Silent Package Run-Time Sample" = EPSON Stylus Photo R260 User's Guide
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"StartNow Toolbar" = StartNow Toolbar
"Super Email Spider_is1" = Super Email Spider
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Uninstall_is1" = Uninstall 1.0.0.1
"uninstallext98" = Extractor PRO 98
"VLC media player" = VLC media player 1.1.11
"whitesmoketoolbar" = WhiteSmoke Toolbar
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3626317991-3059357334-302776294-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Amazon Kindle For PC" = Amazon Kindle For PC
"Dropbox" = Dropbox
"Free Dictionary Widget" = Free Dictionary Widget
"FreeScreenSharing" = FreeScreenSharing
"Google Chrome" = Google Chrome
"Google Translator" = Google Translator
"GoogleToolBar" = GoogleToolBar
"GoToMeeting" = GoToMeeting 5.0.0.799

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/15/2012 11:23:29 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2012 11:23:29 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9157

Error - 6/15/2012 11:23:29 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9157

Error - 6/15/2012 11:23:30 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2012 11:23:30 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10155

Error - 6/15/2012 11:23:30 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10155

Error - 6/15/2012 11:23:31 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/15/2012 11:23:31 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11279

Error - 6/15/2012 11:23:31 AM | Computer Name = Alexander-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11279

Error - 6/15/2012 5:34:24 PM | Computer Name = Alexander-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.49.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 14f8 Start Time:
01cd4b3da0f03d2b Termination Time: 0 Application Path: C:\Users\Alexander\Desktop\OTL.exe

Report
Id: c80d6115-b731-11e1-a4c9-406186508f6b

[ OSession Events ]
Error - 5/2/2011 5:22:55 PM | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/4/2012 11:43:50 AM | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 319
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/29/2012 8:18:24 PM | Computer Name = Alexander-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21611
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/13/2012 6:01:14 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/13/2012 6:02:45 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/13/2012 6:03:50 PM | Computer Name = Alexander-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 6/13/2012 6:05:16 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/13/2012 6:05:23 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 6/13/2012 6:06:19 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 6/13/2012 6:09:20 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%31

Error - 6/13/2012 6:12:29 PM | Computer Name = Alexander-PC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 6/14/2012 9:51:06 AM | Computer Name = Alexander-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 6/14/2012 5:30:21 PM | Computer Name = Alexander-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:29:03 PM on ?6/?14/?2012 was unexpected.

[ TuneUp Events ]
Error - 6/6/2012 4:43:57 PM | Computer Name = Alexander-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >
 
I'll not continue because I asked you very same question twice already and you never replied:
Any current issues?
Click to expand...

p4494882.gif
 
I am sorry.. My mistake.. Well, actually there are no current issues; however, the Malwarebytes suddently pop-up something like "malware deleted. No action required" or something like that even when I am not surfing or if I am static. Let's say it happens like three times during the entire day aprox. Same thing with the MSE but it only was yesterdar even though not today.
 
I'd like to know what is EXACT message from MBAM.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (TBLayoutBHO Class) - {008f6853-9cb4-41c5-a950-39d55e5e06ba} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll File not found
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEXANDER-PC [administrator]

Protection: Enabled

6/14/2012 9:40:05 AM
mbam-log-2012-06-14 (09-40-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217151
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Users\Alexander\Downloads\DetectEmail2011.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\Hernán Vilaró - TU Capital Cultural y Patrones Hipnóticos [Cursos][Español] - Página 2 - Descargas de Programas y Juegos Warez » Programas Warez - Descargar Programas Gratis_setup.exe (PUP.BundleInstaller.DU) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\SoftonicDownloader_para_camfrog-video-chat.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\SoftonicDownloader_para_google-talk.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\SoftonicDownloader_para_trojan-remover.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\The art of covert hypnosis_v2.0(2).exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\The art of covert hypnosis_v2.0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\Unconfirmed 78886.crdownload (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\vGrabber_setup.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)
 
OTL:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
TuneUp Utilities 2012
TuneUp Utilities Language Pack (es-ES)
JavaFX 2.1.1
Java(TM) 6 Update 29
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.257
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEXANDER-PC [administrator]

Protection: Enabled

6/14/2012 9:40:05 AM
mbam-log-2012-06-14 (09-40-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217151
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Users\Alexander\Downloads\DetectEmail2011.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\Hernán Vilaró - TU Capital Cultural y Patrones Hipnóticos [Cursos][Español] - Página 2 - Descargas de Programas y Juegos Warez » Programas Warez - Descargar Programas Gratis_setup.exe (PUP.BundleInstaller.DU) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\SoftonicDownloader_para_camfrog-video-chat.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\SoftonicDownloader_para_google-talk.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\SoftonicDownloader_para_trojan-remover.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\The art of covert hypnosis_v2.0(2).exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\The art of covert hypnosis_v2.0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\Unconfirmed 78886.crdownload (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Alexander\Downloads\vGrabber_setup.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully.

(end)
 
Farbar Service Scanner Version: 09-06-2012
Ran by Alexander (administrator) on 17-06-2012 at 12:35:21
Running from "C:\Users\Alexander\AppData\Local\Opera\Opera\temporary_downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-13 11:58] - [2012-04-24 01:37] - 0184320 ____A (Microsoft Corporation) 4F5414602E2544A4554D95517948B705

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan deleted - quarantined
C:\Program Files (x86)\WhiteSmoke\HookDllOE.dll probably a variant of Win32/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\whitesmoke-silent.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\WhiteSmokeRegistration.exe a variant of Win32/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\WSEnrichment.exe probably a variant of Win32/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\index.html HTML/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic\translator.html HTML/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic_3\index.html HTML/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic_3\translator.html HTML/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\WhiteSmoke\html\english\dictClientDic_gold\index.html HTML/WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\toolbar.htm Win32/Toolbar.WhiteSmoke application cleaned by deleting - quarantined
C:\Program Files (x86)\whitesmoketoolbar\chrome\content\toolbar.xul Win32/Toolbar.WhiteSmoke application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToOLbar32.dll.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe.vir a variant of Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhibokfmlbonieidpbbdbinbmebjiom\2.3.0_1\go.js JS/TrojanClicker.Agent.NCX trojan cleaned by deleting - quarantined
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.htm Win32/Toolbar.WhiteSmoke application cleaned by deleting - quarantined
C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\8a3g8cog.default\extensions\{52794457-af6c-4c50-9def-f2e24f4c8889}\chrome\content\toolbar.xul Win32/Toolbar.WhiteSmoke application cleaned by deleting - quarantined
C:\Users\Alexander\Downloads\cnet2_Schizophrenia_Chat_Room_v6_0_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Alexander\Downloads\PageRageSetup (1).exe probably a variant of Win32/Adware.HFXSRJX application cleaned by deleting - quarantined
C:\Users\Alexander\Downloads\PageRageSetup.exe probably a variant of Win32/Adware.HFXSRJX application cleaned by deleting - quarantined
C:\Users\Alexander\Downloads\SoftonicDownloader20448.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Alexander\Downloads\SoftonicDownloader36182.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Alexander\Downloads\SoftonicDownloader64806.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008f6853-9cb4-41c5-a950-39d55e5e06ba}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EA582743-9076-4178-9AA6-7393FDF4D5CE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexander
->Temp folder emptied: 208704 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6486112 bytes
->Opera cache emptied: 14214079 bytes
->Flash cache emptied: 647 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 243632 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb


[EMPTYJAVA]

User: Alexander
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Alexander
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.49.0 log created on 06172012_172958

Files\Folders moved on Reboot...
C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alexander :: ALEXANDER-PC [administrator]

Protection: Enabled

6/17/2012 5:36:21 PM
mbam-log-2012-06-17 (17-36-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217565
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Alexander
->Temp folder emptied: 17494 bytes
->Temporary Internet Files folder emptied: 161119 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6409166 bytes
->Opera cache emptied: 10340768 bytes
->Flash cache emptied: 880 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 243024 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb


[EMPTYFLASH]

User: Alexander
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Alexander
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06172012_182451

Files\Folders moved on Reboot...
C:\Users\Alexander\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

J
Need help with BSOD Event ID 41
Replies
1
Views
2K
Kshipper
Kshipper
H
BSOD during youtube video - Windows 7 64 - suspected hardware malfunction
Replies
15
Views
3K
Kshipper
Kshipper
learninmypc
Solved Slow to boot up & shut down
Replies
6
Views
4K
Broni
Broni

Latest posts

Back