hosts files

HI,My son downloaded a program that WINPATROL keeps asking if i want to keep so far i have rejected the following is what it says.
(c:\windowssystem32\drivers\etc\hosts),also the following
(1)ETILQS_XFXEZBZQ1M4JFGX,program description etilqs_xfxEZbZq1m4
(2)ETILQS_95NSBYAMDPWDVOH,program description 95NsbyAm
I am in WINPATROL i can delete these files but would like comfirmation please,thanks

 

Are the etlqs files in the hosts file?
They are temporary files that should be deleted after exiting the browser.
The hosts file is a list of ip addresses that your machine tells the browser not to connect - it's a good thing.

http://www.windowsbbs.com/firefox-thunderbird-seamonkey/84629-what-file-name-beginnning-etilsq_.html

 

HI,attar,The program my son downloaded was for a ancestry site,but if you use WINPATROL
file info for what its worth there appears sex and porno at ips 127.0.0.1
But this may also be SPYBOT SEARCH& DESTROY lists ips's,but it also keeps popping up do
not want to turn my back on it just yet this one of the reasons you have to be careful
what you download just have not been able to block it yet.
Can you lay out how to go into the hosts file or where this program is so that i can totally delete it for peace of mind,thanks

 

127.0.0.1 is you.
When a site that's included in your hosts file is accessed, it loops back to yourself and you get the screen saying it's unable to connect to the site listed - it 'loops back' to 127.0.0.1
The sites in the hosts file are generally sites you wouldn't want to go to.

The file is located at:
c:\windowssystem32\drivers\etc\hosts
And can be examined using Notepad.
You can add/delete sites to/from your hosts file (back it up first) then test it by pasting the site into the browser e.g "www.whatever.com"

See the samples below.

 

whiskey99,

It's not a good idea to mess with your HOSTS file unless you really understand it.

If you will scan your computer with OTL and post a copy of the Log for me, I'll check it over for any Malware or Hosts Hijacker and we can clean it up.

-Download and run OTL-

Download OTL by Old Timer and save it to your Desktop.
• Double click on OTL.exe to run it.
• Under Output, ensure that Minimal Output is selected.
• Under Extra Registry section, select Use SafeList.
• Click the Scan All Users checkbox.
* On the bottom right check Lop Check and Purity Check
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
o OTL.txt <-- Will be opened and is what I need posted back here.
o Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
• Please post the contents of OTL.txt Log in your next reply.

2oG

 

HI,2oldGeek, I searched about using 64bit instead of the 32bit i have and it confirmed
what i already knew 64bit is not the way to go,will run your program in AM,thanks

 

I have to work today and will catch you when I get free.

p.s. try to stay on just one thread... lol

 

OTL logfile created on: 3/28/2013 7:07:35 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop\New Folder\files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 46.51% Memory free
3.10 Gb Paging File | 2.00 Gb Available in Paging File | 64.53% Paging File free
Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 138.97 Gb Total Space | 106.79 Gb Free Space | 76.84% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

Computer Name: WS3 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Admin\Desktop\New Folder\files\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
PRC - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
PRC - C:\WINDOWS\system32\calc.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nview\nView.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll ()
MOD - C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
MOD - C:\Program Files\NETGEAR\WNA1100\WifiLib.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PFNet) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (WSWNA1100) -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (ffcc) -- C:\WINDOWS\system32\ffcc.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys File not found
DRV - (766b5317ee71183b991241dfaa6c210b) -- system32\766b5317ee71183b991241dfaa6c210b.sys File not found
DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
DRV - (gfiark) -- C:\WINDOWS\system32\drivers\gfiark.sys (GFI Software)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (GFI Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (GFI Software)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (pwipf6) -- C:\WINDOWS\system32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blekko.com/ws/?sour...67F7004892F5088167451525108BE&q={searchTerms}
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{3C67974A-CDB2-4701-AE85-78761959C8F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS504
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{956B18BA-4FB0-4D5D-B74A-7F297176057F}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9509C8F6-C426-4EF7-9A54-563530FA8B0A
IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E2267F7004892F5088167451525108BE"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://xfinity.comcast.net/"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.6.55.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 09:28:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/07 02:03:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/26 18:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:43:12 | 000,000,000 | ---D | M]

[2010/01/25 13:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2013/03/26 19:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions
[2013/03/05 17:12:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
[2013/02/24 05:24:08 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/02/28 05:18:21 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\searchplugins\startpage-https.xml
[2013/03/07 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/13 16:05:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/07 23:43:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/08 16:10:30 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2013/03/26 18:53:30 | 000,000,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 12:03:41 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/06 07:50:50 | 000,003,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinitylcsearch.xml

========== Chrome ==========

CHR - homepage: http://securesearch.lavasoft.com/?s...retb&v=2_5&u=E2267F7004892F5088167451525108BE
CHR - homepage: http://securesearch.lavasoft.com/?s...retb&v=2_5&u=E2267F7004892F5088167451525108BE
CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

O1 HOSTS File: ([2013/02/27 02:08:10 | 000,444,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15277 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SearchProtection] C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat File not found
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Domains: comcast.net ([%20www] https in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177783047764 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3D99DD0-5767-40B3-B61A-C431092ADB1E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - () - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/28 09:07:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell - "" = AutoRun
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/27 03:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2013/03/26 19:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\adawarebp
[2013/03/26 18:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
[2013/03/26 18:56:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
[2013/03/25 21:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/03/25 21:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/03/25 12:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Avg2013
[2013/03/24 05:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2013/03/24 05:01:56 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2013/03/24 05:01:54 | 015,517,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2013/03/24 05:01:54 | 000,108,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2013/03/24 05:01:53 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2013/03/24 05:00:49 | 019,189,760 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013/03/24 05:00:49 | 007,536,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013/03/24 05:00:49 | 005,967,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013/03/24 05:00:49 | 002,581,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013/03/24 05:00:49 | 001,869,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013/03/24 05:00:49 | 001,010,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2013/03/24 05:00:49 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013/03/24 05:00:46 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013/03/24 05:00:46 | 002,389,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013/03/23 03:35:54 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/03/23 03:28:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
[2013/03/23 03:28:04 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2013/03/23 03:28:04 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2013/03/23 03:28:04 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2013/03/23 03:28:04 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2013/03/23 03:28:03 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2013/03/23 03:28:03 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2013/03/23 03:28:03 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2013/03/23 03:28:02 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2013/03/23 03:27:59 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2013/03/23 03:27:59 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2013/03/23 03:27:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
[2013/03/23 03:27:58 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2013/03/23 03:27:58 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2013/03/23 03:27:57 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2013/03/23 03:27:57 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2013/03/23 03:27:57 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2013/03/23 03:27:56 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2013/03/23 03:27:56 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2013/03/23 03:27:56 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2013/03/23 03:27:52 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
[2013/03/23 03:27:49 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2013/03/23 03:27:49 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2013/03/23 03:27:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2013/03/23 03:27:48 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
[2013/03/23 03:27:48 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
[2013/03/23 03:27:48 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
[2013/03/23 03:27:47 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2013/03/23 03:27:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2013/03/23 03:27:47 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2013/03/23 03:27:46 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2013/03/23 03:27:46 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2013/03/23 03:27:46 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2013/03/23 03:27:46 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2013/03/23 03:27:45 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2013/03/23 03:27:45 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2013/03/23 03:27:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2013/03/23 03:27:44 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
[2013/03/23 03:27:44 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
[2013/03/23 03:27:37 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
[2013/03/23 03:27:37 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
[2013/03/23 03:27:36 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
[2013/03/23 03:27:35 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
[2013/03/23 03:27:35 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
[2013/03/23 03:27:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
[2013/03/23 03:27:34 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
[2013/03/23 03:27:34 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
[2013/03/23 03:27:34 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
[2013/03/23 03:27:32 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
[2013/03/23 03:27:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2013/03/23 03:27:25 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2013/03/23 03:27:25 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
[2013/03/23 03:27:24 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
[2013/03/23 03:27:24 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
[2013/03/23 03:27:19 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
[2013/03/23 03:27:19 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
[2013/03/23 03:27:18 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2013/03/23 03:27:18 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
[2013/03/23 03:27:18 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
[2013/03/23 03:27:17 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
[2013/03/23 03:27:17 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
[2013/03/23 03:27:17 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
[2013/03/23 03:27:16 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
[2013/03/23 03:27:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
[2013/03/23 03:27:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
[2013/03/23 03:27:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
[2013/03/23 03:27:03 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2013/03/23 03:26:57 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2013/03/23 03:26:57 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2013/03/23 03:26:57 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2013/03/23 03:26:56 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2013/03/23 03:26:56 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2013/03/23 03:26:56 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
[2013/03/23 03:26:55 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2013/03/23 03:26:54 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2013/03/23 03:26:54 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
[2013/03/23 03:26:54 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
[2013/03/23 03:26:54 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
[2013/03/23 03:26:53 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2013/03/23 03:26:53 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2013/03/23 03:26:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
[2013/03/23 03:26:52 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2013/03/23 03:26:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2013/03/23 03:26:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
[2013/03/23 03:26:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
[2013/03/23 03:26:51 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2013/03/23 03:26:51 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2013/03/23 03:26:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
[2013/03/23 03:26:50 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2013/03/23 03:26:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2013/03/23 03:07:11 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/03/23 03:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/03/23 03:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/03/23 02:31:43 | 000,000,000 | ---D | C] -- C:\rei
[2013/03/23 02:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/03/22 07:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/22 06:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/17 00:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2013/03/15 14:26:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Recent
[2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Canneverbe Limited
[2013/03/09 13:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2013/03/07 23:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/05 18:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Privatefirewall
[2013/03/05 18:08:18 | 000,135,272 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2013/03/05 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Privatefirewall 7.0
[2013/03/05 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2013/03/05 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
[2013/03/05 17:16:41 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/05 17:16:41 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/05 17:16:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/05 17:16:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/05 17:16:26 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/05 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/03/05 17:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Qualys
[2013/03/05 10:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/03/04 16:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DriverCure
[2013/03/04 16:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2013/03/04 16:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/03/04 15:45:44 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
[2013/03/02 11:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2013/03/02 11:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013/03/02 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/01 13:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Research In Motion
[2013/03/01 12:58:29 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2013/03/01 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2013/02/28 21:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/28 07:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/28 06:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/28 00:01:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/27 23:57:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{015D3F78-B8AB-4912-A42E-94BD6F2F3679}.job
[2013/03/27 23:56:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/27 23:54:43 | 000,001,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/03/27 23:53:42 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/03/27 23:53:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/27 23:53:18 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/27 23:53:15 | 000,143,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/03/27 23:46:29 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/03/27 11:06:31 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/03/27 05:22:37 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
[2013/03/27 03:03:18 | 000,000,343 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/03/27 00:51:01 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/03/27 00:49:24 | 000,445,785 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-005034.backup
[2013/03/26 18:51:59 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/03/26 02:33:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/03/26 02:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/03/25 21:42:19 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-004924.backup
[2013/03/25 21:40:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/03/25 21:40:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/03/25 21:39:47 | 000,481,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/25 21:39:47 | 000,079,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/25 21:15:24 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/25 20:32:07 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_95
[2013/03/25 19:56:58 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_732
[2013/03/25 04:17:36 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_528
[2013/03/24 05:01:22 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/24 05:01:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/24 05:01:18 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/24 05:01:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/24 01:44:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/03/23 16:09:14 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_297
[2013/03/23 08:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/23 03:57:09 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_350
[2013/03/23 02:34:11 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2013/03/22 14:27:13 | 000,444,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_247
[2013/03/22 14:26:02 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142713.backup
[2013/03/22 06:54:51 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2013/03/22 06:44:41 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/20 00:31:39 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142602.backup
[2013/03/19 13:09:22 | 000,000,494 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013/03/19 13:08:41 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2013/03/17 12:00:46 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/03/16 18:52:48 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/03/15 14:33:09 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2013/03/13 12:05:54 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/12 14:42:09 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/12 14:42:09 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/09 13:33:14 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/03/05 17:16:14 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/03/05 17:16:12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/03/05 17:16:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/03/05 17:16:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/03/05 17:16:12 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/03/05 17:16:11 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/03/05 17:16:11 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/03/05 10:02:34 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/04 15:45:56 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
[2013/03/04 15:31:25 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2013/03/02 11:17:20 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/03/02 01:03:23 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/01 13:00:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/03/01 12:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/03/01 12:58:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/03/01 09:10:44 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/02/28 19:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/27 02:08:10 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130320-003139.backup
[2013/02/27 02:08:10 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/27 01:58:48 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130227-010810.backup
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/26 18:56:35 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/03/24 05:01:18 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013/03/24 05:01:18 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013/03/24 05:01:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013/03/24 05:01:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013/03/24 05:00:49 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013/03/24 05:00:49 | 000,015,449 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2013/03/23 03:27:39 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2013/03/23 03:27:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2013/03/23 03:27:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2013/03/23 03:27:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2013/03/23 03:27:37 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2013/03/23 03:27:37 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2013/03/23 03:27:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2013/03/23 03:27:34 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2013/03/23 03:04:33 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/03/23 02:33:54 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/03/23 02:32:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
[2013/03/23 02:29:50 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2013/03/15 14:33:09 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
[2013/03/09 13:33:14 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2013/03/09 13:33:14 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2013/03/09 13:33:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2013/03/05 10:02:34 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/02 14:31:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2013/03/02 11:17:20 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/03/02 01:03:23 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/01 13:00:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/03/01 12:58:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
[2013/03/01 12:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2013/02/25 02:07:50 | 000,143,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/01/09 04:43:29 | 000,794,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/13 11:12:48 | 000,000,343 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/07 20:36:30 | 000,788,388 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1592454029-839522115-1003-0.dat
[2012/12/07 20:36:28 | 000,270,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/29 13:35:40 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2012/05/24 14:15:23 | 000,005,816 | ---- | C] () -- C:\Documents and Settings\Admin\.tkt
[2012/05/11 01:52:40 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2012/05/11 01:52:40 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2012/05/11 01:52:40 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2012/05/11 01:52:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2012/05/11 01:52:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2012/04/24 11:16:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/22 17:22:49 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/04/07 11:34:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\bibstats
[2009/10/08 13:24:15 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/20 12:22:01 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2007/06/20 12:04:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2007/04/28 13:24:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/16 03:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ad-Aware Antivirus
[2013/03/22 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Audacity
[2013/02/24 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Auslogics
[2013/02/23 21:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CallingID
[2009/12/22 14:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Calyx Software
[2013/03/09 13:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canneverbe Limited
[2013/01/23 21:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\comcasttb
[2007/05/02 10:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Command Software
[2013/03/04 16:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DriverCure
[2012/11/06 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ElevatedDiagnostics
[2010/06/15 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Epson
[2012/12/06 14:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FinalBurner Video DVD
[2012/12/08 22:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ImgBurn
[2010/06/16 10:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leader Technologies
[2010/06/14 13:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2012/05/27 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Oracle
[2013/03/04 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
[2012/10/01 02:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PCDr
[2013/03/05 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Qualys
[2013/03/01 13:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Research In Motion
[2013/02/24 05:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SecureSearch
[2012/12/13 13:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
[2013/03/22 07:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\WinPatrol
[2008/04/02 10:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Xerox
[2013/03/16 05:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/03/27 13:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/10/28 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2013/03/09 13:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/05/10 13:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/26 18:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/06/14 12:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2012/12/07 02:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
[2013/03/27 01:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/05 10:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/03/25 12:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/03/04 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/02/24 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/03/05 18:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
[2013/02/25 02:05:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
[2013/03/26 04:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/07 02:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/06/14 12:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2013/01/01 08:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/05/24 13:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2012/12/07 02:30:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/02 09:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2012/05/24 14:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox
[2013/02/02 09:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser.WS3\Application Data\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

 

whiskey99,

Thanks for the good OTL Log, just got off work so, will look it over real good tonight.

First: What is the HOSTS file that you have installed and do you have your DNS Service Disabled? I see you have a little over 15,000 entries in your Hosts file and it will run faster with the DNS Service disabled. (I have over 200,000 entries in my Hosts file.)

In order to make my task of digging through your OTL Log a lot easier, please run the following programs and post the logs for me so I can get a full picture of your computer:

1) Security Check

Please download and save SecurityCheck.exe to your Desktop.

• Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt
• Please copy and past the contents of checkup.txt in your next reply.


2) AdwCleaner

Please download adwcleaner and save to your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok. if asked.
• Your computer will be rebooted automatically.
• A text file will open after the restart.
• Please copy and past the content of that log file with your next post.


Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.


3) Junkware Removal Tool

Please download jrt.exe and save it to your desktop.

• Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
• If running Vista or Win7... right-click jrt.exe and select "Run as Administrator", otherwise just double click it. The tool will open and start scanning your system. Please be patient, it can take a while depending on your system. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
• Please copy and paste the contents of JRT.txt and post in your next reply.


Please DO NOT run, delete or change anything on your computer unless I ask you to. Things will go smoother and we can get your computer in good shape without me having to look over Logs 2 or 3 times to find any unknown changes.

Awaiting your reply,
2oG

 

Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Lavasoft Ad-Aware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
WinPatrol
MVPS Hosts File
SpywareBlaster 5.0
Spybot - Search & Destroy
SUPERAntiSpyware
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader XI
Mozilla Firefox (19.0.2)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.172
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
WinPatrol winpatrol.exe
Spybot Teatimer.exe is disabled!
Privatefirewall 6.1 pfsvc.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
Privacyware Privatefirewall 7.0 PFGUI.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

 

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 17:08:47
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Admin - WS3
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Admin\Desktop\New Folder\files\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [37727 octets] - [31/10/2012 15:14:46]
AdwCleaner[R2].txt - [4313 octets] - [31/10/2012 15:36:24]
AdwCleaner[R3].txt - [4434 octets] - [31/10/2012 15:46:39]
AdwCleaner[R6].txt - [8443 octets] - [15/03/2013 14:29:17]
AdwCleaner[R7].txt - [1517 octets] - [15/03/2013 14:40:38]
AdwCleaner[S1].txt - [38116 octets] - [31/10/2012 15:19:54]
AdwCleaner[S2].txt - [4473 octets] - [31/10/2012 15:39:46]
AdwCleaner[S3].txt - [4594 octets] - [31/10/2012 15:47:41]
AdwCleaner[S4].txt - [8506 octets] - [15/03/2013 14:30:51]
AdwCleaner[S5].txt - [2092 octets] - [28/03/2013 17:08:47]

########## EOF - C:\AdwCleaner[S5].txt - [2152 octets] ##########

 

HI,2oldGeek,Here's something that finally dawned on me is this problem is only happening on my PC,but not on my sons PC and it started right after he downloaded from the site he
trying to access and i was not downloading anything.

 

is this your son's or your PC?

are you guys on a network -- wireless router?

 

What we have is cable from Comcast to router then out of router by way of CAT-5 to each PC
but they are not connected in line with each other they are separate lines to each PC.
My PC and is upstairs in my bedroom his is downstairs in the living room and i knew he was downloading stuff where as i was not.

 

Comcast sucks anyways.My sisters have it and also my cousins and most of my friends on Facebook.I haven't heard anything good about them or their service.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Microsoft Windows XP x86
Ran by Admin on Thu 03/28/2013 at 18:04:34.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\searchprotection
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Admin\Application Data\comcasttb"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Admin\Local Settings\Application Data\adawarebp"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Admin\Application Data\mozilla\firefox\profiles\k3s4znh0.default-1361448118730\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted the following from C:\Documents and Settings\Admin\Application Data\mozilla\firefox\profiles\k3s4znh0.default-1361448118730\prefs.js

user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013031504");
user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm003^YY^us");
user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "CNTiwtfJ_rUCFa9aMgodQxQAwA");
user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "77E7D995-FCFC-4770-AE83-01E79C92240C");
user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1363369594481");
user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "how much is the irs milage||how much is the irs milage for in 2013||youtube/ted cruz/diane fienstien");
user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "98520");
user_pref("extensions.toolbar.mindspark._4jMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._4jMembers_.hp.lastGuardTime", 1457135471);
user_pref("extensions.toolbar.mindspark._4jMembers_.hp.numGuards", 1);
user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._4jMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2013031017");
user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "^ZX^xdm002^YY^us");
user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "CIv-qMOy87UCFetAMgodo1QADg");
user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "2A0AB0D8-1E45-4EA8-88FA-62CBA3A0FEA0");
user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1362961562573");
user_pref("extensions.toolbar.mindspark._4jMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._4jMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "98520");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "mapsgalaxy@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");
Emptied folder: C:\Documents and Settings\Admin\Application Data\mozilla\firefox\profiles\k3s4znh0.default-1361448118730\minidumps [9 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/28/2013 at 18:27:52.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

HI,I do not know if this means anything but the reason i do not accept the HOST item it wants me to accept the change i really do not know what the acceptance might do to my PC.

 

It probably is WinPatrol. if it is tell it to block the change.

 

Good show whiskey99, I have all the Logs and your PC shows signs of malware. Some not so bad and some that can be a gateway for more infections to get in. I suggest we clean it and maybe look at your son's computer after we get yours.

 

While we are on rant about COMCAST it is not cheep/cheap,but the way things are nowadays
you almost can not exist without a internet connection if for nothing else is the amount of money that you save by not having to pay for all of the gas&time you would have wasted.