Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default Cant shake Adware

    Hey guys

    Donna helped me out late last year was great for a short time, but guess what, please help

    Mick

    #######################################################
    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 02/04/2014 at 04:09 PM

    Application Version : 5.7.1018

    Core Rules Database Version : 11018
    Trace Rules Database Version: 8830

    Scan type : Quick Scan
    Total Scan Time : 00:03:50

    Operating System Information
    Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 567
    Memory threats detected : 0
    Registry items scanned : 32864
    Registry threats detected : 0
    File items scanned : 6907
    File threats detected : 118

    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\A3WOHM9I.txt [ /atdmt.com ]
    C:\Documents and Settings\Administrator\Cookies\KHTGMFE1.txt [ /imrworldwide.com ]
    C:\Documents and Settings\Administrator\Cookies\QESW21M2.txt [ /media6degrees.com ]
    C:\Documents and Settings\Administrator\Cookies\5IE1XVMS.txt [ /c.atdmt.com ]
    C:\Documents and Settings\Administrator\Cookies\YCTTAYGC.txt [ /e-2dj6whk4whdjaep.stats.esomniture.com ]
    C:\Documents and Settings\Administrator\Cookies\9E8N5SJL.txt [ /ads.creative-serving.com ]
    C:\Documents and Settings\Administrator\Cookies\0SYZYXVX.txt [ /ru4.com ]
    C:\Documents and Settings\Administrator\Cookies\HFJVYOBF.txt [ /mediav.com ]
    C:\Documents and Settings\Administrator\Cookies\813VEBVT.txt [ /statse.webtrendslive.com ]
    C:\Documents and Settings\Administrator\Cookies\QGDPGB76.txt [ /ox.icanfindthis.me ]
    C:\Documents and Settings\Administrator\Cookies\RA9G44V0.txt [ /tribalfusion.com ]
    C:\Documents and Settings\Administrator\Cookies\ZP6A0X4O.txt [ /e-2dj6wak4cgc5wco.stats.esomniture.com ]
    C:\Documents and Settings\Administrator\Cookies\UZDVU6FS.txt [ /adserving.jp ]
    C:\Documents and Settings\Administrator\Cookies\N7KY0QKM.txt [ /adxcore.com ]
    C:\Documents and Settings\Administrator\Cookies\HZFC65D4.txt [ /adultfriendfinder.com ]
    C:\Documents and Settings\Administrator\Cookies\Y5THEODJ.txt [ /overture.com ]
    C:\Documents and Settings\Administrator\Cookies\CTZMDI5D.txt [ /lucidmedia.com ]
    C:\Documents and Settings\Administrator\Cookies\27A01JXI.txt [ /cba.122.2o7.net ]
    C:\Documents and Settings\Administrator\Cookies\557SQZOJ.txt [ /bs.serving-sys.com ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\C10CE0GF.txt [ /ads.yahoo.com ]
    .apmebf.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\RK5O8LIO.txt [ /doubleclick.net ]
    .mediaplex.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\PMMZDX80.txt [ /serving-sys.com ]
    .ru4.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\5PD5EAM3.txt [ /advertising.com ]
    .australiapost.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\S286OZFJ.txt [ /mediaplex.com ]
    C:\Documents and Settings\Administrator\Cookies\71IC3JZ7.txt [ /exoclick.com ]
    C:\Documents and Settings\Administrator\Cookies\M6I03ZLW.txt [ /ads.p161.net ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\DC7Y1UVR.txt [ /microsoftinternetexplorer.112.2o7.net ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\ROIHMTQN.txt [ /c1.adform.net ]
    .at.atwola.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\7LL8CJA3.txt [ /clickfuse.com ]
    in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\Documents and Settings\Administrator\Cookies\QRUI634Z.txt [ /casalemedia.com ]
    tracking.servebom.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yadro.ru [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cba.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    fastclicknow.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickbooth.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clicksor.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediafire.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\E81ZS14P.txt [ Cookie:administrator@www.929.com.au/shows/heidi-will-woody/blog/awesome-weird-perth-advert-for-staying-in-school/ ]
    pulse-analytics-beacon.reutersmedia.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overtons.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .warnerbros.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .cannedbanners.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .saymedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .icanfindthis.me [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    fastdailyfind.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    fastdailyfind.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    onlinewebfind.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adsrvmedia.adk2.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvmedia.adk2.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvmedia.adk2.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvmedia.adk2.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adsrvmedia.adk2.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    onlinewebfind.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ox.icanfindthis.me [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    ##########################################################################################

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free Anti-Malware

    Database version: v2014.02.04.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: SECOND-77229CA4 [administrator]

    04/02/14 4:12:52 PM
    MBAM-log-2014-02-04 (16-21-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228562
    Time elapsed: 5 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 8
    HKCU\Software\Re_markit (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46c22758-1df1-424d-9bd7-4268e4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCR\CLSID\{46c22758-1df1-424d-9bd7-4268e4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCR\TypeLib\{bdcbbc1d-4d25-4469-b665-097d42132f0b} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCR\Interface\{58c637d9-afa5-4ce4-9205-c81156f05407} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46C22758-1DF1-424D-9BD7-4268E4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46C22758-1DF1-424D-9BD7-4268E4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Documents and Settings\Administrator\Desktop\installer_doras_carnival_adventure_1_0_English.exe (PUP.Optional.VIT) -> No action taken.
    C:\WINDOWS\Tasks\Re-markit Update.job (PUP.Optional.ReMarkIt.A) -> No action taken.

    (end)

    ########################################################################################
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:14:01 PM, on 04/02/14
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: Re-markit - {46c22758-1df1-424d-9bd7-4268e4002448} - C:\Program Files\Re-markit\150.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [iFunBox Price Watch] C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe /tray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    --
    End of file - 7187 bytes

  2. The Following User Says Thank You to mick warren For This Useful Post:


  3. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi! My name is zep516 and Welcome to\Help2go
    I'll do the best I can to resolve your computer issue
    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    First

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.[/QUOTE]

    Next

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


    • OTL Log.txt
    • Extra's .txt
    • AdwCleaner[R0].txt


    Thanks
    Joe

  4. The Following User Says Thank You to zep516 For This Useful Post:


  5. #3
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Good Morning Zep,
    Thanks for the speedy reply, Logs follow

    Mick Warren



    OTL logfile created on: 05/02/14 10:51:15 AM - Run 8
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.44% Memory free
    4.85 Gb Paging File | 3.74 Gb Available in Paging File | 77.04% Paging File free
    Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 882.28 Gb Free Space | 94.72% Space Free | Partition Type: NTFS
    Drive F: | 40.01 Gb Total Space | 3.41 Gb Free Space | 8.52% Space Free | Partition Type: NTFS
    Drive G: | 192.77 Gb Total Space | 131.41 Gb Free Space | 68.17% Space Free | Partition Type: NTFS
    Drive L: | 7.65 Gb Total Space | 6.02 Gb Free Space | 78.75% Space Free | Partition Type: FAT32

    Computer Name: SECOND-77229CA4 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/05 10:50:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2014/01/15 08:57:33 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2014/01/07 01:51:06 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2013/11/29 12:32:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    PRC - [2013/11/26 22:52:14 | 007,748,096 | ---- | M] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe
    PRC - [2013/10/23 15:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/08/31 03:10:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
    MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
    MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
    MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 13:16:40 | 000,237,384 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll
    MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    MOD - [2012/08/31 03:10:00 | 001,563,456 | R--- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
    MOD - [2012/08/31 03:10:00 | 001,125,184 | R--- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll
    MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    MOD - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    MOD - [2010/09/17 21:13:36 | 002,826,240 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
    MOD - [2010/09/17 21:07:18 | 000,733,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
    MOD - [2010/08/03 16:47:12 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    MOD - [2010/08/03 16:47:12 | 002,244,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    MOD - [2010/08/03 16:47:12 | 000,978,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    MOD - [2010/08/03 16:47:12 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    MOD - [2010/08/03 16:47:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/12/11 17:12:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/08/31 03:10:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2014/02/04 16:22:32 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\quqwicy.sys -- (ejdqtbik)
    DRV - [2013/10/23 17:04:37 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/09/30 16:26:46 | 000,015,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2013/09/30 16:26:44 | 000,010,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2012/07/03 23:25:19 | 000,124,264 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2003/12/05 17:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2001/08/17 20:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-1003\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/02/01 11:07:28 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ccfe239f-e366-4d46-b4fe-4a89f16d64f9}: C:\Program Files\Re-markit\150.xpi


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

    O1 HOSTS File: ([2014/01/14 00:09:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKU\S-1-5-21-515967899-1972579041-1801674531-500..\Run: [iFunBox Price Watch] C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe (i-Funbox.com)
    O4 - HKU\S-1-5-21-515967899-1972579041-1801674531-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downlo...oadManager.cab (Microsoft Download Manager ActiveX control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{541DA9FC-81C8-4495-A078-446CA9A43C52}: DhcpNameServer = 10.1.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/10/22 19:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/11/10 23:42:16 | 000,000,157 | ---- | M] () - L:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/05 10:50:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2014/02/04 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
    [2014/02/01 09:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2014/02/01 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/02/01 09:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/02/01 09:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2014/02/01 09:32:36 | 254,619,392 | ---- | C] (Dassault Systèmes SolidWorks Corp. ) -- C:\Program Files\eDrawingsFullAllShaders.exe
    [2014/01/29 08:17:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
    [2014/01/26 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit
    [2014/01/20 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
    [2014/01/19 13:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Downloads
    [2014/01/19 10:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\temp
    [2014/01/17 20:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    [2014/01/17 20:00:01 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco3220103.dll
    [2014/01/17 20:00:01 | 000,124,264 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
    [2014/01/17 20:00:01 | 000,028,008 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
    [2014/01/17 19:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
    [2014/01/17 19:59:15 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
    [2014/01/17 19:59:15 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
    [2014/01/17 19:59:15 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
    [2014/01/17 19:59:15 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
    [2014/01/17 19:59:15 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
    [2014/01/17 19:59:15 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
    [2014/01/17 19:59:15 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
    [2014/01/17 19:59:15 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
    [2014/01/17 19:59:15 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
    [2014/01/17 19:59:15 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
    [2014/01/17 19:59:15 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
    [2014/01/17 19:59:15 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
    [2014/01/17 19:59:15 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
    [2014/01/17 19:59:15 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
    [2014/01/17 19:59:15 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
    [2014/01/17 19:59:15 | 000,143,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
    [2014/01/17 19:59:15 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
    [2014/01/17 19:59:14 | 015,512,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
    [2014/01/17 19:59:14 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
    [2014/01/17 19:59:12 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
    [2014/01/17 19:58:36 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2014/01/17 19:58:36 | 000,000,000 | ---D | C] -- C:\temp
    [2014/01/17 19:58:28 | 001,009,512 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
    [2014/01/17 19:58:28 | 000,888,168 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2014/01/17 19:58:02 | 005,947,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2014/01/17 19:58:01 | 019,103,744 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2014/01/17 19:57:59 | 002,578,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2014/01/17 19:57:59 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2014/01/17 19:57:58 | 007,446,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2014/01/17 19:57:47 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2014/01/17 19:57:46 | 002,376,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2014/01/17 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2014/01/17 09:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunBox.NXGen
    [2014/01/17 09:36:46 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2014/01/15 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunbox_UserCache
    [2014/01/15 16:37:11 | 007,748,096 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe
    [2014/01/15 16:37:11 | 004,877,824 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\ifb_classic.exe
    [2014/01/14 21:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/01/14 00:09:21 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/01/12 12:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2014/01/12 11:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2014/01/12 11:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2014/01/12 11:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
    [2014/01/12 11:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2014/01/12 11:17:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
    [2014/01/12 11:17:24 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
    [2014/01/12 11:17:24 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
    [2014/01/12 11:15:50 | 000,000,000 | ---D | C] -- C:\efd6ea3c5b51b9d9affb136b9e37e28f
    [2014/01/12 10:26:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
    [2014/01/12 10:26:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
    [2014/01/12 10:26:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
    [2014/01/12 10:26:39 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
    [2014/01/12 10:26:39 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
    [2014/01/12 10:26:38 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
    [2014/01/12 10:26:37 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
    [2014/01/12 10:26:37 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
    [2014/01/12 10:26:36 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
    [2014/01/12 10:26:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
    [2014/01/12 10:26:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
    [2014/01/12 10:26:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
    [2014/01/12 10:26:34 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
    [2014/01/12 10:26:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
    [2014/01/12 10:26:32 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
    [2014/01/12 10:26:31 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
    [2014/01/12 10:26:31 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
    [2014/01/12 10:26:30 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
    [2014/01/12 10:26:30 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
    [2014/01/12 10:26:29 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
    [2014/01/12 10:26:29 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
    [2014/01/12 10:26:28 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
    [2014/01/12 10:26:28 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
    [2014/01/12 10:26:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
    [2014/01/12 10:26:27 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
    [2014/01/12 10:26:26 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
    [2014/01/12 10:26:26 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
    [2014/01/12 10:26:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
    [2014/01/12 10:26:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
    [2014/01/12 10:26:24 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
    [2014/01/12 10:26:24 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
    [2014/01/12 10:26:24 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
    [2014/01/12 10:26:23 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
    [2014/01/12 10:26:22 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
    [2014/01/12 10:26:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
    [2014/01/12 10:26:22 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
    [2014/01/12 10:26:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
    [2014/01/12 10:26:21 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
    [2014/01/12 10:26:21 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
    [2014/01/12 10:26:20 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
    [2014/01/12 10:26:20 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
    [2014/01/12 10:26:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
    [2014/01/12 10:26:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
    [2014/01/12 10:26:18 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
    [2014/01/12 10:26:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
    [2014/01/12 10:26:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
    [2014/01/12 10:26:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
    [2014/01/12 10:26:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
    [2014/01/12 10:26:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
    [2014/01/12 10:26:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
    [2014/01/12 10:26:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
    [2014/01/12 10:26:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
    [2014/01/12 10:26:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
    [2014/01/12 10:26:12 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
    [2014/01/12 10:26:12 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
    [2014/01/12 10:26:12 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
    [2014/01/12 10:26:11 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
    [2014/01/12 10:26:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
    [2014/01/12 10:26:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
    [2014/01/12 10:26:09 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
    [2014/01/12 10:26:09 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
    [2014/01/12 10:26:09 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
    [2014/01/12 10:26:08 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
    [2014/01/12 10:26:08 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
    [2014/01/12 10:26:07 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
    [2014/01/12 10:26:07 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
    [2014/01/12 10:26:05 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
    [2014/01/12 10:26:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
    [2014/01/12 10:26:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
    [2014/01/12 10:26:02 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
    [2014/01/12 10:26:02 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
    [2014/01/12 10:26:01 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
    [2014/01/12 10:26:01 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
    [2014/01/12 10:26:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
    [2014/01/12 10:26:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
    [2014/01/12 10:26:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
    [2014/01/12 10:25:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
    [2014/01/12 10:25:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
    [2014/01/12 10:25:58 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
    [2014/01/12 10:25:58 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
    [2014/01/12 10:25:57 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
    [2014/01/12 10:25:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
    [2014/01/12 10:25:53 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
    [2014/01/12 10:25:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
    [2014/01/12 10:25:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
    [2014/01/12 10:25:52 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
    [2014/01/12 10:25:51 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
    [2014/01/12 10:25:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
    [2014/01/12 10:25:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
    [2014/01/12 10:25:48 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
    [2014/01/12 10:25:47 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
    [2014/01/12 10:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
    [2014/01/11 13:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2014/01/11 13:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
    [2014/01/11 13:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Office 2007 Enterprise
    [2014/01/11 08:58:14 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
    [2013/11/01 19:56:13 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\vcredist.exe
    [2013/10/24 12:00:05 | 006,286,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe

    ========== Files - Modified Within 30 Days ==========

    [2014/02/05 10:50:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2014/02/05 10:37:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/05 10:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/02/04 16:22:32 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\quqwicy.sys
    [2014/02/04 14:58:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2014/02/04 14:48:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/02/04 14:48:39 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/04 14:48:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/02/01 09:32:36 | 254,619,392 | ---- | M] (Dassault Systèmes SolidWorks Corp. ) -- C:\Program Files\eDrawingsFullAllShaders.exe
    [2014/02/01 08:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2014/01/31 12:33:20 | 000,000,181 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
    [2014/01/31 12:33:15 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MYOB.INI
    [2014/01/29 08:54:27 | 000,385,442 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IMAGE_017.jpg
    [2014/01/28 08:52:28 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2014/01/28 07:57:44 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/01/20 12:54:00 | 000,082,595 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Mick DXF.DXF
    [2014/01/19 15:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2014/01/19 09:47:42 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2014/01/19 09:47:42 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2014/01/19 09:47:20 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2014/01/17 19:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2014/01/17 09:36:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2014/01/16 09:53:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/01/14 00:09:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2014/01/13 23:44:41 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2014/01/13 11:02:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2014/01/12 11:35:53 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2014/01/12 11:18:32 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2014/01/12 11:18:28 | 000,457,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2014/01/12 11:18:28 | 000,075,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2014/01/12 10:17:59 | 000,336,413 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rep291-published-5-July-2012[1].pdf
    [2014/01/11 15:53:49 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
    [2014/01/11 09:40:48 | 000,001,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
    [2014/01/11 09:40:22 | 000,001,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
    [2014/01/11 08:51:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2014/01/11 08:51:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2014/01/08 11:36:31 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe

    ========== Files Created - No Company Name ==========

    [2014/02/04 16:22:32 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\quqwicy.sys
    [2014/01/29 08:49:45 | 000,385,442 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IMAGE_017.jpg
    [2014/01/20 12:54:00 | 000,082,595 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Mick DXF.DXF
    [2014/01/17 19:58:32 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2014/01/17 19:58:31 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2014/01/17 19:58:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2014/01/17 19:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2014/01/17 19:58:27 | 002,811,988 | R--- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2014/01/17 19:58:27 | 000,012,210 | R--- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2014/01/12 11:18:32 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
    [2014/01/12 11:18:32 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2014/01/12 10:17:58 | 000,336,413 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rep291-published-5-July-2012[1].pdf
    [2014/01/11 15:53:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
    [2014/01/11 14:23:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2013/12/27 23:35:11 | 000,400,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/12/16 10:16:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2013/12/06 22:46:00 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
    [2013/12/06 22:46:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
    [2013/12/05 12:05:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2013/12/05 09:29:15 | 000,002,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\connector.swf
    [2013/12/05 08:55:28 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\result1.db
    [2013/11/10 13:48:32 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/24 23:21:44 | 002,881,848 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2013/10/24 23:21:43 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2013/10/24 23:21:43 | 000,010,320 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2013/10/24 10:44:44 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2013/10/23 17:04:37 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2013/10/23 16:45:59 | 000,000,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2013/10/23 03:26:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2013/10/23 03:24:51 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/22 23:25:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/10/22 22:18:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2013/10/22 22:18:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2013/10/22 22:18:02 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2013/10/22 22:18:02 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2013/10/22 22:18:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
    [2013/10/22 22:17:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2013/10/22 22:17:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2013/10/22 22:10:43 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2013/10/22 21:28:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2013/10/22 20:01:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/10/22 19:56:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    ========== ZeroAccess Check ==========

    [2013/10/24 17:37:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

    #########################################################################################

    OTL Extras logfile created on: 05/02/14 10:51:15 AM - Run 8
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.44% Memory free
    4.85 Gb Paging File | 3.74 Gb Available in Paging File | 77.04% Paging File free
    Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 882.28 Gb Free Space | 94.72% Space Free | Partition Type: NTFS
    Drive F: | 40.01 Gb Total Space | 3.41 Gb Free Space | 8.52% Space Free | Partition Type: NTFS
    Drive G: | 192.77 Gb Total Space | 131.41 Gb Free Space | 68.17% Space Free | Partition Type: NTFS
    Drive L: | 7.65 Gb Total Space | 6.02 Gb Free Space | 78.75% Space Free | Partition Type: FAT32

    Computer Name: SECOND-77229CA4 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe (Macromedia, Inc.)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe" "%1" (Macromedia, Inc.)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 8.1.1
    "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
    "{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1" = FLV Media Player version 1.3
    "{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
    "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
    "{67A5D171-4C74-4075-A492-0E480FA4B944}" = Brother BRAdmin Professional 2.74
    "{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
    "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver UltraDev 4
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "00dec89b-f286-4e08-a3e2-48b8c02af4e1" = Re-markit
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Blender" = Blender
    "CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.7
    "D680DEE0F68D64EC53D0C5769879D15D387054CC" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "PartitionMagic SE 6.0" = PartitionMagic SE 6.0
    "Spitronics ECU Software2.5" = Spitronics ECU Software
    "WIC" = Windows Imaging Component
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR 5.00 (32-bit)
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 03/02/14 12:33:01 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 2:14:45 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 7:19:58 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 8:48:35 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 8:53:50 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 9:40:27 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 11:26:38 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 04/02/14 2:10:37 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 04/02/14 2:18:38 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 04/02/14 3:53:13 AM | Computer Name = SECOND-77229CA4 | Source = MsiInstaller | ID = 11316
    Description = Product: HiJackThis -- Error 1316. A network error occurred while
    attempting to read from the file: C:\Documents and Settings\Administrator\Local
    Settings\Temporary Internet Files\Content.IE5\0LHRZTAR\HijackThis.msi

    [ System Events ]
    Error - 31/01/14 11:06:17 PM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 31/01/14 11:06:17 PM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 31/01/14 11:06:27 PM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The SAS Core Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The FlipShare Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The Microsoft Antimalware Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    15000 milliseconds: Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The SAS Core Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).
    ################################################


    # AdwCleaner v3.018 - Report created 05/02/2014 at 11:09:33
    # Updated 28/01/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Administrator - SECOND-77229CA4
    # Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [5197 octets] - [08/12/2013 11:54:55]
    AdwCleaner[R1].txt - [1213 octets] - [11/01/2014 09:46:06]
    AdwCleaner[R2].txt - [1120 octets] - [11/01/2014 10:24:11]
    AdwCleaner[R3].txt - [3395 octets] - [01/02/2014 10:28:43]
    AdwCleaner[R4].txt - [1418 octets] - [04/02/2014 14:21:16]
    AdwCleaner[R5].txt - [1003 octets] - [05/02/2014 11:09:33]
    AdwCleaner[S0].txt - [5032 octets] - [08/12/2013 16:13:07]
    AdwCleaner[S1].txt - [1283 octets] - [11/01/2014 09:49:55]
    AdwCleaner[S2].txt - [1187 octets] - [11/01/2014 10:26:08]
    AdwCleaner[S3].txt - [3409 octets] - [01/02/2014 11:06:17]
    AdwCleaner[S4].txt - [1483 octets] - [04/02/2014 14:22:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1363 octets] ##########

  6. The Following User Says Thank You to mick warren For This Useful Post:


  7. #4
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Good Morning Zep,
    Thanks for the speedy reply, Logs follow

    Mick Warren



    OTL logfile created on: 05/02/14 10:51:15 AM - Run 8
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.44% Memory free
    4.85 Gb Paging File | 3.74 Gb Available in Paging File | 77.04% Paging File free
    Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 882.28 Gb Free Space | 94.72% Space Free | Partition Type: NTFS
    Drive F: | 40.01 Gb Total Space | 3.41 Gb Free Space | 8.52% Space Free | Partition Type: NTFS
    Drive G: | 192.77 Gb Total Space | 131.41 Gb Free Space | 68.17% Space Free | Partition Type: NTFS
    Drive L: | 7.65 Gb Total Space | 6.02 Gb Free Space | 78.75% Space Free | Partition Type: FAT32

    Computer Name: SECOND-77229CA4 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/05 10:50:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2014/01/15 08:57:33 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2014/01/07 01:51:06 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2013/11/29 12:32:20 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    PRC - [2013/11/26 22:52:14 | 007,748,096 | ---- | M] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe
    PRC - [2013/10/23 15:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/08/31 03:10:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
    MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
    MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
    MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 13:16:40 | 000,237,384 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
    MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll
    MOD - [2013/07/10 18:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    MOD - [2012/08/31 03:10:00 | 001,563,456 | R--- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
    MOD - [2012/08/31 03:10:00 | 001,125,184 | R--- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll
    MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    MOD - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    MOD - [2010/09/17 21:13:36 | 002,826,240 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
    MOD - [2010/09/17 21:07:18 | 000,733,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
    MOD - [2010/08/03 16:47:12 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    MOD - [2010/08/03 16:47:12 | 002,244,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    MOD - [2010/08/03 16:47:12 | 000,978,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    MOD - [2010/08/03 16:47:12 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    MOD - [2010/08/03 16:47:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2013/12/11 17:12:13 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/08/31 03:10:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2014/02/04 16:22:32 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\quqwicy.sys -- (ejdqtbik)
    DRV - [2013/10/23 17:04:37 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/09/30 16:26:46 | 000,015,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2013/09/30 16:26:44 | 000,010,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2012/07/03 23:25:19 | 000,124,264 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2003/12/05 17:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2001/08/17 20:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-1003\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-515967899-1972579041-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/02/01 11:07:28 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ccfe239f-e366-4d46-b4fe-4a89f16d64f9}: C:\Program Files\Re-markit\150.xpi


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

    O1 HOSTS File: ([2014/01/14 00:09:42 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKU\S-1-5-21-515967899-1972579041-1801674531-500..\Run: [iFunBox Price Watch] C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe (i-Funbox.com)
    O4 - HKU\S-1-5-21-515967899-1972579041-1801674531-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-1972579041-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-515967899-1972579041-1801674531-500\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downlo...oadManager.cab (Microsoft Download Manager ActiveX control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{541DA9FC-81C8-4495-A078-446CA9A43C52}: DhcpNameServer = 10.1.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/10/22 19:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/11/10 23:42:16 | 000,000,157 | ---- | M] () - L:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/05 10:50:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2014/02/04 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
    [2014/02/01 09:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2014/02/01 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/02/01 09:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/02/01 09:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2014/02/01 09:32:36 | 254,619,392 | ---- | C] (Dassault Systèmes SolidWorks Corp. ) -- C:\Program Files\eDrawingsFullAllShaders.exe
    [2014/01/29 08:17:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
    [2014/01/26 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit
    [2014/01/20 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
    [2014/01/19 13:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Downloads
    [2014/01/19 10:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\temp
    [2014/01/17 20:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    [2014/01/17 20:00:01 | 000,884,072 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco3220103.dll
    [2014/01/17 20:00:01 | 000,124,264 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys
    [2014/01/17 20:00:01 | 000,028,008 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll
    [2014/01/17 19:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
    [2014/01/17 19:59:15 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
    [2014/01/17 19:59:15 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
    [2014/01/17 19:59:15 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
    [2014/01/17 19:59:15 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
    [2014/01/17 19:59:15 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
    [2014/01/17 19:59:15 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
    [2014/01/17 19:59:15 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
    [2014/01/17 19:59:15 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
    [2014/01/17 19:59:15 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
    [2014/01/17 19:59:15 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
    [2014/01/17 19:59:15 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
    [2014/01/17 19:59:15 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
    [2014/01/17 19:59:15 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
    [2014/01/17 19:59:15 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
    [2014/01/17 19:59:15 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
    [2014/01/17 19:59:15 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
    [2014/01/17 19:59:15 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
    [2014/01/17 19:59:15 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
    [2014/01/17 19:59:15 | 000,143,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
    [2014/01/17 19:59:15 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
    [2014/01/17 19:59:14 | 015,512,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
    [2014/01/17 19:59:14 | 000,108,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
    [2014/01/17 19:59:12 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
    [2014/01/17 19:58:36 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2014/01/17 19:58:36 | 000,000,000 | ---D | C] -- C:\temp
    [2014/01/17 19:58:28 | 001,009,512 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
    [2014/01/17 19:58:28 | 000,888,168 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
    [2014/01/17 19:58:02 | 005,947,392 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
    [2014/01/17 19:58:01 | 019,103,744 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
    [2014/01/17 19:57:59 | 002,578,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
    [2014/01/17 19:57:59 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
    [2014/01/17 19:57:58 | 007,446,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
    [2014/01/17 19:57:47 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
    [2014/01/17 19:57:46 | 002,376,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
    [2014/01/17 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2014/01/17 09:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunBox.NXGen
    [2014/01/17 09:36:46 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2014/01/15 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunbox_UserCache
    [2014/01/15 16:37:11 | 007,748,096 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe
    [2014/01/15 16:37:11 | 004,877,824 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\ifb_classic.exe
    [2014/01/14 21:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/01/14 00:09:21 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/01/12 12:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2014/01/12 11:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2014/01/12 11:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2014/01/12 11:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
    [2014/01/12 11:18:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2014/01/12 11:17:24 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
    [2014/01/12 11:17:24 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
    [2014/01/12 11:17:24 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
    [2014/01/12 11:15:50 | 000,000,000 | ---D | C] -- C:\efd6ea3c5b51b9d9affb136b9e37e28f
    [2014/01/12 10:26:41 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
    [2014/01/12 10:26:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
    [2014/01/12 10:26:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
    [2014/01/12 10:26:39 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
    [2014/01/12 10:26:39 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
    [2014/01/12 10:26:38 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
    [2014/01/12 10:26:37 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
    [2014/01/12 10:26:37 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
    [2014/01/12 10:26:36 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
    [2014/01/12 10:26:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
    [2014/01/12 10:26:36 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
    [2014/01/12 10:26:35 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
    [2014/01/12 10:26:34 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
    [2014/01/12 10:26:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
    [2014/01/12 10:26:32 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
    [2014/01/12 10:26:31 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
    [2014/01/12 10:26:31 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
    [2014/01/12 10:26:30 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
    [2014/01/12 10:26:30 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
    [2014/01/12 10:26:29 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
    [2014/01/12 10:26:29 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
    [2014/01/12 10:26:28 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
    [2014/01/12 10:26:28 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
    [2014/01/12 10:26:28 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
    [2014/01/12 10:26:27 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
    [2014/01/12 10:26:26 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
    [2014/01/12 10:26:26 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
    [2014/01/12 10:26:26 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
    [2014/01/12 10:26:25 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
    [2014/01/12 10:26:24 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
    [2014/01/12 10:26:24 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
    [2014/01/12 10:26:24 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
    [2014/01/12 10:26:23 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
    [2014/01/12 10:26:22 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
    [2014/01/12 10:26:22 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
    [2014/01/12 10:26:22 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
    [2014/01/12 10:26:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
    [2014/01/12 10:26:21 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
    [2014/01/12 10:26:21 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
    [2014/01/12 10:26:20 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
    [2014/01/12 10:26:20 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
    [2014/01/12 10:26:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
    [2014/01/12 10:26:19 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
    [2014/01/12 10:26:18 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
    [2014/01/12 10:26:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
    [2014/01/12 10:26:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
    [2014/01/12 10:26:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
    [2014/01/12 10:26:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
    [2014/01/12 10:26:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
    [2014/01/12 10:26:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
    [2014/01/12 10:26:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
    [2014/01/12 10:26:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
    [2014/01/12 10:26:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
    [2014/01/12 10:26:12 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
    [2014/01/12 10:26:12 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
    [2014/01/12 10:26:12 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
    [2014/01/12 10:26:11 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
    [2014/01/12 10:26:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
    [2014/01/12 10:26:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
    [2014/01/12 10:26:09 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
    [2014/01/12 10:26:09 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
    [2014/01/12 10:26:09 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
    [2014/01/12 10:26:08 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
    [2014/01/12 10:26:08 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
    [2014/01/12 10:26:07 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
    [2014/01/12 10:26:07 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
    [2014/01/12 10:26:05 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
    [2014/01/12 10:26:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
    [2014/01/12 10:26:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
    [2014/01/12 10:26:02 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
    [2014/01/12 10:26:02 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
    [2014/01/12 10:26:01 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
    [2014/01/12 10:26:01 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
    [2014/01/12 10:26:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
    [2014/01/12 10:26:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
    [2014/01/12 10:26:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
    [2014/01/12 10:25:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
    [2014/01/12 10:25:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
    [2014/01/12 10:25:58 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
    [2014/01/12 10:25:58 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
    [2014/01/12 10:25:57 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
    [2014/01/12 10:25:54 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
    [2014/01/12 10:25:53 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
    [2014/01/12 10:25:53 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
    [2014/01/12 10:25:53 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
    [2014/01/12 10:25:52 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
    [2014/01/12 10:25:51 | 000,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
    [2014/01/12 10:25:50 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
    [2014/01/12 10:25:49 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
    [2014/01/12 10:25:48 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
    [2014/01/12 10:25:47 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
    [2014/01/12 10:23:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
    [2014/01/11 13:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
    [2014/01/11 13:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
    [2014/01/11 13:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Office 2007 Enterprise
    [2014/01/11 08:58:14 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
    [2013/11/01 19:56:13 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\vcredist.exe
    [2013/10/24 12:00:05 | 006,286,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe

    ========== Files - Modified Within 30 Days ==========

    [2014/02/05 10:50:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2014/02/05 10:37:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/05 10:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/02/04 16:22:32 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\quqwicy.sys
    [2014/02/04 14:58:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2014/02/04 14:48:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/02/04 14:48:39 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/04 14:48:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/02/01 09:32:36 | 254,619,392 | ---- | M] (Dassault Systèmes SolidWorks Corp. ) -- C:\Program Files\eDrawingsFullAllShaders.exe
    [2014/02/01 08:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2014/01/31 12:33:20 | 000,000,181 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
    [2014/01/31 12:33:15 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MYOB.INI
    [2014/01/29 08:54:27 | 000,385,442 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IMAGE_017.jpg
    [2014/01/28 08:52:28 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2014/01/28 07:57:44 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/01/20 12:54:00 | 000,082,595 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Mick DXF.DXF
    [2014/01/19 15:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2014/01/19 09:47:42 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2014/01/19 09:47:42 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2014/01/19 09:47:20 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2014/01/17 19:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2014/01/17 09:36:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2014/01/16 09:53:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/01/14 00:09:42 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2014/01/13 23:44:41 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2014/01/13 11:02:13 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2014/01/12 11:35:53 | 000,295,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2014/01/12 11:18:32 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2014/01/12 11:18:28 | 000,457,054 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2014/01/12 11:18:28 | 000,075,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2014/01/12 10:17:59 | 000,336,413 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\rep291-published-5-July-2012[1].pdf
    [2014/01/11 15:53:49 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
    [2014/01/11 09:40:48 | 000,001,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
    [2014/01/11 09:40:22 | 000,001,052 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dropbox.lnk
    [2014/01/11 08:51:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2014/01/11 08:51:20 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2014/01/08 11:36:31 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe

    ========== Files Created - No Company Name ==========

    [2014/02/04 16:22:32 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\quqwicy.sys
    [2014/01/29 08:49:45 | 000,385,442 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IMAGE_017.jpg
    [2014/01/20 12:54:00 | 000,082,595 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Mick DXF.DXF
    [2014/01/17 19:58:32 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2014/01/17 19:58:31 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2014/01/17 19:58:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2014/01/17 19:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2014/01/17 19:58:27 | 002,811,988 | R--- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2014/01/17 19:58:27 | 000,012,210 | R--- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2014/01/12 11:18:32 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
    [2014/01/12 11:18:32 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    [2014/01/12 10:17:58 | 000,336,413 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\rep291-published-5-July-2012[1].pdf
    [2014/01/11 15:53:49 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
    [2014/01/11 14:23:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2013/12/27 23:35:11 | 000,400,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/12/16 10:16:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2013/12/06 22:46:00 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
    [2013/12/06 22:46:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
    [2013/12/05 12:05:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2013/12/05 09:29:15 | 000,002,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\connector.swf
    [2013/12/05 08:55:28 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\result1.db
    [2013/11/10 13:48:32 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/24 23:21:44 | 002,881,848 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2013/10/24 23:21:43 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2013/10/24 23:21:43 | 000,010,320 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2013/10/24 10:44:44 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2013/10/23 17:04:37 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2013/10/23 16:45:59 | 000,000,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2013/10/23 03:26:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2013/10/23 03:24:51 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/22 23:25:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/10/22 22:18:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2013/10/22 22:18:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2013/10/22 22:18:02 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2013/10/22 22:18:02 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2013/10/22 22:18:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
    [2013/10/22 22:17:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2013/10/22 22:17:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2013/10/22 22:10:43 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2013/10/22 21:28:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2013/10/22 20:01:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/10/22 19:56:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    ========== ZeroAccess Check ==========

    [2013/10/24 17:37:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >

    #########################################################################################

    OTL Extras logfile created on: 05/02/14 10:51:15 AM - Run 8
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    2.00 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 39.44% Memory free
    4.85 Gb Paging File | 3.74 Gb Available in Paging File | 77.04% Paging File free
    Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 882.28 Gb Free Space | 94.72% Space Free | Partition Type: NTFS
    Drive F: | 40.01 Gb Total Space | 3.41 Gb Free Space | 8.52% Space Free | Partition Type: NTFS
    Drive G: | 192.77 Gb Total Space | 131.41 Gb Free Space | 68.17% Space Free | Partition Type: NTFS
    Drive L: | 7.65 Gb Total Space | 6.02 Gb Free Space | 78.75% Space Free | Partition Type: FAT32

    Computer Name: SECOND-77229CA4 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
    .inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe (Macromedia, Inc.)
    .jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
    hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver UltraDev 4\UltraDev.exe" "%1" (Macromedia, Inc.)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabledropbox -- (Dropbox, Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 8.1.1
    "{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
    "{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1" = FLV Media Player version 1.3
    "{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}" = Apple Mobile Device Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{616445AF-BBCF-41C1-A4D6-8CFF171C182D}" = iTunes
    "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager
    "{67A5D171-4C74-4075-A492-0E480FA4B944}" = Brother BRAdmin Professional 2.74
    "{67D15B01-9A6B-0397-002A-D2A015212748}" = FlipShare
    "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver UltraDev 4
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DE730F37-A198-4112-A3B6-97786F34354A}" = ECI Client v6.0
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "00dec89b-f286-4e08-a3e2-48b8c02af4e1" = Re-markit
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Blender" = Blender
    "CA17A131-B7D9-41D6-868F-29A9BD9FCC8E_is1" = DownloadX ActiveX Download Control 1.6.7
    "D680DEE0F68D64EC53D0C5769879D15D387054CC" = Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Google Chrome" = Google Chrome
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Nero - Burning Rom!UninstallKey" = Nero OEM
    "PartitionMagic SE 6.0" = PartitionMagic SE 6.0
    "Spitronics ECU Software2.5" = Spitronics ECU Software
    "WIC" = Windows Imaging Component
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR 5.00 (32-bit)
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-515967899-1972579041-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 03/02/14 12:33:01 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 2:14:45 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 7:19:58 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 8:48:35 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 8:53:50 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 9:40:27 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 03/02/14 11:26:38 PM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 04/02/14 2:10:37 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 04/02/14 2:18:38 AM | Computer Name = SECOND-77229CA4 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 04/02/14 3:53:13 AM | Computer Name = SECOND-77229CA4 | Source = MsiInstaller | ID = 11316
    Description = Product: HiJackThis -- Error 1316. A network error occurred while
    attempting to read from the file: C:\Documents and Settings\Administrator\Local
    Settings\Temporary Internet Files\Content.IE5\0LHRZTAR\HijackThis.msi

    [ System Events ]
    Error - 31/01/14 11:06:17 PM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).

    Error - 31/01/14 11:06:17 PM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 31/01/14 11:06:27 PM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The SAS Core Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The Bonjour Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The FlipShare Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The Microsoft Antimalware Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    15000 milliseconds: Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The SAS Core Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 04/02/14 2:43:06 AM | Computer Name = SECOND-77229CA4 | Source = Service Control Manager | ID = 7034
    Description = The iPod Service service terminated unexpectedly. It has done this
    1 time(s).
    ################################################


    # AdwCleaner v3.018 - Report created 05/02/2014 at 11:09:33
    # Updated 28/01/2014 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
    # Username : Administrator - SECOND-77229CA4
    # Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.6001.18702


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [5197 octets] - [08/12/2013 11:54:55]
    AdwCleaner[R1].txt - [1213 octets] - [11/01/2014 09:46:06]
    AdwCleaner[R2].txt - [1120 octets] - [11/01/2014 10:24:11]
    AdwCleaner[R3].txt - [3395 octets] - [01/02/2014 10:28:43]
    AdwCleaner[R4].txt - [1418 octets] - [04/02/2014 14:21:16]
    AdwCleaner[R5].txt - [1003 octets] - [05/02/2014 11:09:33]
    AdwCleaner[S0].txt - [5032 octets] - [08/12/2013 16:13:07]
    AdwCleaner[S1].txt - [1283 octets] - [11/01/2014 09:49:55]
    AdwCleaner[S2].txt - [1187 octets] - [11/01/2014 10:26:08]
    AdwCleaner[S3].txt - [3409 octets] - [01/02/2014 11:06:17]
    AdwCleaner[S4].txt - [1483 octets] - [04/02/2014 14:22:59]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1363 octets] ##########

  8. The Following User Says Thank You to mick warren For This Useful Post:


  9. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello mick,

    Please describe what exactly is going on as far as adware. What's popping up ? What browser? You did not not take action with malwarebytes either ?

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-515967899-1972579041-1801674531-500..\Run: [iFunBox Price Watch] C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe (i-Funbox.com)
      [2014/01/15 16:37:11 | 007,748,096 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe
      [2014/01/15 16:37:11 | 004,877,824 | ---- | C] (i-Funbox.com) -- C:\Documents and Settings\Administrator\Desktop\ifb_classic.exe
      DRV - [2014/02/04 16:22:32 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\quqwicy.sys -- (ejdqtbik)
      
      :files
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
      [resethosts]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Next

    • Download and save to your Desktop RogueKiller for 32bit or RogueKiller for 64bit
    • Quit all programs
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Start RogueKiller.exe
    • Wait until Prescan has finished
    • Click on Scan.
    • Wait until the Status box shows "Scan Finished"
    • Click on Delete
    • Wait unit the Status box shows Deleting Finished
    • Click on Report and copy/paste the content of the Notepad
    • The log should be found in RKreport[1].txt on your Desktop
    • Close RogueKiller



    In your next reply post

    • The OTL Fix Log located here-->C:\_OTL\Moved Files
    • OTL Log after "Quick Scan"
    • RogueKiller Log found here--->RKreport[1].txt on desktop.



    Thanks
    Joe

  10. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Mick,

    How we doing on this? Still with us ?

    Joe

  11. #7
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Hi Joe,

    Sorry been away a couple of days and I will start on those fixes shortly.

    Yeah its mostly INFOLINKS now and sinse i upped IE to 8 with optimised for bing and msn its gotten worse and theres a office groovemonitor ???and way too many extra toolbars and buttons

    Mick

  12. #8
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Joe,

    I have started to use FF now for browsing as i would like to ditch IE and CHROME but have INFOLINKS on that too

    DAMNN

    MICK

  13. #9
    Member
    Join Date
    Apr 2012
    Posts
    50
    Points
    9

    Default

    Joe,

    Other symtoms are key board strokes are sometimes slow and mouse scrolling jittery

    Mick,

    All processes killed
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-515967899-1972579041-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Run\\iFunBox Price Watch deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe moved successfully.
    File C:\Documents and Settings\Administrator\Desktop\iFunBox2014.exe not found.
    C:\Documents and Settings\Administrator\Desktop\ifb_classic.exe moved successfully.
    Error: No service named ejdqtbik was found to stop!
    Service\Driver key ejdqtbik not found.
    File C:\WINDOWS\system32\drivers\quqwicy.sys not found.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 21946124 bytes
    ->Temporary Internet Files folder emptied: 51761015 bytes
    ->FireFox cache emptied: 381236041 bytes
    ->Google Chrome cache emptied: 15861385 bytes
    ->Flash cache emptied: 3023 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 32570 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 3868160 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 869854 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 847640 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1087618946 bytes

    Total Files Cleaned = 1,492.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 02122014_141947

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


    454545454545454545454545454545454545454545454545454545454545454545454545454545454544545454545454545445454545454545454545454545454554545


    OTL logfile created on: 12/02/14 2:52:31 PM - Run 9
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yy

    2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.41% Memory free
    4.85 Gb Paging File | 4.19 Gb Available in Paging File | 86.43% Paging File free
    Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 931.50 Gb Total Space | 882.38 Gb Free Space | 94.73% Space Free | Partition Type: NTFS
    Drive F: | 40.01 Gb Total Space | 3.41 Gb Free Space | 8.52% Space Free | Partition Type: NTFS
    Drive G: | 192.77 Gb Total Space | 131.41 Gb Free Space | 68.17% Space Free | Partition Type: NTFS

    Computer Name: SECOND-77229CA4 | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/11 03:37:44 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
    PRC - [2014/02/05 10:50:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2014/01/28 14:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2014/01/15 08:57:33 | 005,625,624 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2014/01/03 08:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2012/08/31 03:10:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/01/28 14:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/01/03 08:45:04 | 003,558,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
    MOD - [2013/10/19 07:55:02 | 025,100,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\libcef.dll
    MOD - [2012/08/31 03:10:00 | 001,563,456 | R--- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
    MOD - [2012/08/31 03:10:00 | 001,125,184 | R--- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvwimg.dll
    MOD - [2012/08/31 03:10:00 | 000,357,184 | R--- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
    MOD - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    MOD - [2010/09/17 21:13:36 | 002,826,240 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
    MOD - [2010/09/17 21:07:18 | 000,733,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
    MOD - [2010/08/03 16:47:12 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
    MOD - [2010/08/03 16:47:12 | 002,244,608 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
    MOD - [2010/08/03 16:47:12 | 000,978,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
    MOD - [2010/08/03 16:47:12 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
    MOD - [2010/08/03 16:47:12 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
    MOD - [2002/11/26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2014/02/06 16:07:55 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2013/10/11 06:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2012/08/31 03:10:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/09/17 21:14:22 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2013/10/23 17:04:37 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
    DRV - [2013/09/30 16:26:46 | 000,015,688 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
    DRV - [2013/09/30 16:26:44 | 000,010,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
    DRV - [2012/07/03 23:25:19 | 000,124,264 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
    DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2003/12/05 17:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
    DRV - [2001/08/17 20:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/02/12 13:02:12 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ccfe239f-e366-4d46-b4fe-4a89f16d64f9}: C:\Program Files\Re-markit\150.xpi

    [2014/02/05 16:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2014/02/05 16:41:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2014/02/05 16:41:38 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

    O1 HOSTS File: ([2014/02/12 14:21:52 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanage...ex-2.2.6.2.cab (DLM Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Oracle Technology Network for Java Developers | Oracle Technology Network | Oracle (Java Plug-in 1.4.0)
    O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/downlo...oadManager.cab (Microsoft Download Manager ActiveX control)
    O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Oracle Technology Network for Java Developers | Oracle Technology Network | Oracle (Java Plug-in 1.4.0)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{541DA9FC-81C8-4495-A078-446CA9A43C52}: DhcpNameServer = 10.1.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/10/22 19:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/11 12:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
    [2014/02/11 12:47:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
    [2014/02/11 11:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
    [2014/02/07 16:51:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\paros
    [2014/02/07 16:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Java Web Start
    [2014/02/07 16:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java Web Start
    [2014/02/07 16:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java 2 Runtime Environment
    [2014/02/07 16:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2014/02/07 16:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Paros
    [2014/02/07 16:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Paros
    [2014/02/07 16:21:50 | 001,725,938 | ---- | C] (parosproxy.org ) -- C:\Documents and Settings\Administrator\Desktop\paros-3.2.13-win.exe
    [2014/02/05 16:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2014/02/05 16:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
    [2014/02/05 16:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2014/02/05 10:50:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2014/02/04 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
    [2014/02/01 09:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2014/02/01 09:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/02/01 09:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/02/01 09:36:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2014/02/01 09:32:36 | 254,619,392 | ---- | C] (Dassault Systèmes SolidWorks Corp. ) -- C:\Program Files\eDrawingsFullAllShaders.exe
    [2014/01/29 08:17:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
    [2014/01/26 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit
    [2014/01/20 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
    [2014/01/19 13:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Downloads
    [2014/01/19 10:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\temp
    [2014/01/17 20:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
    [2014/01/17 19:59:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
    [2014/01/17 19:58:36 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
    [2014/01/17 19:58:36 | 000,000,000 | ---D | C] -- C:\temp
    [2014/01/17 19:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2014/01/17 09:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunBox.NXGen
    [2014/01/17 09:36:46 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2014/01/15 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunbox_UserCache
    [2014/01/14 21:22:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2014/01/14 00:09:21 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/11/01 19:56:13 | 004,216,840 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\vcredist.exe
    [2013/10/24 12:00:05 | 006,286,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe

    ========== Files - Modified Within 30 Days ==========

    [2014/02/12 14:51:03 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to RogueKiller.exe.lnk
    [2014/02/12 14:42:13 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/12 14:41:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2014/02/12 14:41:27 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/12 14:37:32 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2014/02/12 14:27:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2014/02/12 14:21:52 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2014/02/12 14:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2014/02/12 11:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2014/02/11 13:02:27 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2014/02/11 13:01:47 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2014/02/11 12:57:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2014/02/11 12:57:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2014/02/11 12:48:04 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2014/02/11 12:47:23 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2014/02/11 11:33:58 | 000,767,848 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\White Card.jpg
    [2014/02/11 11:25:42 | 024,023,814 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\White Card.bmp
    [2014/02/11 11:24:44 | 000,000,299 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
    [2014/02/11 11:24:44 | 000,000,154 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
    [2014/02/08 08:35:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2014/02/07 16:51:27 | 000,001,347 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Paros 3.2.13.lnk
    [2014/02/07 16:21:54 | 001,725,938 | ---- | M] (parosproxy.org ) -- C:\Documents and Settings\Administrator\Desktop\paros-3.2.13-win.exe
    [2014/02/05 16:42:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/02/05 16:19:58 | 000,054,928 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Michael John WARREN.rtf
    [2014/02/05 15:48:04 | 000,033,660 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Michael John WARREN - Resume[1].pdf
    [2014/02/05 11:05:02 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    [2014/02/05 10:50:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2014/02/01 09:32:36 | 254,619,392 | ---- | M] (Dassault Systèmes SolidWorks Corp. ) -- C:\Program Files\eDrawingsFullAllShaders.exe
    [2014/01/31 12:33:20 | 000,000,181 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
    [2014/01/31 12:33:15 | 000,000,041 | ---- | M] () -- C:\WINDOWS\MYOB.INI
    [2014/01/29 08:54:27 | 000,385,442 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IMAGE_017.jpg
    [2014/01/28 07:57:44 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2014/01/20 12:54:00 | 000,082,595 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Mick DXF.DXF
    [2014/01/19 09:47:42 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2014/01/19 09:47:42 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2014/01/19 09:47:20 | 001,094,820 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2014/01/17 19:58:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2014/01/17 09:36:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
    [2014/01/16 09:53:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2014/01/13 23:44:41 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

    ========== Files Created - No Company Name ==========

    [2014/02/12 14:51:03 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to RogueKiller.exe.lnk
    [2014/02/11 12:47:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
    [2014/02/11 11:33:58 | 000,767,848 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\White Card.jpg
    [2014/02/11 11:25:41 | 024,023,814 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\White Card.bmp
    [2014/02/07 16:49:17 | 000,024,651 | ---- | C] () -- C:\WINDOWS\System32\javaw.exe
    [2014/02/07 16:49:17 | 000,024,649 | ---- | C] () -- C:\WINDOWS\System32\java.exe
    [2014/02/07 16:49:07 | 000,041,047 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2014/02/07 16:37:11 | 000,001,347 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Paros 3.2.13.lnk
    [2014/02/05 16:42:02 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2014/02/05 16:42:02 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
    [2014/02/05 16:11:07 | 000,054,928 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Michael John WARREN.rtf
    [2014/02/05 15:48:03 | 000,033,660 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Michael John WARREN - Resume[1].pdf
    [2014/02/05 11:04:52 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
    [2014/01/29 08:49:45 | 000,385,442 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IMAGE_017.jpg
    [2014/01/20 12:54:00 | 000,082,595 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Mick DXF.DXF
    [2014/01/17 19:58:32 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
    [2014/01/17 19:58:31 | 001,094,820 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
    [2014/01/17 19:58:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
    [2014/01/17 19:58:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
    [2014/01/17 19:58:27 | 002,811,988 | R--- | C] () -- C:\WINDOWS\System32\nvdata.data
    [2014/01/17 19:58:27 | 000,012,210 | R--- | C] () -- C:\WINDOWS\System32\nvinfo.pb
    [2013/12/27 23:35:11 | 000,400,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2013/12/16 10:16:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2013/12/06 22:46:00 | 000,000,181 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
    [2013/12/06 22:46:00 | 000,000,041 | ---- | C] () -- C:\WINDOWS\MYOB.INI
    [2013/12/05 12:05:11 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2013/12/05 09:29:15 | 000,002,763 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\connector.swf
    [2013/12/05 08:55:28 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\result1.db
    [2013/11/10 13:48:32 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/10/24 23:21:44 | 002,881,848 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
    [2013/10/24 23:21:43 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
    [2013/10/24 23:21:43 | 000,010,320 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
    [2013/10/24 10:44:44 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
    [2013/10/23 17:04:37 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
    [2013/10/23 16:45:59 | 000,000,304 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2013/10/23 03:26:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2013/10/23 03:24:51 | 000,295,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/10/22 23:25:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2013/10/22 22:18:23 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2013/10/22 22:18:23 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2013/10/22 22:18:02 | 000,000,299 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2013/10/22 22:18:02 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2013/10/22 22:18:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
    [2013/10/22 22:17:27 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2013/10/22 22:17:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
    [2013/10/22 22:10:43 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2013/10/22 21:28:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
    [2013/10/22 20:01:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/10/22 19:56:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    ========== ZeroAccess Check ==========

    [2013/10/24 17:37:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/10/22 23:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AUSkey
    [2014/02/12 14:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
    [2014/01/17 09:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iFunBox.NXGen
    [2014/01/15 16:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iFunbox_UserCache
    [2014/02/11 11:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC-FAX TX
    [2013/11/05 11:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\qone8
    [2014/01/12 11:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2014/01/12 12:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2014/02/01 09:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/11/17 11:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
    [2013/10/22 22:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2013/11/19 14:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

    ========== Purity Check ==========



    < End of report >

    545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545454545

    RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : Adlice forum - Index
    Website : RogueKiller download
    Blog : Adlice Software | malware analysis

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 02/12/2014 15:02:18
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤
    -> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\Administrator.WARREN\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
    -> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\Mick Warren\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
    -> F:\Documents and Settings\Warren\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    ÿþ1

    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10EZEX-00KUWA0 +++++
    --- User ---
    [MBR] 46396edd63264799e104638f42496bad
    [BSP] 23382c04b51957a6d8dce8979db972e4 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953859 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) WDC WD2500JS-75NCB1 +++++
    --- User ---
    [MBR] a1ba569bf24f8c8dbb4d7172c4d7f9dc
    [BSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 40970 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 84003885 | Size: 197392 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_02122014_150218.txt >>

  14. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hello mick,

    We need to do a fix to delete some files using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
      FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ccfe239f-e366-4d46-b4fe-4a89f16d64f9}: C:\Program Files\Re-markit\150.xpi
      [2014/01/26 10:37:43 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit
      [2014/01/17 09:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunBox.NXGen
      [2014/01/15 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iFunbox_UserCache
      
      
      :Files
      
      ipconfig /flushdns /c
      
      :Commands
      [emptytemp]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.


    Next

    Please Re-Run Malwarebytes:
    Registry Keys Detected: 8
    HKCU\Software\Re_markit (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKLM\SOFTWARE\Google\Chrome\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46c22758-1df1-424d-9bd7-4268e4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCR\CLSID\{46c22758-1df1-424d-9bd7-4268e4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCR\TypeLib\{bdcbbc1d-4d25-4469-b665-097d42132f0b} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCR\Interface\{58c637d9-afa5-4ce4-9205-c81156f05407} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46C22758-1DF1-424D-9BD7-4268E4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46C22758-1DF1-424D-9BD7-4268E4002448} (PUP.Optional.ReMarkIt.A) -> No action taken.
    That above is from your last log-> No Action Taken!

    This time take action:
    • Open Malwarebytes
    • Once the program has loaded, select "Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.


    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


    In your next reply to me post:
    • OTL Fix Log Located here -> C:\_OTL\Moved Files
    • Fresh OTL, After Quick Scan.
    • A Malwarebytes Log.


    What issues remain?


    Thanks
    Joe

Page 1 of 2 12 LastLast