1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hosts files

Discussion in 'Windows - Virus and spyware problems' started by whiskey99, Mar 27, 2013.

  1. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    HI,My son downloaded a program that WINPATROL keeps asking if i want to keep so far i have rejected the following is what it says.
    (c:\windowssystem32\drivers\etc\hosts),also the following
    (1)ETILQS_XFXEZBZQ1M4JFGX,program description etilqs_xfxEZbZq1m4
    (2)ETILQS_95NSBYAMDPWDVOH,program description 95NsbyAm
    I am in WINPATROL i can delete these files but would like comfirmation please,thanks
     
  2. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,509
    Likes Received:
    29
    Trophy Points:
    128
  3. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    HI,attar,The program my son downloaded was for a ancestry site,but if you use WINPATROL
    file info for what its worth there appears sex and porno at ips 127.0.0.1
    But this may also be SPYBOT SEARCH& DESTROY lists ips's,but it also keeps popping up do
    not want to turn my back on it just yet this one of the reasons you have to be careful
    what you download just have not been able to block it yet.
    Can you lay out how to go into the hosts file or where this program is so that i can totally delete it for peace of mind,thanks
     
  4. attar

    attar Senior member

    Joined:
    Jun 17, 2005
    Messages:
    11,509
    Likes Received:
    29
    Trophy Points:
    128
    127.0.0.1 is you.
    When a site that's included in your hosts file is accessed, it loops back to yourself and you get the screen saying it's unable to connect to the site listed - it 'loops back' to 127.0.0.1
    The sites in the hosts file are generally sites you wouldn't want to go to.

    The file is located at:
    c:\windowssystem32\drivers\etc\hosts
    And can be examined using Notepad.
    You can add/delete sites to/from your hosts file (back it up first) then test it by pasting the site into the browser e.g "www.whatever.com"

    See the samples below.

     
    Last edited: Mar 27, 2013
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    whiskey99,

    It's not a good idea to mess with your HOSTS file unless you really understand it.

    If you will scan your computer with OTL and post a copy of the Log for me, I'll check it over for any Malware or Hosts Hijacker and we can clean it up.

    -Download and run OTL-

    Download OTL by Old Timer and save it to your Desktop.
    • Double click on OTL.exe to run it.
    • Under Output, ensure that Minimal Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    * On the bottom right check Lop Check and Purity Check
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
    o OTL.txt <-- Will be opened and is what I need posted back here.
    o Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
    • Please post the contents of OTL.txt Log in your next reply.

    2oG
     
    Last edited: Mar 27, 2013
  6. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    HI,2oldGeek, I searched about using 64bit instead of the 32bit i have and it confirmed
    what i already knew 64bit is not the way to go,will run your program in AM,thanks
     
  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    I have to work today and will catch you when I get free.

    p.s. try to stay on just one thread... lol
     
    Last edited: Mar 28, 2013
  8. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    OTL logfile created on: 3/28/2013 7:07:35 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Admin\Desktop\New Folder\files
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 46.51% Memory free
    3.10 Gb Paging File | 2.00 Gb Available in Paging File | 64.53% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 1344 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 138.97 Gb Total Space | 106.79 Gb Free Space | 76.84% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.23 Gb Free Space | 62.32% Space Free | Partition Type: NTFS

    Computer Name: WS3 | User Name: Admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Admin\Desktop\New Folder\files\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
    PRC - C:\Program Files\Ad-Aware Antivirus\AdAware.exe (Lavasoft Limited)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
    PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
    PRC - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
    PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
    PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
    PRC - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
    PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Secunia\PSI\psia.exe (Secunia)
    PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
    PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    PRC - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
    PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    PRC - C:\WINDOWS\system32\acs.exe (Atheros)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
    PRC - C:\WINDOWS\system32\calc.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll ()
    MOD - C:\Program Files\NVIDIA Corporation\nview\nView.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
    MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
    MOD - C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
    MOD - C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll ()
    MOD - C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll ()
    MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
    MOD - C:\Program Files\NETGEAR\WNA1100\WifiLib.dll ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()
    MOD - C:\WINDOWS\system32\nvshell.dll ()


    ========== Services (SafeList) ==========

    SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
    SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
    SRV - (Ad-Aware Service) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
    SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (PFNet) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (Privacyware/PWI, Inc.)
    SRV - (SBAMSvc) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
    SRV - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
    SRV - (WDBackup) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
    SRV - (WDDriveService) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
    SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
    SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
    SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
    SRV - (WSWNA1100) -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe ()
    SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
    SRV - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
    SRV - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
    SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
    SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
    SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (ffcc) -- C:\WINDOWS\system32\ffcc.sys File not found
    DRV - (cpuz134) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
    DRV - (Changer) -- File not found
    DRV - (catchme) -- C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys File not found
    DRV - (766b5317ee71183b991241dfaa6c210b) -- system32\766b5317ee71183b991241dfaa6c210b.sys File not found
    DRV - (gfibto) -- C:\WINDOWS\system32\drivers\gfibto.sys (GFI Software)
    DRV - (gfiark) -- C:\WINDOWS\system32\drivers\gfiark.sys (GFI Software)
    DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
    DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
    DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
    DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
    DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
    DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
    DRV - (SWDUMon) -- C:\WINDOWS\system32\drivers\SWDUMon.sys ()
    DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
    DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (GFI Software)
    DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (GFI Software)
    DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
    DRV - (pwipf6) -- C:\WINDOWS\system32\drivers\pwipf6.sys (Privacyware/PWI, Inc.)
    DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
    DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Almico Software)
    DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
    DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
    DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
    DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
    DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
    DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\.DEFAULT\..\SearchScopes,defaultscope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-18\..\SearchScopes,defaultscope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8HP&PC=UP62
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blekko.com/ws/?sour...67F7004892F5088167451525108BE&q={searchTerms}
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{3C67974A-CDB2-4701-AE85-78761959C8F4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7PRFB_enUS504
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\SearchScopes\{956B18BA-4FB0-4D5D-B74A-7F297176057F}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=9509C8F6-C426-4EF7-9A54-563530FA8B0A
    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=E2267F7004892F5088167451525108BE"
    FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://xfinity.comcast.net/"
    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: %7B7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D%7D:1.6.55.1
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 09:28:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/12/07 02:03:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/26 18:53:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/07 23:43:12 | 000,000,000 | ---D | M]

    [2010/01/25 13:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
    [2013/03/26 19:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions
    [2013/03/05 17:12:42 | 000,000,000 | ---D | M] (Qualys BrowserCheck) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions\{7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D}
    [2013/02/24 05:24:08 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    [2013/02/28 05:18:21 | 000,002,160 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\searchplugins\startpage-https.xml
    [2013/03/07 23:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2009/11/13 16:05:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2013/03/07 23:43:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2009/02/08 16:10:30 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
    [2013/03/26 18:53:30 | 000,000,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
    [2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/02/19 12:03:41 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/06/06 07:50:50 | 000,003,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinitylcsearch.xml

    ========== Chrome ==========

    CHR - homepage: http://securesearch.lavasoft.com/?s...retb&v=2_5&u=E2267F7004892F5088167451525108BE
    CHR - homepage: http://securesearch.lavasoft.com/?s...retb&v=2_5&u=E2267F7004892F5088167451525108BE
    CHR - Extension: Freemake Video Converter = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\

    O1 HOSTS File: ([2013/02/27 02:08:10 | 000,444,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15277 more lines...
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll File not found
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SearchProtection] C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat File not found
    O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
    O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
    O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-682003330-1592454029-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-682003330-1592454029-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Domains: comcast.net ([%20www] https in Trusted sites)
    O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
    O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
    O15 - HKU\S-1-5-21-682003330-1592454029-839522115-1003\..Trusted Ranges: Range1 ([*] in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177783047764 (WUWebControl Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3D99DD0-5767-40B3-B61A-C431092ADB1E}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\SDWinLogon: DllName - () - File not found
    O24 - Desktop WallPaper:
    O24 - Desktop BackupWallPaper:
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/04/28 09:07:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell - "" = AutoRun
    O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4da4a683-c3d9-11e1-a510-001aa00881e0}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/27 03:30:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
    [2013/03/26 19:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\adawarebp
    [2013/03/26 18:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
    [2013/03/26 18:56:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\VDD
    [2013/03/25 21:57:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
    [2013/03/25 21:43:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
    [2013/03/25 12:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Avg2013
    [2013/03/24 05:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    [2013/03/24 05:01:56 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
    [2013/03/24 05:01:54 | 015,517,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
    [2013/03/24 05:01:54 | 000,108,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
    [2013/03/24 05:01:53 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
    [2013/03/24 05:00:49 | 019,189,760 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2013/03/24 05:00:49 | 007,536,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2013/03/24 05:00:49 | 005,967,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2013/03/24 05:00:49 | 002,581,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2013/03/24 05:00:49 | 001,869,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2013/03/24 05:00:49 | 001,010,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
    [2013/03/24 05:00:49 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2013/03/24 05:00:46 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2013/03/24 05:00:46 | 002,389,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2013/03/23 03:35:54 | 000,000,000 | ---D | C] -- C:\RegBackup
    [2013/03/23 03:28:05 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bulltlp3.sys
    [2013/03/23 03:28:04 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2013/03/23 03:28:04 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2013/03/23 03:28:04 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2013/03/23 03:28:04 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2013/03/23 03:28:03 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2013/03/23 03:28:03 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2013/03/23 03:28:03 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2013/03/23 03:28:02 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2013/03/23 03:27:59 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2013/03/23 03:27:59 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2013/03/23 03:27:58 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brmfcwia.dll
    [2013/03/23 03:27:58 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2013/03/23 03:27:58 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2013/03/23 03:27:57 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2013/03/23 03:27:57 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2013/03/23 03:27:57 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2013/03/23 03:27:56 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2013/03/23 03:27:56 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2013/03/23 03:27:56 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2013/03/23 03:27:52 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\binlsvc.dll
    [2013/03/23 03:27:49 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2013/03/23 03:27:49 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
    [2013/03/23 03:27:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
    [2013/03/23 03:27:48 | 000,066,557 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42u.sys
    [2013/03/23 03:27:48 | 000,054,271 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm42xx5.sys
    [2013/03/23 03:27:48 | 000,026,568 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\bcm4e5.sys
    [2013/03/23 03:27:47 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2013/03/23 03:27:47 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2013/03/23 03:27:47 | 000,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
    [2013/03/23 03:27:46 | 000,096,640 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
    [2013/03/23 03:27:46 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2013/03/23 03:27:46 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2013/03/23 03:27:46 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2013/03/23 03:27:45 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2013/03/23 03:27:45 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2013/03/23 03:27:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
    [2013/03/23 03:27:44 | 000,036,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcaudio.sys
    [2013/03/23 03:27:44 | 000,013,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avcstrm.sys
    [2013/03/23 03:27:37 | 000,104,832 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiraged.dll
    [2013/03/23 03:27:37 | 000,070,528 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atiragem.sys
    [2013/03/23 03:27:36 | 000,281,600 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimtai.sys
    [2013/03/23 03:27:35 | 000,289,664 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpab.sys
    [2013/03/23 03:27:35 | 000,075,136 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atimpae.sys
    [2013/03/23 03:27:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atievxx.exe
    [2013/03/23 03:27:34 | 000,382,592 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrab.dll
    [2013/03/23 03:27:34 | 000,268,160 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidvai.dll
    [2013/03/23 03:27:34 | 000,137,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atidrae.dll
    [2013/03/23 03:27:32 | 000,096,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ati.dll
    [2013/03/23 03:27:32 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
    [2013/03/23 03:27:25 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2013/03/23 03:27:25 | 000,014,848 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc3550.sys
    [2013/03/23 03:27:24 | 000,026,496 | ---- | C] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\dllcache\asc.sys
    [2013/03/23 03:27:24 | 000,022,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asc3350p.sys
    [2013/03/23 03:27:19 | 000,036,224 | ---- | C] (ADMtek Incorporated.) -- C:\WINDOWS\System32\dllcache\an983.sys
    [2013/03/23 03:27:19 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\apmbatt.sys
    [2013/03/23 03:27:18 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2013/03/23 03:27:18 | 000,012,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\amsint.sys
    [2013/03/23 03:27:18 | 000,005,248 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\aliide.sys
    [2013/03/23 03:27:17 | 000,056,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78xx.sys
    [2013/03/23 03:27:17 | 000,027,678 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ali5261.sys
    [2013/03/23 03:27:17 | 000,026,624 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\alifir.sys
    [2013/03/23 03:27:16 | 000,055,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aic78u2.sys
    [2013/03/23 03:27:16 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aha154x.sys
    [2013/03/23 03:27:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agcgauge.ax
    [2013/03/23 03:27:03 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adpu160m.sys
    [2013/03/23 03:27:03 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2013/03/23 03:26:57 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2013/03/23 03:26:57 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2013/03/23 03:26:57 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2013/03/23 03:26:56 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2013/03/23 03:26:56 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
    [2013/03/23 03:26:56 | 000,007,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adicvls.sys
    [2013/03/23 03:26:55 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2013/03/23 03:26:54 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
    [2013/03/23 03:26:54 | 000,231,552 | ---- | C] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\dllcache\ac97ali.sys
    [2013/03/23 03:26:54 | 000,096,256 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\ac97intc.sys
    [2013/03/23 03:26:54 | 000,084,480 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ac97via.sys
    [2013/03/23 03:26:53 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2013/03/23 03:26:53 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2013/03/23 03:26:53 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\abp480n5.sys
    [2013/03/23 03:26:52 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2013/03/23 03:26:52 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
    [2013/03/23 03:26:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\8514a.dll
    [2013/03/23 03:26:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4mmdat.sys
    [2013/03/23 03:26:51 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2013/03/23 03:26:51 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2013/03/23 03:26:51 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394vdbg.sys
    [2013/03/23 03:26:50 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
    [2013/03/23 03:26:29 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
    [2013/03/23 03:07:11 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
    [2013/03/23 03:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
    [2013/03/23 03:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
    [2013/03/23 02:31:43 | 000,000,000 | ---D | C] -- C:\rei
    [2013/03/23 02:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
    [2013/03/22 07:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2013/03/22 06:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
    [2013/03/20 13:03:50 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
    [2013/03/17 00:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    [2013/03/15 14:26:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admin\Recent
    [2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2013/03/09 13:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Canneverbe Limited
    [2013/03/09 13:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
    [2013/03/07 23:43:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/03/05 18:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Privatefirewall
    [2013/03/05 18:08:18 | 000,135,272 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
    [2013/03/05 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Privatefirewall 7.0
    [2013/03/05 18:08:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Privacyware
    [2013/03/05 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
    [2013/03/05 17:16:41 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/03/05 17:16:41 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/03/05 17:16:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/03/05 17:16:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/03/05 17:16:26 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/03/05 17:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2013/03/05 17:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Qualys
    [2013/03/05 10:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
    [2013/03/04 16:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\DriverCure
    [2013/03/04 16:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
    [2013/03/04 16:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2013/03/04 15:45:44 | 000,347,424 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
    [2013/03/02 11:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
    [2013/03/02 11:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
    [2013/03/02 01:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2013/03/01 13:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Research In Motion
    [2013/03/01 12:58:29 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
    [2013/03/01 12:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
    [2013/02/28 21:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/28 07:01:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/28 06:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/03/28 00:01:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/27 23:57:19 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{015D3F78-B8AB-4912-A42E-94BD6F2F3679}.job
    [2013/03/27 23:56:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/03/27 23:54:43 | 000,001,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
    [2013/03/27 23:53:42 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/03/27 23:53:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/03/27 23:53:18 | 000,264,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/03/27 23:53:15 | 000,143,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2013/03/27 23:46:29 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
    [2013/03/27 11:06:31 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
    [2013/03/27 05:22:37 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\HiJackThis.lnk
    [2013/03/27 03:03:18 | 000,000,343 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2013/03/27 00:51:01 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/03/27 00:49:24 | 000,445,785 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-005034.backup
    [2013/03/26 18:51:59 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
    [2013/03/26 02:33:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
    [2013/03/26 02:32:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
    [2013/03/25 21:42:19 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130327-004924.backup
    [2013/03/25 21:40:56 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2013/03/25 21:40:56 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2013/03/25 21:39:47 | 000,481,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/03/25 21:39:47 | 000,079,852 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/03/25 21:15:24 | 000,001,843 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2013/03/25 20:32:07 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_95
    [2013/03/25 19:56:58 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_732
    [2013/03/25 04:17:36 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_528
    [2013/03/24 05:01:22 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2013/03/24 05:01:22 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2013/03/24 05:01:18 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2013/03/24 05:01:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2013/03/24 01:44:50 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
    [2013/03/23 16:09:14 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_297
    [2013/03/23 08:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2013/03/23 03:57:09 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_350
    [2013/03/23 02:34:11 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini
    [2013/03/22 14:27:13 | 000,444,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_247
    [2013/03/22 14:26:02 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142713.backup
    [2013/03/22 06:54:51 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
    [2013/03/22 06:44:41 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2013/03/20 00:31:39 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130322-142602.backup
    [2013/03/19 13:09:22 | 000,000,494 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2013/03/19 13:08:41 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2013/03/17 12:00:46 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
    [2013/03/16 18:52:48 | 000,000,568 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
    [2013/03/15 14:33:09 | 000,001,190 | ---- | M] () -- C:\WINDOWS\System32\ServiceConfig.xml
    [2013/03/13 12:05:54 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2013/03/12 14:42:09 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/03/12 14:42:09 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/03/09 13:33:14 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
    [2013/03/09 13:33:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
    [2013/03/05 17:16:14 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/03/05 17:16:12 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/03/05 17:16:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/03/05 17:16:12 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/03/05 17:16:12 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/03/05 17:16:11 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
    [2013/03/05 17:16:11 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/03/05 10:02:34 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
    [2013/03/04 15:45:56 | 000,347,424 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Admin\My Documents\MicrosoftFixit.maintenance.FISC.134285864231185586.1.1.Run.exe
    [2013/03/04 15:31:25 | 000,000,282 | RHS- | M] () -- C:\boot.ini
    [2013/03/02 11:17:20 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
    [2013/03/02 01:03:23 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/03/01 13:00:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
    [2013/03/01 12:58:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
    [2013/03/01 12:58:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    [2013/03/01 09:10:44 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/02/28 19:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
    [2013/02/27 02:08:10 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130320-003139.backup
    [2013/02/27 02:08:10 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2013/02/27 01:58:48 | 000,444,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130227-010810.backup
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/26 18:56:35 | 000,001,646 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
    [2013/03/24 05:01:18 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2013/03/24 05:01:18 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2013/03/24 05:01:18 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2013/03/24 05:01:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2013/03/24 05:00:49 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2013/03/24 05:00:49 | 000,015,449 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2013/03/23 03:27:39 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2013/03/23 03:27:39 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2013/03/23 03:27:38 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2013/03/23 03:27:38 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2013/03/23 03:27:38 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2013/03/23 03:27:37 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2013/03/23 03:27:37 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2013/03/23 03:27:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2013/03/23 03:27:34 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2013/03/23 03:04:33 | 000,001,843 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    [2013/03/23 02:33:54 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
    [2013/03/23 02:32:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\Reimage ScanAgent.job
    [2013/03/23 02:29:50 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini
    [2013/03/15 14:33:09 | 000,001,190 | ---- | C] () -- C:\WINDOWS\System32\ServiceConfig.xml
    [2013/03/09 13:33:14 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\CDBurnerXP.lnk
    [2013/03/09 13:33:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
    [2013/03/09 13:33:14 | 000,001,587 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
    [2013/03/09 13:33:13 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2013/03/05 10:02:34 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
    [2013/03/02 14:31:31 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
    [2013/03/02 11:17:20 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
    [2013/03/02 01:03:23 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2013/03/01 13:00:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
    [2013/03/01 12:58:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_RimSerial_01007.Wdf
    [2013/03/01 12:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    [2013/02/25 02:07:50 | 000,143,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2013/01/09 04:43:29 | 000,794,376 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/12/13 11:12:48 | 000,000,343 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2012/12/07 20:36:30 | 000,788,388 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-682003330-1592454029-839522115-1003-0.dat
    [2012/12/07 20:36:28 | 000,270,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2012/09/29 13:35:40 | 000,013,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2012/05/24 14:15:23 | 000,005,816 | ---- | C] () -- C:\Documents and Settings\Admin\.tkt
    [2012/05/11 01:52:40 | 002,469,760 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
    [2012/05/11 01:52:40 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
    [2012/05/11 01:52:40 | 000,019,840 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
    [2012/05/11 01:52:40 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
    [2012/05/11 01:52:40 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
    [2012/04/24 11:16:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/09/22 17:22:49 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
    [2010/04/07 11:34:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\bibstats
    [2009/10/08 13:24:15 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/06/20 12:22:01 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
    [2007/06/20 12:04:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat

    ========== ZeroAccess Check ==========

    [2007/04/28 13:24:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/03/16 03:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ad-Aware Antivirus
    [2013/03/22 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Audacity
    [2013/02/24 21:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Auslogics
    [2013/02/23 21:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CallingID
    [2009/12/22 14:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Calyx Software
    [2013/03/09 13:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canneverbe Limited
    [2013/01/23 21:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\comcasttb
    [2007/05/02 10:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Command Software
    [2013/03/04 16:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DriverCure
    [2012/11/06 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ElevatedDiagnostics
    [2010/06/15 13:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Epson
    [2012/12/06 14:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FinalBurner Video DVD
    [2012/12/08 22:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ImgBurn
    [2010/06/16 10:57:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leader Technologies
    [2010/06/14 13:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
    [2012/05/27 19:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Oracle
    [2013/03/04 16:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ParetoLogic
    [2012/10/01 02:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PCDr
    [2013/03/05 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Qualys
    [2013/03/01 13:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Research In Motion
    [2013/02/24 05:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\SecureSearch
    [2012/12/13 13:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
    [2013/03/22 07:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\WinPatrol
    [2008/04/02 10:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Xerox
    [2013/03/16 05:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
    [2013/03/27 13:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
    [2012/10/28 12:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2013/03/09 13:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
    [2011/05/10 13:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2013/03/26 18:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2010/06/14 12:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2012/12/07 02:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2013/03/27 01:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2013/03/05 10:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
    [2013/03/25 12:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2013/03/04 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
    [2013/02/24 22:05:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
    [2013/03/05 18:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Privacyware
    [2013/02/25 02:05:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Shared Space
    [2013/03/26 04:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2012/12/07 02:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    [2010/06/14 12:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
    [2013/01/01 08:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
    [2012/05/24 13:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
    [2012/12/07 02:30:07 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    [2013/02/02 09:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
    [2012/05/24 14:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xerox
    [2013/02/02 09:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UpdatusUser.WS3\Application Data\TuneUp Software

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

    < End of report >
     
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    whiskey99,

    Thanks for the good OTL Log, just got off work so, will look it over real good tonight.

    First: What is the HOSTS file that you have installed and do you have your DNS Service Disabled? I see you have a little over 15,000 entries in your Hosts file and it will run faster with the DNS Service disabled. (I have over 200,000 entries in my Hosts file.)

    In order to make my task of digging through your OTL Log a lot easier, please run the following programs and post the logs for me so I can get a full picture of your computer:

    1) Security Check

    Please download and save SecurityCheck.exe to your Desktop.

    • Double-click SecurityCheck.exe then follow the on-screen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt
    • Please copy and past the contents of checkup.txt in your next reply.


    2) AdwCleaner

    Please download adwcleaner and save to your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok. if asked.
    • Your computer will be rebooted automatically.
    • A text file will open after the restart.
    • Please copy and past the content of that log file with your next post.


    Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.


    3) Junkware Removal Tool

    Please download jrt.exe and save it to your desktop.

    • Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
    • If running Vista or Win7... right-click jrt.exe and select "Run as Administrator", otherwise just double click it. The tool will open and start scanning your system. Please be patient, it can take a while depending on your system. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
    • Please copy and paste the contents of JRT.txt and post in your next reply.


    Please DO NOT run, delete or change anything on your computer unless I ask you to. Things will go smoother and we can get your computer in good shape without me having to look over Logs 2 or 3 times to find any unknown changes.

    Awaiting your reply,
    2oG
     
  10. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    Results of screen317's Security Check version 0.99.61
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Lavasoft Ad-Aware
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    WinPatrol
    MVPS Hosts File
    SpywareBlaster 5.0
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Secunia PSI (2.0.0.4003)
    Malwarebytes Anti-Malware version 1.70.0.1100
    CCleaner
    Java 7 Update 17
    Adobe Flash Player 11.6.602.180
    Adobe Reader XI
    Mozilla Firefox (19.0.2)
    Google Chrome 25.0.1364.152
    Google Chrome 25.0.1364.172
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    WinPatrol winpatrol.exe
    Spybot Teatimer.exe is disabled!
    Privatefirewall 6.1 pfsvc.exe
    Ad-Aware Antivirus AdAwareService.exe
    Ad-Aware Antivirus SBAMSvc.exe
    Privacyware Privatefirewall 7.0 PFGUI.exe
    BillP Studios WinPatrol winpatrol.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 3%
    ````````````````````End of Log``````````````````````
     
  11. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    # AdwCleaner v2.115 - Logfile created 03/28/2013 at 17:08:47
    # Updated 17/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Admin - WS3
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Admin\Desktop\New Folder\files\adwcleaner(1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

    ***** [Registry] *****

    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k3s4znh0.default-1361448118730\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v25.0.1364.172

    File : C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [37727 octets] - [31/10/2012 15:14:46]
    AdwCleaner[R2].txt - [4313 octets] - [31/10/2012 15:36:24]
    AdwCleaner[R3].txt - [4434 octets] - [31/10/2012 15:46:39]
    AdwCleaner[R6].txt - [8443 octets] - [15/03/2013 14:29:17]
    AdwCleaner[R7].txt - [1517 octets] - [15/03/2013 14:40:38]
    AdwCleaner[S1].txt - [38116 octets] - [31/10/2012 15:19:54]
    AdwCleaner[S2].txt - [4473 octets] - [31/10/2012 15:39:46]
    AdwCleaner[S3].txt - [4594 octets] - [31/10/2012 15:47:41]
    AdwCleaner[S4].txt - [8506 octets] - [15/03/2013 14:30:51]
    AdwCleaner[S5].txt - [2092 octets] - [28/03/2013 17:08:47]

    ########## EOF - C:\AdwCleaner[S5].txt - [2152 octets] ##########
     
  12. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    HI,2oldGeek,Here's something that finally dawned on me is this problem is only happening on my PC,but not on my sons PC and it started right after he downloaded from the site he
    trying to access and i was not downloading anything.
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    is this your son's or your PC?

    are you guys on a network -- wireless router?
     
    Last edited: Mar 28, 2013
  14. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    What we have is cable from Comcast to router then out of router by way of CAT-5 to each PC
    but they are not connected in line with each other they are separate lines to each PC.
    My PC and is upstairs in my bedroom his is downstairs in the living room and i knew he was downloading stuff where as i was not.
     
  15. JST1946

    JST1946 Regular member

    Joined:
    Jul 15, 2011
    Messages:
    901
    Likes Received:
    2
    Trophy Points:
    26
    Comcast sucks anyways.My sisters have it and also my cousins and most of my friends on Facebook.I haven't heard anything good about them or their service.
     
  16. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.3 (03.23.2013:1)
    OS: Microsoft Windows XP x86
    Ran by Admin on Thu 03/28/2013 at 18:04:34.15
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\searchprotection
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\Admin\Application Data\comcasttb"
    Successfully deleted: [Folder] "C:\Documents and Settings\Admin\Application Data\drivercure"
    Successfully deleted: [Folder] "C:\Documents and Settings\Admin\Local Settings\Application Data\adawarebp"



    ~~~ FireFox

    Successfully deleted: [Folder] C:\Documents and Settings\Admin\Application Data\mozilla\firefox\profiles\k3s4znh0.default-1361448118730\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
    Successfully deleted the following from C:\Documents and Settings\Admin\Application Data\mozilla\firefox\profiles\k3s4znh0.default-1361448118730\prefs.js

    user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", true);
    user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
    user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
    user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013031504");
    user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm003^YY^us");
    user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "CNTiwtfJ_rUCFa9aMgodQxQAwA");
    user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
    user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "77E7D995-FCFC-4770-AE83-01E79C92240C");
    user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1363369594481");
    user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
    user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
    user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
    user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
    user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "how much is the irs milage||how much is the irs milage for in 2013||youtube/ted cruz/diane fienstien");
    user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "98520");
    user_pref("extensions.toolbar.mindspark._4jMembers_.hp.enabled", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.hp.lastGuardTime", 1457135471);
    user_pref("extensions.toolbar.mindspark._4jMembers_.hp.numGuards", 1);
    user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.contextKey", "");
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2013031017");
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "^ZX^xdm002^YY^us");
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "CIv-qMOy87UCFetAMgodo1QADg");
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "2A0AB0D8-1E45-4EA8-88FA-62CBA3A0FEA0");
    user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1362961562573");
    user_pref("extensions.toolbar.mindspark._4jMembers_.options.defaultSearch", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.options.tabEnabled", true);
    user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "98520");
    user_pref("extensions.toolbar.mindspark.hp.enabled", true);
    user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "mapsgalaxy@mindspark.com");
    user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");
    Emptied folder: C:\Documents and Settings\Admin\Application Data\mozilla\firefox\profiles\k3s4znh0.default-1361448118730\minidumps [9 files]





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 03/28/2013 at 18:27:52.78
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    HI,I do not know if this means anything but the reason i do not accept the HOST item it wants me to accept the change i really do not know what the acceptance might do to my PC.
     
    Last edited: Mar 28, 2013
  18. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    It probably is WinPatrol. if it is tell it to block the change.
     
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,691
    Likes Received:
    35
    Trophy Points:
    78
    Good show whiskey99, I have all the Logs and your PC shows signs of malware. Some not so bad and some that can be a gateway for more infections to get in. I suggest we clean it and maybe look at your son's computer after we get yours.
     
  20. whiskey99

    whiskey99 Regular member

    Joined:
    Aug 9, 2010
    Messages:
    213
    Likes Received:
    1
    Trophy Points:
    26
    While we are on rant about COMCAST it is not cheep/cheap,but the way things are nowadays
    you almost can not exist without a internet connection if for nothing else is the amount of money that you save by not having to pay for all of the gas&time you would have wasted.
     

Share This Page