Free Malware Removal Forum

by **pgmigg** » May 24th, 2013, 11:52 pm

Hello moonlighting,

Great job, but we are not finished yet!

Let continue...

Step 1.
AdwCleaner
You should still have adwcleaner.exe on your desktop.

Close all open programs and internet browsers.
Double-click on adwcleaner.exe to run it.
Click on Delete.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Double click on OTL.exe to run it.
Underneath Output at the top, make sure Standard Output is selected.

Copy and Paste the following code into the

text box. Do not include the word Code

Code: Select all

:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
CHR - homepage: http://search.conduit.com/?ctid=CT32947 ... 10110&UM=2
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {EB5FBF0C-B650-41DD-8A69-2A4717FDA737} http://50.26.154.14:81/codebase/TVN20Ne ... eX_V23.cab (TVN20RealPlayActiveX23 Control)

:Files
C:\Documents and Settings\Administrator\Local Settings\temp\BabylonToolbar
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E
C:\Documents and Settings\Administrator\Local Settings\temp\is1590112554\MyBabylonTB.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JYBI4JQK\storage.conduit[1].xml
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\MLSB1EZV\app.mam.conduit[1].xml
C:\Documents and Settings\Administrator\Local Settings\temp\ct3294791\conduit.xml
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\software\VAFMusic Conduit.exe
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CD15OLPO\appsmetadata_toolbar_conduit-services_com[1].txt
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WPDHD333\translation_toolbar_conduit-services_com[1].txt
C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1779783_1770324_US.xml
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7RKDY3L3\storage.conduit[1].xml
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\802XYR2Y\app.mam.conduit[1].xml
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2
C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\contextmenu_toolbar_conduit-services_com[1].txt
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\sf_conduit_loader[1].html
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\DDI4PBCO\appsmetadata_toolbar_conduit-services_com[1].txt
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[1].txt
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[2].txt
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[3].txt
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\KDA1C9V0\sf_conduit_mam_app[1].html
C:\Documents and Settings\Matthew\Local Settings\Temp\Iminent
C:\Documents and Settings\Matthew\Local Settings\Temp\nsaF76A.tmp\IminentSetup_2-YQ1jkVUP-1_.exe
C:\Documents and Settings\Andrew\Local Settings\Temp\YontooClientSetup[1]-0524.log
C:\Documents and Settings\Andrew\Local Settings\Temp\YontooTix9973765.log
C:\Documents and Settings\Andrew\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\Kevin\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\Matthew\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\Melanie\Local Settings\Application Data\AskToolbar
C:\WINDOWS\info067
C:\WINDOWS\info066
C:\WINDOWS\info070
C:\WINDOWS\info069
C:\WINDOWS\info068
C:\WINDOWS\info051
C:\WINDOWS\info049
C:\WINDOWS\System32\*.tmp
@C:\Documents and Settings\Administrator\My Documents\18413787.gif:Q30lsldxJoudresxAaaqpcawXc
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar]
[-HKEY_CURRENT_USER\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\SearchProtect\bin\cltmng.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLTMNGSVC\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc]
"Description"=-
[-HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\SearchProtect\bin\cltmng.exe"=-
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe"=-
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"=-
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\Vafmusic2ToolbarHelper1.exe"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"=-
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\Vafmusic2ToolbarHelper1.exe"=-
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"=-

:Commands
[emptytemp]
[emptyjava]
[emptyflash]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK. It may take a while - please be patient...
OTL may ask to reboot the machine. Please do so if asked.
When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
Please post the contents of report in your next reply.

Step 3.
SystemLook
You should still have SystemLook.exe on your desktop.

Double-click SystemLook.exe to run it.
If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.

Highlight and copy the following entries: into SystemLook's main text entry window.

Code: Select all

:filefind
*Babylon*
*Conduit*
*Iminent*
*whitesmoke*
*Yontoo*

:folderfind
*AskToolbar*
*Ask.com*
*Babylon*
*Bandoo*
*Conduit*
*Iminent*
*Vafmusic2*
*vshare*
*whitesmoke*

:Regfind
Babylon
Conduit
trolltech
Vafmusic2

Press the Look button to start the scan.
When finished, a Notepad window will open with the results of the scan.
A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
Please post the contents of the SystemLook.txt file in your next reply.

Step 4.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Standard Output is selected.
Check the boxes labeled:
- Scan All Users
- Extra Registry > Use SafeList
Click on Run Scan at the top left hand corner.
When done, one Notepad file OTL.txt <-- Will be opened, maximized
Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:

Do you have any problems executing the instructions?
Contents of the AdwCleaner[S1].txt log file
Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
Contents of the SystemLook.txt log file
Contents of the most recent OTL.txt file after fresh OTL scan
Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **moonlighting** » May 25th, 2013, 1:07 pm

# AdwCleaner v2.301 - Logfile created 05/25/2013 at 10:55:13
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - MOONLIGHTINGPRO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\WINDOWS\Tasks\DealPlyUpdate.job
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BabylonToolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Andrew\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Kevin\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Matthew\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Folder Deleted : C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Deleted : C:\Documents and Settings\Matthew\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Matthew\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Matthew\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Matthew\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Melanie\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\SingAlong

***** [Registry] *****

Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [singalong@xenophesoft.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\1zgwmt45.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Melanie\Application Data\Mozilla\Firefox\Profiles\w2l75t4j.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\6jtlqot1.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\prefs.js

C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B5c164dde-a340-480f-a84f-6cf2e803d324%[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.457] : homepage = "hxxp://search.conduit.com/?ctid=CT3294791&SearchSource=48&CUI=UN38891505153510110&UM[...]

*************************

AdwCleaner[R1].txt - [6327 octets] - [24/05/2013 14:08:39]
AdwCleaner[S1].txt - [6515 octets] - [25/05/2013 10:55:13]

########## EOF - C:\AdwCleaner[S1].txt - [6575 octets] ##########

by **moonlighting** » May 25th, 2013, 1:08 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {EB5FBF0C-B650-41DD-8A69-2A4717FDA737}
C:\WINDOWS\Downloaded Program Files\TVN20NetVideoActiveX23.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EB5FBF0C-B650-41DD-8A69-2A4717FDA737}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5FBF0C-B650-41DD-8A69-2A4717FDA737}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EB5FBF0C-B650-41DD-8A69-2A4717FDA737}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5FBF0C-B650-41DD-8A69-2A4717FDA737}\ not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Administrator\Local Settings\temp\BabylonToolbar not found.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\software folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\WhiteSmoke folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\VAFMusic Conduit folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\SweetIPacks folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Strongvault2 folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\SpeedUpMyPc folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Snapdo folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Quickshare folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\OptimizerPro folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\MySearchDial folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\MyBackupPc folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Mixi Dj folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Iminent folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\exe folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Driverpro folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Delta Babylon folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Dealply folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Addlyrics folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151 folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\HtmlScreens folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\HtmlScreens folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\is1590112554\MyBabylonTB.exe moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JYBI4JQK\storage.conduit[1].xml moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\MLSB1EZV\app.mam.conduit[1].xml moved successfully.
C:\Documents and Settings\Administrator\Local Settings\temp\ct3294791\conduit.xml moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\software\VAFMusic Conduit.exe not found.
File\Folder C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe not found.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CD15OLPO\appsmetadata_toolbar_conduit-services_com[1].txt moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WPDHD333\translation_toolbar_conduit-services_com[1].txt moved successfully.
File\Folder C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1779783_1770324_US.xml not found.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7RKDY3L3\storage.conduit[1].xml moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\802XYR2Y\app.mam.conduit[1].xml moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository\conduit_CT3294791_CT3294791\ToolbarSettings folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository\conduit_CT3294791_CT3294791\ToolbarLogin folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository\conduit_CT3294791_CT3294791\DynamicDialogs folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository\conduit_CT3294791_CT3294791\AppsMetaData folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository\conduit_CT3294791_CT3294791 folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\RadioPlayer folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12 folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\plugins folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\MyStuffApps folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Logs folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\EmailNotifier folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\UninstallDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Dialogs folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2 folder moved successfully.
File\Folder C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit not found.
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\contextmenu_toolbar_conduit-services_com[1].txt moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\sf_conduit_loader[1].html moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\DDI4PBCO\appsmetadata_toolbar_conduit-services_com[1].txt moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[1].txt moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[2].txt moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[3].txt moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\KDA1C9V0\sf_conduit_mam_app[1].html moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temp\Iminent\Log folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temp\Iminent folder moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Temp\nsaF76A.tmp\IminentSetup_2-YQ1jkVUP-1_.exe moved successfully.
C:\Documents and Settings\Andrew\Local Settings\Temp\YontooClientSetup[1]-0524.log moved successfully.
C:\Documents and Settings\Andrew\Local Settings\Temp\YontooTix9973765.log moved successfully.
File\Folder C:\Documents and Settings\Andrew\Local Settings\Application Data\AskToolbar not found.
File\Folder C:\Documents and Settings\Kevin\Local Settings\Application Data\AskToolbar not found.
File\Folder C:\Documents and Settings\Matthew\Local Settings\Application Data\AskToolbar not found.
File\Folder C:\Documents and Settings\Melanie\Local Settings\Application Data\AskToolbar not found.
C:\WINDOWS\info067 moved successfully.
C:\WINDOWS\info066 moved successfully.
C:\WINDOWS\info070 moved successfully.
C:\WINDOWS\info069 moved successfully.
C:\WINDOWS\info068 moved successfully.
C:\WINDOWS\info051 moved successfully.
C:\WINDOWS\info049 moved successfully.
C:\WINDOWS\System32\CONFIG.TMP moved successfully.
C:\WINDOWS\System32\SET27A.tmp moved successfully.
C:\WINDOWS\System32\SET27F.tmp moved successfully.
ADS C:\Documents and Settings\Administrator\My Documents\18413787.gif:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ConduitSearchScopes\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\SearchProtect\bin\cltmng.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\Vafmusic2\uninstall.exe deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\\@|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32\\@|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLTMNGSVC\0000 not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc not found.
Registry key HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\ConduitSearchScopes\ not found.
Registry value HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\Vafmusic2\uninstall.exe not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Trolltech\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\Vafmusic2\Vafmusic2ToolbarHelper1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\Vafmusic2\uninstall.exe not found.
Registry value HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\Vafmusic2\Vafmusic2ToolbarHelper1.exe not found.
Registry value HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\\C:\Program Files\Vafmusic2\uninstall.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: AD59A3~1

User: Administrator
->Temp folder emptied: 1334958990 bytes
->Temporary Internet Files folder emptied: 13620520 bytes
->Java cache emptied: 124702 bytes
->FireFox cache emptied: 59529476 bytes
->Google Chrome cache emptied: 10582488 bytes
->Apple Safari cache emptied: 27489280 bytes
->Flash cache emptied: 1388 bytes

User: All Users

User: Andrew
->Temp folder emptied: 22109804 bytes
->Temporary Internet Files folder emptied: 212532803 bytes
->Java cache emptied: 8444 bytes
->Flash cache emptied: 1985717 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Kevin
->Temp folder emptied: 2276632505 bytes
->Temporary Internet Files folder emptied: 549042828 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 97301504 bytes
->Flash cache emptied: 1977686 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Matthew
->Temp folder emptied: 5307352582 bytes
->Temporary Internet Files folder emptied: 2772726727 bytes
->Java cache emptied: 2789988 bytes
->FireFox cache emptied: 318229931 bytes
->Google Chrome cache emptied: 119244646 bytes
->Flash cache emptied: 2141358 bytes

User: Melanie
->Temp folder emptied: 18875910 bytes
->Temporary Internet Files folder emptied: 363991699 bytes
->Java cache emptied: 56968 bytes
->FireFox cache emptied: 21754342 bytes
->Flash cache emptied: 129146 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 442205325 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 428370041 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34242 bytes
RecycleBin emptied: 1677300703 bytes

Total Files Cleaned = 15,338.00 mb

[EMPTYJAVA]

User: AD59A3~1

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Andrew
->Java cache emptied: 0 bytes

User: Default User

User: Kevin
->Java cache emptied: 0 bytes

User: LocalService

User: Matthew
->Java cache emptied: 0 bytes

User: Melanie
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: AD59A3~1

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Andrew
->Flash cache emptied: 0 bytes

User: Default User

User: Kevin
->Flash cache emptied: 0 bytes

User: LocalService

User: Matthew
->Flash cache emptied: 0 bytes

User: Melanie
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05252013_111357

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

by **moonlighting** » May 25th, 2013, 1:09 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 11:41 on 25/05/2013 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*Babylon*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\Delta Babyloninfo.dfe --a---- 921 bytes [15:00 22/05/2013] [15:00 22/05/2013] 4052F9D43D19F706AADF8ADCD390D03C
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Babylon.dat --a---- 12848 bytes [10:32 27/03/2012] [10:32 27/03/2012] ADBB6A655AE518830BA1AFEFDB84668F
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\Babylon.dat --a---- 12848 bytes [21:59 19/06/2012] [10:32 27/03/2012] ADBB6A655AE518830BA1AFEFDB84668F
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\BabylonObjectInstaller.inf --a---- 48 bytes [11:43 30/05/2012] [11:43 30/05/2012] 2B6C8B4FE00F6B220184812D426BC166
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\BabylonObjectInstaller.msi --a---- 346624 bytes [10:49 30/05/2012] [10:49 30/05/2012] 3F13781D8AF0D9B0495FE4301F71F99A
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\BabylonTB.xpi --a---- 48639 bytes [10:36 06/12/2011] [10:36 06/12/2011] 9C755237A70E9AE8047EA9D2A08D5B9B
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\MyBabylonTB.exe --a---- 1362728 bytes [12:49 27/11/2011] [12:49 27/11/2011] FBB423C97065AF571AA6FE515B751958
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\is1590112554\MyBabylonTB.exe --a---- 862832 bytes [18:02 02/04/2012] [18:02 02/04/2012] D4FE9619462D7613A6750256C94F4589

Searching for "*Conduit*"
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [05:32 10/08/2012] [05:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage --a---- 4096 bytes [15:12 22/05/2013] [15:12 22/05/2013] 4A073D5668ECE33919EBB9E9CEE0F35D
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal --a---- 3608 bytes [15:12 22/05/2013] [15:12 22/05/2013] 9B157CFAE359A4DF97D551FAD3EDD8FC
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JYBI4JQK\storage.conduit[1].xml --a---- 13 bytes [15:20 22/05/2013] [15:20 22/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\MLSB1EZV\app.mam.conduit[1].xml --a---- 13 bytes [15:20 22/05/2013] [15:20 22/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\ct3294791\conduit.xml --a---- 785 bytes [06:29 18/07/2012] [06:29 18/07/2012] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\software\VAFMusic Conduit.exe --a---- 68528 bytes [15:00 22/05/2013] [15:00 22/05/2013] F1E16AB9120369E7D70D0C18F8453490
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe --a---- 950 bytes [15:00 22/05/2013] [15:00 22/05/2013] 946B38AE25917D9304E150709B8B435C
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CD15OLPO\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 2400 bytes [04:38 24/05/2013] [04:38 24/05/2013] DD3F97801C766E87DC5DCE28B059053E
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WPDHD333\translation_toolbar_conduit-services_com[1].txt --a---- 105127 bytes [04:38 24/05/2013] [04:38 24/05/2013] EB5BCA67000B076D57DB4732F16288CC
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7RKDY3L3\storage.conduit[1].xml --a---- 13 bytes [21:12 23/05/2013] [21:12 23/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\802XYR2Y\app.mam.conduit[1].xml --a---- 13 bytes [21:12 23/05/2013] [21:12 23/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_75_328_CT3287375_Images_634987008136319964_png.png --a---- 1078 bytes [21:12 23/05/2013] [21:12 23/05/2013] 4EA6579BD649EF9B6B8AB042029EEE1E
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_75_328_CT3287375_images_634987008347060626_24PX_png.png --a---- 915 bytes [21:12 23/05/2013] [21:12 23/05/2013] 9C182B683F52150180D684C4FCCBA8DD
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_75_328_CT3287375_Skins_634987002007583586_png.png --a---- 213 bytes [21:12 23/05/2013] [21:12 23/05/2013] 23C389E60E5EC06927735ADFBD8CA40A
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_91_329_CT3294791_Images_635029284934981902_png.png --a---- 647 bytes [21:12 23/05/2013] [21:12 23/05/2013] D0567C58EE174E11DCC015047A6A1FF2
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_91_329_CT3294791_Images_635029285029831118_png.png --a---- 1136 bytes [21:12 23/05/2013] [21:12 23/05/2013] 92F9F08AADA8F544390F7FA5E6AFD023
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_91_329_CT3294791_Images_635029285133416446_png.png --a---- 829 bytes [21:12 23/05/2013] [21:12 23/05/2013] 7DC6506815501F44D664ABF9DA2E825D
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [21:12 23/05/2013] [21:12 23/05/2013] 99D5F75C338F2A877CBF891E0F18746E
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [21:12 23/05/2013] [21:12 23/05/2013] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [21:12 23/05/2013] [21:12 23/05/2013] A847C5F6CE2C700048749892DD2E0619
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [21:12 23/05/2013] [21:12 23/05/2013] FED9E00C76F647EE6A0B7CC684C89F0C
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [21:12 23/05/2013] [21:12 23/05/2013] 36BD416D16391EFAAAFB2C3C54EAE986
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [21:12 23/05/2013] [21:12 23/05/2013] 943ADFD9E0DF1507F7BC419802BF4303
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [21:12 23/05/2013] [21:12 23/05/2013] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [21:12 23/05/2013] [21:12 23/05/2013] 275C9DA2D536F18F528C80E050C3D705
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [21:12 23/05/2013] [21:12 23/05/2013] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [21:12 23/05/2013] [21:12 23/05/2013] 650731EEF807C292E699779B12CBE552
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [21:12 23/05/2013] [21:12 23/05/2013] 9B4D914888BCFFCBAE6757A0E450551C
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [21:12 23/05/2013] [21:12 23/05/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_eula_png.png --a---- 513 bytes [21:12 23/05/2013] [21:12 23/05/2013] F43944209A64CCD0C9B5A92743F0F787
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [21:12 23/05/2013] [21:12 23/05/2013] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [21:12 23/05/2013] [21:12 23/05/2013] A9E001CBC00B06B121DFBC80707F5298
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [21:12 23/05/2013] [21:12 23/05/2013] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [21:12 23/05/2013] [21:12 23/05/2013] 995595D4C685D659E8F03CD0A287EDDF
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [21:12 23/05/2013] [21:12 23/05/2013] AA39D8A6B65E208901EBA9F3D4728D3E
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [21:12 23/05/2013] [21:12 23/05/2013] 464E244E7E2F27FB85E0C3AB69D72104
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [21:12 23/05/2013] [21:12 23/05/2013] 6427565C7105DC497287866100F260BB
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [21:12 23/05/2013] [21:12 23/05/2013] AE7C9F67594A84B096D225601ACB0B2A
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [21:12 23/05/2013] [21:12 23/05/2013] C3EBA0237D68F665AF6D663906221092
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [21:12 23/05/2013] [21:12 23/05/2013] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png --a---- 617 bytes [21:12 23/05/2013] [21:12 23/05/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [21:12 23/05/2013] [21:12 23/05/2013] 66018EAE0906C9831A821CAE5D1089BB
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [21:12 23/05/2013] [21:12 23/05/2013] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [21:12 23/05/2013] [21:12 23/05/2013] 948781E4B6478290050ECA4423B89B1E
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [21:12 23/05/2013] [21:12 23/05/2013] AE5A39669C623937C0839E079E1088D5
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [21:12 23/05/2013] [21:12 23/05/2013] 766433EF38BDA83C4FD4932027A4B9D5
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif --a---- 259 bytes [21:12 23/05/2013] [21:12 23/05/2013] 110EC9BCA8470D6488B626EA28914A6C
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3294791.xml --a---- 7037 bytes [21:12 23/05/2013] [21:12 23/05/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3294791.xml --a---- 5515 bytes [21:12 23/05/2013] [21:12 23/05/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3294791.xml --a---- 6581 bytes [21:12 23/05/2013] [21:12 23/05/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3294791.xml --a---- 5514 bytes [21:12 23/05/2013] [21:12 23/05/2013] 16A75DAC853B7B226069A2F21C379531
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\contextmenu_toolbar_conduit-services_com[1].txt --a---- 7037 bytes [21:12 23/05/2013] [21:12 23/05/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\sf_conduit_loader[1].html --a---- 7757 bytes [21:12 23/05/2013] [21:12 23/05/2013] D515D54078E48B8D510EEAEFE950B2F8
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\DDI4PBCO\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 2400 bytes [21:12 23/05/2013] [21:12 23/05/2013] DD3F97801C766E87DC5DCE28B059053E
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[1].txt --a---- 5514 bytes [21:12 23/05/2013] [21:12 23/05/2013] 16A75DAC853B7B226069A2F21C379531
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[2].txt --a---- 6581 bytes [21:12 23/05/2013] [21:12 23/05/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[3].txt --a---- 5515 bytes [21:12 23/05/2013] [21:12 23/05/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\KDA1C9V0\sf_conduit_mam_app[1].html --a---- 3846 bytes [21:12 23/05/2013] [21:12 23/05/2013] BA848B8687D00278B07C209250B74C81

Searching for "*Iminent*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\iminent.css --a---- 2921 bytes [00:25 26/02/2013] [00:25 26/02/2013] 365ABF05AEDACA17810FAAB03D892B3B
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\iminent-imagen.png --a---- 41026 bytes [22:33 28/01/2013] [22:33 28/01/2013] 50F56E8C28B50DC0F728863A58258CCA
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\iminent-logo.png --a---- 6035 bytes [13:42 03/08/2012] [13:42 03/08/2012] B9B7BC075D4BE4FEF50FECC49B447EC3
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\Iminentinfo.dfe --a---- 47856 bytes [15:00 22/05/2013] [15:00 22/05/2013] AD4128646B73E48FA0CA767F1EEEA3DE
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temp\Iminent\Log\Iminent.MSI.log --a---- 30988 bytes [19:27 01/01/2012] [20:24 01/01/2012] 7D0C3BA42EF6006073F77F94C6C46B60
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temp\Iminent\Log\IMinentToolbar.msi.log --a---- 11460 bytes [19:27 01/01/2012] [20:24 01/01/2012] 00ED19FBBA19462F136238F9FB65DD13
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temp\nsaF76A.tmp\IminentSetup_2-YQ1jkVUP-1_.exe --a---- 825312 bytes [19:26 01/01/2012] [19:26 01/01/2012] 5A45A7E3E12BE51844B741945FB8E85E

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\whitesmoke.css --a---- 15259 bytes [19:23 21/02/2013] [19:23 21/02/2013] 5EF06091781C8D07BD85A071EA420E57
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img-gris.png --a---- 6104 bytes [16:53 16/10/2012] [16:53 16/10/2012] ECDA9D419EF846E066B16A51AC94AADE
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.jpg --a---- 5405 bytes [15:10 17/08/2012] [15:10 17/08/2012] 24A87BBB91F103F38E3DD4136C2EC358
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.png --a---- 5223 bytes [13:42 03/08/2012] [13:42 03/08/2012] 5F58552CF5DA329F3390D05C19B3A447
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img2.jpg --a---- 6885 bytes [14:47 01/08/2012] [14:47 01/08/2012] EFB7F860C1BC8F34C6A5E2BA0F6B36F8
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-logo.png --a---- 4134 bytes [13:42 03/08/2012] [13:42 03/08/2012] F0704EA722C449E60FC41C0BA822FA79
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-toolbar-new-gris.png --a---- 4080 bytes [17:46 30/01/2013] [17:46 30/01/2013] 19CE0ACD2D24AE259C66C25F2FAF652A
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\WhiteSmokeinfo.dfe --a---- 34007 bytes [15:00 22/05/2013] [15:00 22/05/2013] 10FD084B22329F248F0F7DA4468D998D

Searching for "*Yontoo*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Andrew\Local Settings\Temp\YontooClientSetup[1]-0524.log --a---- 10735 bytes [03:56 22/06/2010] [03:56 22/06/2010] 5073E1697FD13B59B9F77C81D9C4FEFD
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Andrew\Local Settings\Temp\YontooTix9973765.log --a---- 48 bytes [03:56 22/06/2010] [03:56 22/06/2010] B41C0753A93C3B6B5CF0D04468EABD57

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Delta Babylon d------ [15:00 22/05/2013]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\VAFMusic Conduit d------ [15:00 22/05/2013]
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository\conduit_CT3294791_CT3294791 d------ [16:15 25/05/2013]

Searching for "*Iminent*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Iminent d------ [15:00 22/05/2013]
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Temp\Iminent d------ [16:15 25/05/2013]

Searching for "*Vafmusic2*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2 d------ [16:15 25/05/2013]

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\WhiteSmoke d------ [15:00 22/05/2013]

========== Regfind ==========

Searching for "Babylon"
No data found.

Searching for "Conduit"
No data found.

Searching for "trolltech"
No data found.

Searching for "Vafmusic2"
No data found.

-= EOF =-

by **moonlighting** » May 25th, 2013, 1:09 pm

OTL logfile created on: 25/05/2013 11:57:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 80.08% Memory free
4.83 Gb Paging File | 4.27 Gb Available in Paging File | 88.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 25.00 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
Drive E: | 80.00 Gb Total Space | 0.87 Gb Free Space | 1.09% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 47.99 Gb Total Space | 0.45 Gb Free Space | 0.95% Space Free | Partition Type: NTFS

Computer Name: MOONLIGHTINGPRO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/24 09:54:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2004/12/01 16:16:52 | 000,539,648 | ---- | M] (Everstrike Software) -- C:\Program Files\LFK\LF30.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
MOD - [2008/08/07 07:23:24 | 000,025,088 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\Agent\Res\0409\AgtRes_l.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2013/05/17 12:07:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 09:52:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MoonSQL)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2010/01/25 16:57:54 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2001/02/14 10:00:00 | 000,106,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xiypeuit.sys -- (vspawbrj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LFK\LF30XP.sys -- (LF30FS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/12/19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/15 23:29:58 | 000,063,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/25 16:50:24 | 000,024,064 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/01/25 16:49:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/01/05 11:50:40 | 000,027,520 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdmodem.sys -- (USBSADModem)
DRV - [2010/01/05 11:50:40 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdobex.sys -- (UsbSADObex)
DRV - [2010/01/05 11:50:40 | 000,019,072 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgcpo.sys -- (lgcpo)
DRV - [2010/01/05 11:50:38 | 000,058,624 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc_enum.sys -- (USBSANDIS)
DRV - [2010/01/05 11:50:38 | 000,045,568 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cdc_ecm.sys -- (cdc_ecm)
DRV - [2010/01/05 11:50:38 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbddiag.sys -- (UsbSADDiag)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/14 02:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:04:34 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2008/04/13 19:04:32 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2008/04/13 19:04:30 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2008/04/13 19:04:30 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2008/04/13 19:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2008/04/13 19:04:30 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2008/04/13 19:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2008/04/13 19:04:30 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2008/04/13 19:04:28 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2008/04/13 19:04:28 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2008/04/13 19:04:28 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2008/04/13 19:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2008/04/13 19:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2008/04/13 19:04:28 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2008/04/13 19:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2008/01/03 17:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/06 12:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/08/23 06:29:48 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/08/23 06:29:48 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/08/23 06:29:48 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 15:54:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/17 15:54:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2000/09/11 10:00:00 | 000,030,398 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AW_HOST5.SYS -- (AW_HOST)
DRV - [2000/09/11 10:00:00 | 000,014,032 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2000/09/11 10:00:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AWLEGACY.SYS -- (awlegacy)
DRV - [2000/04/04 13:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Parclass.sys -- (Parclass)
DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f%7D:4.9.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/24 09:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/24 09:45:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\ [2010/03/16 15:13:46 | 000,000,000 | ---D | M]

[2010/07/22 21:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/27 19:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/05/24 09:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions
[2011/07/24 22:12:30 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2012/04/04 22:53:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/10 12:37:18 | 000,137,731 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi
[2013/05/24 09:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/17 12:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 12:07:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.conduit.com/?ctid=CT32947 ... 10110&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/14 23:10:29 | 000,000,083 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [LFAgent] C:\Program Files\LFK\LF30.exe (Everstrike Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microangelo Desktop.lnk = C:\Program Files\Microangelo\muamgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFC621CA-ECA7-429E-86BB-90F0D9C9D319}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.387.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/17 20:30:10 | 000,000,000 | ---D | M] - C:\AutoPlay Menu Studio 3.0 -- [ NTFS ]
O32 - AutoRun File - [2005/07/16 14:27:54 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/19 14:09:06 | 000,000,000 | ---D | M] - E:\AutoPlay Menu Studio 3.0 -- [ NTFS ]
O32 - AutoRun File - [2002/06/06 00:36:20 | 000,000,000 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/25 11:13:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/24 13:55:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/24 09:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/24 09:55:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/24 09:54:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/05/22 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
[2013/05/22 10:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/17 12:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/26 21:53:55 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_635.exe
[2012/01/25 20:36:44 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe
[2012/01/04 01:14:09 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_626.exe

========== Files - Modified Within 30 Days ==========

[2013/05/25 11:52:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/25 11:46:03 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\lf.job
[2013/05/25 11:44:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1920358730-1913087698-391787831-1011UA.job
[2013/05/25 11:39:01 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/05/25 11:38:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/25 11:38:15 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 11:38:10 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/05/25 11:34:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/25 11:34:47 | 3210,985,472 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 11:07:51 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 10:50:12 | 000,003,141 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2013/05/24 14:25:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1920358730-1913087698-391787831-1011Core.job
[2013/05/24 14:13:13 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2013/05/24 13:55:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/24 09:54:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/05/24 00:06:22 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/05/23 22:16:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\codecheck.exe
[2013/05/22 11:42:23 | 000,090,624 | ---- | M] () -- C:\WINDOWS\System32\MSHFLXGD.oca
[2013/05/22 11:42:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\MSDATLST.oca
[2013/05/22 11:42:22 | 000,035,840 | ---- | M] () -- C:\WINDOWS\System32\MSADODC.oca
[2013/05/22 11:42:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\MSDATGRD.oca
[2013/05/22 11:42:21 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\SYSINFO.oca
[2013/05/22 11:42:20 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\MCI32.oca
[2013/05/22 11:42:20 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\PICCLP32.oca
[2013/05/22 11:42:19 | 000,166,400 | ---- | M] () -- C:\WINDOWS\System32\MSCHRT20.oca
[2013/05/22 11:42:18 | 000,064,000 | ---- | M] () -- C:\WINDOWS\System32\RICHTX32.oca
[2013/05/22 10:51:14 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/05/20 17:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/19 02:00:06 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/05/18 14:14:25 | 019,407,872 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2013/05/18 10:50:43 | 000,001,416 | ---- | M] () -- C:\WINDOWS\CDPlayer.ini
[2013/05/16 03:31:34 | 000,439,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 03:13:59 | 000,619,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 03:13:59 | 000,132,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/16 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/15 09:52:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 09:52:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/10 11:42:15 | 000,061,952 | ---- | M] () -- C:\WINDOWS\System32\MMWaveX2.oca
[2013/05/10 11:42:15 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\HyperLabel.oca
[2013/05/10 11:42:14 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCT2.oca
[2013/05/10 11:42:14 | 000,048,640 | ---- | M] () -- C:\WINDOWS\System32\MSMASK32.oca
[2013/05/10 11:42:14 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctcombo.oca
[2013/05/10 11:42:14 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\ctimage.oca
[2013/05/10 11:42:13 | 000,240,128 | ---- | M] () -- C:\WINDOWS\System32\COMCTL32.oca
[2013/05/10 11:42:13 | 000,076,288 | ---- | M] () -- C:\WINDOWS\System32\MSFLXGRD.oca
[2013/05/10 11:42:13 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\DBLIST32.oca
[2013/05/10 11:42:13 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\cthtml.oca
[2013/05/10 11:42:12 | 000,062,464 | ---- | M] () -- C:\WINDOWS\System32\DBGRID32.oca
[2013/05/10 11:42:12 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\ctmonth.oca
[2013/05/10 11:42:12 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\ctnedit.oca
[2013/05/10 11:42:12 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctcheck.oca
[2013/05/10 11:42:12 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\ctfill.oca
[2013/05/10 11:42:11 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\Ctlist.oca
[2013/05/10 11:42:11 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctpush.oca
[2013/05/10 11:42:11 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\Cttips.oca
[2013/05/10 11:42:11 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\ctcalc.oca
[2013/05/10 11:42:11 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\Cthyplnk.oca
[2013/05/10 11:42:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\ctwave.oca
[2013/05/10 11:42:10 | 000,031,232 | ---- | M] () -- C:\WINDOWS\System32\ctdate.oca
[2013/05/10 11:42:10 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\ctvlist.oca
[2013/05/10 11:42:10 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctradio.oca
[2013/05/10 11:42:10 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctmeter.oca
[2013/05/10 11:42:10 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctdial.oca
[2013/05/10 11:42:10 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\ctcpick.oca
[2013/05/10 11:42:09 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\Ctyear.oca
[2013/05/10 11:42:09 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctsize.oca
[2013/05/10 11:42:09 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctgauge.oca
[2013/05/10 11:42:09 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\ctclock.oca
[2013/05/10 11:42:09 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\ctgroup.oca
[2013/05/10 11:42:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\ctmenu.oca
[2013/05/10 11:42:08 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\ctdedit.oca
[2013/05/10 11:42:08 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\ctslide.oca
[2013/05/10 11:42:08 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\ctPrint.oca
[2013/05/10 11:42:08 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\ctfile.oca
[2013/05/10 11:42:08 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\ctcolor.oca
[2013/05/10 11:42:08 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\ctTray.oca
[2013/05/10 11:42:07 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\Ctfold.oca
[2013/05/10 11:42:07 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctsplit.oca
[2013/05/10 11:42:07 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctscroll.oca
[2013/05/10 11:42:07 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\ctspin.oca
[2013/05/10 11:42:07 | 000,012,800 | ---- | M] () -- C:\WINDOWS\System32\ctformfx.oca
[2013/05/10 11:42:07 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\ctfont.oca
[2013/05/10 11:42:06 | 000,051,200 | ---- | M] () -- C:\WINDOWS\System32\cttree.oca
[2013/05/10 11:42:06 | 000,030,720 | ---- | M] () -- C:\WINDOWS\System32\ctbutton.oca
[2013/05/10 11:42:06 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctruler.oca
[2013/05/10 11:42:06 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\ctsched.oca
[2013/05/10 11:42:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\cttabs.oca
[2013/05/10 11:42:05 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\ctlstbar.oca
[2013/05/10 11:42:05 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\ctmedit.oca
[2013/05/10 11:42:05 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctpaper.oca
[2013/05/10 11:42:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\Ctframe.oca
[2013/05/10 11:42:05 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\ctrotate.oca
[2013/05/10 11:42:05 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\ctclip.oca
[2013/05/10 11:42:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\cttext.oca
[2013/05/10 11:42:04 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\ctspiral.oca
[2013/05/10 11:42:04 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctbanner.oca
[2013/05/10 11:42:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\ctdata.oca
[2013/05/10 11:42:03 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\ctmove.oca
[2013/05/08 08:52:54 | 000,265,728 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCTL.oca
[2013/05/08 01:10:12 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/05/08 01:10:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/05/06 23:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/04 12:47:18 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/02 22:19:50 | 000,576,460 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MidlandMortgage_KevinMoon_LoanNumber_53107673.pdf

========== Files Created - No Company Name ==========

[2013/05/24 14:13:12 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2013/05/23 22:16:19 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\codecheck.exe
[2013/05/22 11:42:21 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SYSINFO.oca
[2013/05/22 11:42:20 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\MCI32.oca
[2013/05/22 11:42:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\PICCLP32.oca
[2013/05/22 11:42:19 | 000,166,400 | ---- | C] () -- C:\WINDOWS\System32\MSCHRT20.oca
[2013/05/22 11:42:18 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\RICHTX32.oca
[2013/05/22 10:51:13 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/05/22 10:00:59 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/05/02 22:19:50 | 000,576,460 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MidlandMortgage_KevinMoon_LoanNumber_53107673.pdf
[2012/12/16 20:48:19 | 000,000,013 | ---- | C] () -- C:\WINDOWS\ffs.dat
[2012/12/15 19:42:12 | 000,111,234 | ---- | C] () -- C:\Program Files\9876~20121215_184210.new
[2012/11/19 18:09:44 | 000,357,378 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1920358730-1913087698-391787831-1012-0.dat
[2012/10/15 10:46:35 | 000,000,588 | ---- | C] () -- C:\WINDOWS\vbv4.ini
[2012/10/15 10:46:31 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\VBV32hh.dll
[2012/09/09 20:07:52 | 000,090,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/09/01 22:16:20 | 000,038,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (DOS).ADR
[2012/09/01 21:06:06 | 000,037,898 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2012/08/27 21:17:43 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2012/04/28 01:22:12 | 000,018,251 | ---- | C] () -- C:\WINDOWS\wise.ini
[2012/02/28 13:38:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Wise32.INI
[2012/02/15 04:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 22:30:20 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.backup.dm
[2012/01/02 20:49:33 | 000,013,868 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vfa226ni8vdg40wc4k082i1bxnspx1sa1vpji
[2011/12/20 20:50:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/20 20:50:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/20 20:50:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/20 20:50:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/20 20:50:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/20 01:02:06 | 000,013,132 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b2ml23h4pd6pnu
[2011/12/16 18:00:46 | 000,001,416 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2011/12/16 17:59:43 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/12/16 17:59:43 | 000,020,898 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2011/10/06 20:11:40 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/10/02 23:28:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\muangsys.dll
[2011/10/02 23:28:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\muadisp.dll
[2011/09/18 19:04:09 | 000,137,572 | ---- | C] () -- C:\WINDOWS\cep1unin.exe
[2011/09/18 19:02:36 | 000,000,163 | ---- | C] () -- C:\WINDOWS\cool.ini
[2011/09/18 15:12:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\VB5.INI
[2011/09/18 14:56:50 | 000,012,048 | ---- | C] () -- C:\WINDOWS\System32\Ppmon.exe
[2011/09/18 14:56:50 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\Ppmon.dll
[2011/09/18 14:55:41 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2011/09/18 14:55:41 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2011/09/18 14:55:41 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2011/09/18 14:55:41 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2011/09/18 14:55:41 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2011/09/18 14:55:41 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2011/08/14 23:16:29 | 000,003,141 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2011/08/11 03:10:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/07/17 21:25:07 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\AXDIST.EXE
[2011/05/16 18:58:39 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Administrator\com10
[2011/02/14 19:11:44 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xQc8sJtHMfo7
[2011/02/14 19:11:44 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xQc8sJtHMfo7r
[2011/02/14 19:11:35 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xQc8sJtHMfo7
[2011/02/14 08:29:55 | 001,547,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1920358730-1913087698-391787831-500-0.dat
[2011/02/14 08:29:54 | 000,357,378 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/11 21:03:54 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~0pGQnODnIBa
[2011/02/11 21:03:54 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~0pGQnODnIBar
[2011/02/11 21:03:48 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0pGQnODnIBa
[2010/07/23 10:15:28 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/03/16 14:52:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

by **moonlighting** » May 25th, 2013, 1:10 pm

The ads are no longer coming up in Internet Explorer. System speed is still good as far as I can tell. Instructions have been very clear.

by **pgmigg** » May 25th, 2013, 8:21 pm

Hello moonlighting,

The ads are no longer coming up in Internet Explorer. System speed is still good as far as I can tell.

Very nice, but we are still not finished yet!

Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Double click on OTL.exe to run it.
Underneath Output at the top, make sure Standard Output is selected.

Copy and Paste the following code into the

text box. Do not include the word Code

Code: Select all

:Commands
[CREATERESTOREPOINT]

:OTL
CHR - homepage: http://search.conduit.com/?ctid=CT32947 ... 10110&UM=2

:Commands
[emptytemp]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK. It may take a while - please be patient...
OTL may ask to reboot the machine. Please do so if asked.
When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
Please post the contents of report in your next reply.

Step 2.
Change Home Page in Google Chrome
Please use the instructions here
to change your home page to something like google.com or some other clean site. Then reboot your system.

Step 3.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Firstly please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.
Next please click on the following link to open a new window to ESET online scannner
Then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Step 4.
Fresh OTL Quick Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Standard Output is selected.
Check the box labeled: Scan All Users
Click on pink Quick Scan at the top
When done, one Notepad file OTL.txt <-- Will be opened, maximized
Please post the content of OTL.txt file ONLY in your next reply.

Please include in your next reply:

Do you have any problems executing the instructions?
Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file
Contents of the most recent OTL.txt file after fresh OTL Quick scan
Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **moonlighting** » May 27th, 2013, 1:32 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Use Chrome's Settings page to change the HomePage.
========== COMMANDS ==========

[EMPTYTEMP]

User: AD59A3~1

User: Administrator
->Temp folder emptied: 190559 bytes
->Temporary Internet Files folder emptied: 1258042 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19098136 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Andrew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kevin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Melanie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5681 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05262013_100944

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

by **moonlighting** » May 27th, 2013, 1:34 am

C:\Documents and Settings\Administrator\My Documents\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe multiple threats
C:\Documents and Settings\Kevin\My Documents\Google Talk Received Files\RevelationV2.zip Win32/PSWTool.SnadBoy.2011 application
C:\Documents and Settings\Matthew\Application Data\Adobe\Adobe\afxjahc.dll Win32/Boaxxe.C trojan
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\rmdcdfchgi@rmdcdfchgi.org.xpi JS/Redirector.NBX trojan
C:\Documents and Settings\Matthew\Desktop\MP3Rocket-Win(1).exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Matthew\Desktop\MP3Rocket-Win.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Matthew\Local Settings\Application Data\getdislike\ie\aplayers.dll Win32/Adware.DealCabby application
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaimpgmkokdnnbejampmiojdnmflmpgo\background.html Win32/BHO.OEI trojan
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaimpgmkokdnnbejampmiojdnmflmpgo\ContentScript.js Win32/TrojanDownloader.Tracur.AD trojan
C:\Documents and Settings\Matthew\My Documents\andrewtaos\ADLSoft_UnCompressor.exe a variant of Win32/InstallCore.F application
C:\Documents and Settings\Matthew\My Documents\Downloads\PDFCreatorSetup.exe a variant of Win32/InstallCore.BH application
C:\Documents and Settings\Matthew\My Documents\mincraft skins\iron.exe a variant of Win32/InstallCore.T application
C:\Documents and Settings\Matthew\My Documents\My Music\MP3+Rocket.exe multiple threats
C:\Documents and Settings\Matthew\My Documents\taos photots\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Documents and Settings\Melanie\My Documents\AdvBHO.dll Win32/Adware.BHO.NJI application
C:\EVSInstallationFiles\TDK\setupnowTDK.exe Win32/NetTool.SmtpModule.B application
C:\My Downloads\Avery Design Pro DPSetup.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\My Downloads\Avery Template U_0113_01_P.msi a variant of Win32/Bundled.Toolbar.Ask application
C:\My Downloads\cnet2_Cell_Phone_Unlock_exe.exe a variant of Win32/InstallCore.D application
C:\My Downloads\cnet2_usr-gsm-support_exe.exe a variant of Win32/InstallCore.D application
C:\My Downloads\FLVPlayerSetup.exe Win32/InstallCore.K application
C:\My Downloads\how_to_unlock_samsung_sgh_a687.exe Win32/BundleInstaller application
C:\My Downloads\Install-Hd-4-5-0-0.zip a variant of Win32/Bundled.Toolbar.Ask application
C:\My Downloads\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\My Downloads\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\My Downloads\NokiaFREEUnlockCalculator_downloader_by_NokiaFREEUnlockCalculator.exe a variant of Win32/Somoto.A application
C:\My Downloads\playalotgames_1347.exe a variant of Win32/InstallIQ application
C:\My Downloads\PWNAGE_setup.exe a variant of Win32/AirAdInstaller.A application
C:\My Downloads\SMS_Stuff\GSMSMSActiveXDll3.6.rar a variant of Win32/Keygen.AN application
C:\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe multiple threats
C:\Password Revealer\RevelationV2.zip Win32/PSWTool.SnadBoy.2011 application
C:\Program Files\FLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application
C:\Program Files\FLVPlayer\Uninstall\Uninstall.exe Win32/InstallCore.K application
C:\Program Files\Hewlett-Packard\Firefox - HP Virtual Browser Edition\fslrdr\2\[_B_]SYSTEMDRIVE[_E_]\My Downloads\FixCleanerSetup.exe a variant of Win32/Adware.ErrorRepair application
C:\Program Files\Hewlett-Packard\Firefox - HP Virtual Browser Edition\fslrdr\2\[_B_]SYSTEMDRIVE[_E_]\My Downloads\LGWirelessUSBModemDrivers\setup_602944.exe Win32/Toolbar.Zugo application
C:\Qoobox\Quarantine\C\Documents and Settings\Melanie\AdvBHO.dll.vir Win32/Adware.BHO.NJI application
C:\SpywareStuff\HiJack\SDFix.exe Win32/PrcView application
C:\SpywareStuff\HiJack\SmitfraudFix.exe multiple threats
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1266\A0201012.exe Win32/DomaIQ.I application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1266\A0201015.exe multiple threats
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201646.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201647.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201648.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201649.exe a variant of Win32/Conduit.SearchProtect.B application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201651.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201655.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201656.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201657.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201658.exe a variant of Win32/Conduit.SearchProtect.B application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1272\A0201660.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1273\A0201785.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1273\A0201786.exe a variant of Win32/Conduit.SearchProtect.B application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1273\A0201788.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1273\A0201789.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{DD0CF2F7-77D2-4945-B346-6B5613DA5B5D}\RP1273\A0201792.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\WINDOWS\Installer\10f36135.msi a variant of Win32/Bundled.Toolbar.Ask application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\FlashPlayer_V.151078713b.exe Win32/DomaIQ.I application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\setup__120.exe a variant of Win32/Amonetize.D application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\software\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC.B application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\BExternal.dll a variant of Win32/Toolbar.Babylon.C application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Setup.exe a variant of Win32/Toolbar.Babylon.E application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\BExternal.dll a variant of Win32/Toolbar.Babylon.C application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\IECookieLow.dll a variant of Win32/Toolbar.Babylon.E application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\MyBabylonTB.exe Win32/Toolbar.Babylon application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\Setup.exe a variant of Win32/Toolbar.Babylon.E application
C:\_OTL\MovedFiles\05252013_111357\C_Documents and Settings\Administrator\Local Settings\temp\is1590112554\MyBabylonTB.exe Win32/Toolbar.Babylon application
E:\Documents and Settings\Kevin Moon\Application Data\Sun\Java\Deployment\cache\6.0\8\14083888-16be18b3 multiple threats
E:\Documents and Settings\Kevin Moon\My Documents\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe multiple threats
E:\My Downloads\Install-Hd-4-5-0-0.zip a variant of Win32/Bundled.Toolbar.Ask application
E:\My Downloads\AMVVideoConverter\AMV_Convert_400.zip Win32/KillFiles.NEM trojan
E:\My Downloads\AMVVideoConverter\MSI.CAB Win32/KillFiles.NEM trojan
E:\My Downloads\CellUnlocker2\Setup.exe a variant of Win32/Adware.iBryte.C application
E:\My Downloads\CellUnlocker2\Setup2.exe a variant of Win32/Adware.iBryte.C application
E:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe Win32/KillFiles.NEM trojan
E:\Program Files\Palm Media Studio\Palm Media Studio.Mobihand.exe a variant of Win32/Packed.SDProtector.A application
E:\Program Files\Radmin\radmin.exe Win32/RemoteAdmin.RAdmin.22 application
E:\WINNT\system32\r_server.exe Win32/RAdmin.22 application
F:\data probably a variant of JS/TrojanDownloader.IstBar.LYMUPTG trojan
F:\EVSInstallationFiles\TDK\setupnowTDK.exe Win32/NetTool.SmtpModule.B application
F:\GameOps20082009\Celtic Thunder - Caledonia.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\GameOps20082009\drum roll 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\Gorillas\Themes\dontlookdown.exe Win32/Adware.Gator application
F:\InstallationStuff\Macromedia Flash MX v6.0.zip a variant of Win32/Keygen.CY application
F:\InstallationStuff\Gozilla\4.0\gozilla.exe multiple threats
F:\InstallationStuff\Nero 6.0.0.11\Nero Burning ROM 6.0.0.11.exe a variant of Win32/Keygen.CY application
F:\InstallationStuff\WeatherBug\WxBugSetup27.exe a variant of Win32/Adware.Gator.Trickler.J application
F:\MM Overload\Coldfusion Studio Pro.zip Win32/HackTool.Patcher.B trojan
F:\MM Overload\Flash MX keygen.zip a variant of Win32/Keygen.CY application
F:\My Downloads\DVDXCopy_v1.3_Keygen.rar probably a variant of Win32/Keygen.BH application
F:\My Downloads\Macromedia Flash MX (Final) with Key Gen (1).zip a variant of Win32/Keygen.CY application
F:\My Downloads\CDrive\My Downloads\RollyRemoteAdmin\RADMIN21.EXE Win32/RemoteAdmin application
F:\My Downloads\CDrive\My Downloads\RollyRemoteAdmin\RemoteAdminCD_W_CODE.zip Win32/RemoteAdmin application
F:\My Downloads\Codecs\DivX5 Pro Bundle.exe Win32/Adware.Gator.Trickler application
F:\My Downloads\DVD Cloner\DVD Cloner 2.32 + Registration.exe a variant of Win32/HackTool.Patcher.G application
F:\My Downloads\HiJack\SDFix.exe Win32/PrcView application
F:\My Downloads\HiJack\SmitfraudFix.exe multiple threats
F:\My Downloads\jimmysputer\Downloads\IMesh\iMeshV3.exe multiple threats
F:\My Downloads\KazaaLite\klitekpp210b3e.exe probably a variant of Win32/Agent.COPKWSR trojan
F:\My Downloads\Password Revealer\RevelationV2.zip Win32/PSWTool.SnadBoy.2011 application
F:\My Downloads\SoftwareKeyStuff\PDUPDATE_1_6_92.exe Win32/NetTool.SmtpModule.B application
F:\My Downloads\SoftwareKeyStuff\POWERDIALER02192003.exe Win32/NetTool.SmtpModule.B application
F:\My Downloads\TellacomCOM\Macromedia Flash MX 2004 - good keygen.exe a variant of Win32/Keygen.BH application
F:\My Music\Music\Game Ops Stuff\happy trails van halen 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\My Music\Music\New20082009\brass bonanza 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\My Music\NewStuff\cactus cuties [cd rip].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\My Music\NewStuff\cactus cuties[256k quality].snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\My Music\NewStuff\kim leoni _medicine_.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\My Music\NewStuff\national athem cactus cuties.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\My Music\NewStuff\u wanna little of this - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
F:\Program Files\Common Files\GMT\GatorStubSetup.exe a variant of Win32/Adware.Gator.H application
F:\Program Files\Common Files\GMT\GUninstaller.exe a variant of Win32/Adware.Gator.H application
F:\Program Files\WASTE\Downloads\Codecs\Divx\DivXPro 502.exe Win32/Adware.Gator application
F:\Program Files\WASTE\Downloads\Codecs\Divx\DivXPro502GAINBundle.exe Win32/Adware.Gator application
F:\Program Files\WASTE\Downloads\divx &MP3\Divx\DivXPro502GAINBundle.exe Win32/Adware.Gator application
F:\Program Files\WASTE\Downloads\super mario\spmario.zip multiple threats
F:\Program Files\WASTE\Downloads\super mario\spmario\southpm2.exe multiple threats

by **moonlighting** » May 27th, 2013, 2:37 am

OTL logfile created on: 27/05/2013 12:29:02 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 76.47% Memory free
4.83 Gb Paging File | 4.11 Gb Available in Paging File | 85.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 24.95 Gb Free Space | 10.71% Space Free | Partition Type: NTFS
Drive E: | 80.00 Gb Total Space | 0.87 Gb Free Space | 1.09% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NTFS
Drive G: | 47.99 Gb Total Space | 0.46 Gb Free Space | 0.95% Space Free | Partition Type: NTFS

Computer Name: MOONLIGHTINGPRO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/24 09:54:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2013/05/17 12:07:26 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2004/12/01 16:16:52 | 000,539,648 | ---- | M] (Everstrike Software) -- C:\Program Files\LFK\LF30.exe
PRC - [2000/09/11 05:01:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Microangelo\muamgr.exe
PRC - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Modules (No Company Name) ==========

MOD - [2013/05/17 12:07:24 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
MOD - [2008/08/07 07:23:24 | 000,025,088 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\Agent\Res\0409\AgtRes_l.dll
MOD - [2008/04/14 07:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2000/09/20 14:59:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\muadisp.dll
MOD - [2000/09/20 14:56:22 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\muangsys.dll
MOD - [2000/09/11 05:01:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Microangelo\muamgr.exe
MOD - [1997/11/05 05:00:00 | 000,022,016 | ---- | M] () -- C:\Program Files\ULTRAEDIT\ue32ctmn.dll
MOD - [1997/07/11 00:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2013/05/17 12:07:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 09:52:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MoonSQL)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2010/01/25 16:57:54 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2001/02/14 10:00:00 | 000,106,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xiypeuit.sys -- (vspawbrj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LFK\LF30XP.sys -- (LF30FS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/12/19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/15 23:29:58 | 000,063,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/25 16:50:24 | 000,024,064 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/01/25 16:49:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/01/05 11:50:40 | 000,027,520 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdmodem.sys -- (USBSADModem)
DRV - [2010/01/05 11:50:40 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdobex.sys -- (UsbSADObex)
DRV - [2010/01/05 11:50:40 | 000,019,072 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgcpo.sys -- (lgcpo)
DRV - [2010/01/05 11:50:38 | 000,058,624 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc_enum.sys -- (USBSANDIS)
DRV - [2010/01/05 11:50:38 | 000,045,568 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cdc_ecm.sys -- (cdc_ecm)
DRV - [2010/01/05 11:50:38 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbddiag.sys -- (UsbSADDiag)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/14 02:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:04:34 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2008/04/13 19:04:32 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2008/04/13 19:04:30 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2008/04/13 19:04:30 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2008/04/13 19:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2008/04/13 19:04:30 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2008/04/13 19:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2008/04/13 19:04:30 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2008/04/13 19:04:28 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2008/04/13 19:04:28 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2008/04/13 19:04:28 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2008/04/13 19:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2008/04/13 19:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2008/04/13 19:04:28 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2008/04/13 19:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2008/01/03 17:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/06 12:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/08/23 06:29:48 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/08/23 06:29:48 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/08/23 06:29:48 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 15:54:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/17 15:54:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2000/09/11 10:00:00 | 000,030,398 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AW_HOST5.SYS -- (AW_HOST)
DRV - [2000/09/11 10:00:00 | 000,014,032 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2000/09/11 10:00:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AWLEGACY.SYS -- (awlegacy)
DRV - [2000/04/04 13:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Parclass.sys -- (Parclass)
DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f%7D:4.9.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/24 09:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/24 09:45:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\ [2010/03/16 15:13:46 | 000,000,000 | ---D | M]

[2010/07/22 21:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/27 19:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/05/24 09:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions
[2011/07/24 22:12:30 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2012/04/04 22:53:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/10 12:37:18 | 000,137,731 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi
[2013/05/24 09:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/17 12:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 12:07:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/14 23:10:29 | 000,000,083 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [LFAgent] C:\Program Files\LFK\LF30.exe (Everstrike Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microangelo Desktop.lnk = C:\Program Files\Microangelo\muamgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFC621CA-ECA7-429E-86BB-90F0D9C9D319}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.387.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/17 20:30:10 | 000,000,000 | ---D | M] - C:\AutoPlay Menu Studio 3.0 -- [ NTFS ]
O32 - AutoRun File - [2005/07/16 14:27:54 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/19 14:09:06 | 000,000,000 | ---D | M] - E:\AutoPlay Menu Studio 3.0 -- [ NTFS ]
O32 - AutoRun File - [2002/06/06 00:36:20 | 000,000,000 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/26 10:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/25 11:13:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/24 13:55:01 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/24 09:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/24 09:55:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/24 09:54:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/05/22 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
[2013/05/22 10:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/17 12:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/26 21:53:55 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_635.exe
[2012/01/25 20:36:44 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe
[2012/01/04 01:14:09 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_626.exe

========== Files - Modified Within 30 Days ==========

[2013/05/27 00:28:32 | 000,003,158 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2013/05/27 00:23:12 | 000,013,857 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ESET SCAN.BAK
[2013/05/27 00:06:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 00:00:14 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\lf.job
[2013/05/26 23:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/26 23:44:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1920358730-1913087698-391787831-1011UA.job
[2013/05/26 14:25:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1920358730-1913087698-391787831-1011Core.job
[2013/05/26 10:14:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/26 10:13:58 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/05/26 10:12:25 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/26 10:12:24 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/05/26 10:11:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/26 10:11:49 | 3210,985,472 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/26 02:00:00 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/05/24 14:13:13 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2013/05/24 13:55:10 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2013/05/24 09:54:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/05/24 00:06:22 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/05/23 22:16:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\codecheck.exe
[2013/05/22 11:42:23 | 000,090,624 | ---- | M] () -- C:\WINDOWS\System32\MSHFLXGD.oca
[2013/05/22 11:42:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\MSDATLST.oca
[2013/05/22 11:42:22 | 000,035,840 | ---- | M] () -- C:\WINDOWS\System32\MSADODC.oca
[2013/05/22 11:42:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\MSDATGRD.oca
[2013/05/22 11:42:21 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\SYSINFO.oca
[2013/05/22 11:42:20 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\MCI32.oca
[2013/05/22 11:42:20 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\PICCLP32.oca
[2013/05/22 11:42:19 | 000,166,400 | ---- | M] () -- C:\WINDOWS\System32\MSCHRT20.oca
[2013/05/22 11:42:18 | 000,064,000 | ---- | M] () -- C:\WINDOWS\System32\RICHTX32.oca
[2013/05/22 10:51:14 | 000,632,031 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/05/20 17:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/18 14:14:25 | 019,407,872 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2013/05/18 10:50:43 | 000,001,416 | ---- | M] () -- C:\WINDOWS\CDPlayer.ini
[2013/05/16 03:31:34 | 000,439,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 03:13:59 | 000,619,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 03:13:59 | 000,132,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/16 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/10 11:42:15 | 000,061,952 | ---- | M] () -- C:\WINDOWS\System32\MMWaveX2.oca
[2013/05/10 11:42:15 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\HyperLabel.oca
[2013/05/10 11:42:14 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCT2.oca
[2013/05/10 11:42:14 | 000,048,640 | ---- | M] () -- C:\WINDOWS\System32\MSMASK32.oca
[2013/05/10 11:42:14 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctcombo.oca
[2013/05/10 11:42:14 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\ctimage.oca
[2013/05/10 11:42:13 | 000,240,128 | ---- | M] () -- C:\WINDOWS\System32\COMCTL32.oca
[2013/05/10 11:42:13 | 000,076,288 | ---- | M] () -- C:\WINDOWS\System32\MSFLXGRD.oca
[2013/05/10 11:42:13 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\DBLIST32.oca
[2013/05/10 11:42:13 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\cthtml.oca
[2013/05/10 11:42:12 | 000,062,464 | ---- | M] () -- C:\WINDOWS\System32\DBGRID32.oca
[2013/05/10 11:42:12 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\ctmonth.oca
[2013/05/10 11:42:12 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\ctnedit.oca
[2013/05/10 11:42:12 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctcheck.oca
[2013/05/10 11:42:12 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\ctfill.oca
[2013/05/10 11:42:11 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\Ctlist.oca
[2013/05/10 11:42:11 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctpush.oca
[2013/05/10 11:42:11 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\Cttips.oca
[2013/05/10 11:42:11 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\ctcalc.oca
[2013/05/10 11:42:11 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\Cthyplnk.oca
[2013/05/10 11:42:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\ctwave.oca
[2013/05/10 11:42:10 | 000,031,232 | ---- | M] () -- C:\WINDOWS\System32\ctdate.oca
[2013/05/10 11:42:10 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\ctvlist.oca
[2013/05/10 11:42:10 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctradio.oca
[2013/05/10 11:42:10 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctmeter.oca
[2013/05/10 11:42:10 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctdial.oca
[2013/05/10 11:42:10 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\ctcpick.oca
[2013/05/10 11:42:09 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\Ctyear.oca
[2013/05/10 11:42:09 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctsize.oca
[2013/05/10 11:42:09 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctgauge.oca
[2013/05/10 11:42:09 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\ctclock.oca
[2013/05/10 11:42:09 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\ctgroup.oca
[2013/05/10 11:42:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\ctmenu.oca
[2013/05/10 11:42:08 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\ctdedit.oca
[2013/05/10 11:42:08 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\ctslide.oca
[2013/05/10 11:42:08 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\ctPrint.oca
[2013/05/10 11:42:08 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\ctfile.oca
[2013/05/10 11:42:08 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\ctcolor.oca
[2013/05/10 11:42:08 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\ctTray.oca
[2013/05/10 11:42:07 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\Ctfold.oca
[2013/05/10 11:42:07 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctsplit.oca
[2013/05/10 11:42:07 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctscroll.oca
[2013/05/10 11:42:07 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\ctspin.oca
[2013/05/10 11:42:07 | 000,012,800 | ---- | M] () -- C:\WINDOWS\System32\ctformfx.oca
[2013/05/10 11:42:07 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\ctfont.oca
[2013/05/10 11:42:06 | 000,051,200 | ---- | M] () -- C:\WINDOWS\System32\cttree.oca
[2013/05/10 11:42:06 | 000,030,720 | ---- | M] () -- C:\WINDOWS\System32\ctbutton.oca
[2013/05/10 11:42:06 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctruler.oca
[2013/05/10 11:42:06 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\ctsched.oca
[2013/05/10 11:42:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\cttabs.oca
[2013/05/10 11:42:05 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\ctlstbar.oca
[2013/05/10 11:42:05 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\ctmedit.oca
[2013/05/10 11:42:05 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctpaper.oca
[2013/05/10 11:42:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\Ctframe.oca
[2013/05/10 11:42:05 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\ctrotate.oca
[2013/05/10 11:42:05 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\ctclip.oca
[2013/05/10 11:42:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\cttext.oca
[2013/05/10 11:42:04 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\ctspiral.oca
[2013/05/10 11:42:04 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctbanner.oca
[2013/05/10 11:42:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\ctdata.oca
[2013/05/10 11:42:03 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\ctmove.oca
[2013/05/08 08:52:54 | 000,265,728 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCTL.oca
[2013/05/04 12:47:18 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/02 22:19:50 | 000,576,460 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MidlandMortgage_KevinMoon_LoanNumber_53107673.pdf

========== Files Created - No Company Name ==========

[2013/05/27 00:23:12 | 000,013,857 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ESET SCAN.BAK
[2013/05/24 14:13:12 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2013/05/23 22:16:19 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\codecheck.exe
[2013/05/22 11:42:21 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SYSINFO.oca
[2013/05/22 11:42:20 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\MCI32.oca
[2013/05/22 11:42:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\PICCLP32.oca
[2013/05/22 11:42:19 | 000,166,400 | ---- | C] () -- C:\WINDOWS\System32\MSCHRT20.oca
[2013/05/22 11:42:18 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\RICHTX32.oca
[2013/05/22 10:51:13 | 000,632,031 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2013/05/22 10:00:59 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/05/02 22:19:50 | 000,576,460 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MidlandMortgage_KevinMoon_LoanNumber_53107673.pdf
[2012/12/16 20:48:19 | 000,000,013 | ---- | C] () -- C:\WINDOWS\ffs.dat
[2012/12/15 19:42:12 | 000,111,234 | ---- | C] () -- C:\Program Files\9876~20121215_184210.new
[2012/11/19 18:09:44 | 000,357,378 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1920358730-1913087698-391787831-1012-0.dat
[2012/10/15 10:46:35 | 000,000,588 | ---- | C] () -- C:\WINDOWS\vbv4.ini
[2012/10/15 10:46:31 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\VBV32hh.dll
[2012/09/09 20:07:52 | 000,090,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/09/01 22:16:20 | 000,038,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (DOS).ADR
[2012/09/01 21:06:06 | 000,037,898 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2012/08/27 21:17:43 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2012/04/28 01:22:12 | 000,018,251 | ---- | C] () -- C:\WINDOWS\wise.ini
[2012/02/28 13:38:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Wise32.INI
[2012/02/15 04:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 22:30:20 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.backup.dm
[2012/01/02 20:49:33 | 000,013,868 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vfa226ni8vdg40wc4k082i1bxnspx1sa1vpji
[2011/12/20 20:50:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/20 20:50:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/20 20:50:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/20 20:50:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/20 20:50:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/20 01:02:06 | 000,013,132 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b2ml23h4pd6pnu
[2011/12/16 18:00:46 | 000,001,416 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2011/12/16 17:59:43 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/12/16 17:59:43 | 000,020,898 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2011/10/06 20:11:40 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/10/02 23:28:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\muangsys.dll
[2011/10/02 23:28:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\muadisp.dll
[2011/09/18 19:04:09 | 000,137,572 | ---- | C] () -- C:\WINDOWS\cep1unin.exe
[2011/09/18 19:02:36 | 000,000,163 | ---- | C] () -- C:\WINDOWS\cool.ini
[2011/09/18 15:12:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\VB5.INI
[2011/09/18 14:56:50 | 000,012,048 | ---- | C] () -- C:\WINDOWS\System32\Ppmon.exe
[2011/09/18 14:56:50 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\Ppmon.dll
[2011/09/18 14:55:41 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2011/09/18 14:55:41 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2011/09/18 14:55:41 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2011/09/18 14:55:41 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2011/09/18 14:55:41 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2011/09/18 14:55:41 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2011/08/14 23:16:29 | 000,003,158 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2011/08/11 03:10:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/07/17 21:25:07 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\AXDIST.EXE
[2011/05/16 18:58:39 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Administrator\com10
[2011/02/14 08:29:55 | 001,547,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1920358730-1913087698-391787831-500-0.dat
[2011/02/14 08:29:54 | 000,357,378 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/11 21:03:54 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~0pGQnODnIBar
[2010/07/23 10:15:28 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/03/16 14:52:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/27 12:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2012/09/29 00:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ad-Aware Antivirus
[2011/04/05 09:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AT&T
[2012/09/22 20:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2012/03/26 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avery
[2012/08/21 20:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiskAid
[2011/04/05 10:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2012/12/16 21:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GSplit
[2013/05/18 15:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iFunbox_UserCache
[2012/05/03 11:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MySQL
[2011/07/24 13:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MZTools Software
[2012/08/25 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\redsn0w
[2011/10/06 21:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SMSSender
[2012/04/27 12:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2013/02/08 18:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/04/27 23:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2012/08/21 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2012/08/22 21:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft
[2012/12/25 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/24 01:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/03/15 23:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2012/06/10 14:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/26 23:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2012/06/10 14:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/03/15 07:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/01/09 22:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/12/20 21:29:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/16 07:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2011/05/15 23:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/06/10 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/08/21 20:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK
[2011/07/24 22:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
[2012/05/02 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2013/05/22 10:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/21 22:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/12/20 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/23 17:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AT&T
[2010/05/24 14:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Weather Defender
[2011/03/15 07:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\AT&T
[2011/03/15 07:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sierra Wireless
[2010/05/24 14:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Weather Defender
[2012/06/11 21:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2013/03/19 01:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\.minecraft
[2011/12/20 07:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\3E6D0
[2012/06/12 02:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Ad-Aware Antivirus
[2011/03/15 08:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\AT&T
[2012/03/14 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\AVG2012
[2011/12/20 01:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\D00B6
[2012/01/01 15:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\MP3Rocket
[2012/02/25 23:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\TeamViewer
[2011/03/16 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\AT&T
[2011/03/15 08:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2011/09/14 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TightVNC

========== Purity Check ==========

< End of report >

by **moonlighting** » May 27th, 2013, 2:38 am

No problems with instructions. Things seem to be running well.....even a little faster than before.

by **pgmigg** » May 27th, 2013, 12:46 pm

Hello moonlighting,

Things seem to be running well.....even a little faster than before.

Good job!

Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.

Double click on OTL.exe to run it.
Underneath Output at the top, make sure Standard Output is selected.

Copy and Paste the following code into the

text box. Do not include the word Code

Code: Select all

:Commands
[CREATERESTOREPOINT]

:Files
C:\My Downloads\Avery Design Pro DPSetup.exe
C:\My Downloads\Avery Template U_0113_01_P.msi
C:\My Downloads\cnet2_Cell_Phone_Unlock_exe.exe
C:\My Downloads\cnet2_usr-gsm-support_exe.exe
C:\My Downloads\FLVPlayerSetup.exe
C:\My Downloads\how_to_unlock_samsung_sgh_a687.exe
C:\My Downloads\Install-Hd-4-5-0-0.zip
C:\My Downloads\m4a-to-mp3-converter.exe
C:\My Downloads\mp3rocket.exe
C:\My Downloads\NokiaFREEUnlockCalculator_downloader_by_NokiaFREEUnlockCalculator.exe
C:\My Downloads\playalotgames_1347.exe
C:\My Downloads\PWNAGE_setup.exe
C:\My Downloads\SMS_Stuff\GSMSMSActiveXDll3.6.rar
C:\Documents and Settings\Matthew\Desktop\MP3Rocket-Win(1).exe
C:\Documents and Settings\Matthew\Desktop\MP3Rocket-Win.exe
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaimpgmkokdnnbejampmiojdnmflmpgo\background.html
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaimpgmkokdnnbejampmiojdnmflmpgo\ContentScript.js
C:\Documents and Settings\Matthew\My Documents\Downloads\PDFCreatorSetup.exe
E:\Documents and Settings\Kevin Moon\Application Data\Sun\Java\Deployment\cache\6.0\8\14083888-16be18b3
E:\Documents and Settings\Kevin Moon\My Documents\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe
E:\My Downloads\Install-Hd-4-5-0-0.zip
E:\My Downloads\AMVVideoConverter\AMV_Convert_400.zip
E:\My Downloads\AMVVideoConverter\MSI.CAB
E:\My Downloads\CellUnlocker2\Setup.exe
E:\My Downloads\CellUnlocker2\Setup2.exe
E:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe
E:\Program Files\Palm Media Studio\Palm Media Studio.Mobihand.exe
E:\Program Files\Radmin\radmin.exe
E:\WINNT\system32\r_server.exe
F:\data
F:\EVSInstallationFiles\TDK\setupnowTDK.exe
F:\GameOps20082009\Celtic Thunder - Caledonia.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen
F:\GameOps20082009\drum roll 192kb.mp3
F:\Gorillas\Themes\dontlookdown.exe
F:\InstallationStuff\Macromedia Flash MX v6.0.zip
F:\InstallationStuff\Gozilla\4.0\gozilla.exe
F:\InstallationStuff\Nero 6.0.0.11\Nero Burning ROM 6.0.0.11.exe 
F:\InstallationStuff\WeatherBug\WxBugSetup27.exe
F:\MM Overload\Coldfusion Studio Pro.zip
F:\MM Overload\Flash MX keygen.zip
F:\My Downloads\DVDXCopy_v1.3_Keygen.rar
F:\My Downloads\Macromedia Flash MX (Final) with Key Gen (1).zip
F:\My Downloads\CDrive\My Downloads\RollyRemoteAdmin\RADMIN21.EXE
F:\My Downloads\CDrive\My Downloads\RollyRemoteAdmin\RemoteAdminCD_W_CODE.zip
F:\My Downloads\Codecs\DivX5 Pro Bundle.exe
F:\My Downloads\DVD Cloner\DVD Cloner 2.32 + Registration.exe
F:\My Downloads\HiJack\SDFix.exe
F:\My Downloads\HiJack\SmitfraudFix.exe
F:\My Downloads\jimmysputer\Downloads\IMesh\iMeshV3.exe
F:\My Downloads\KazaaLite\klitekpp210b3e.exe
F:\My Downloads\Password Revealer\RevelationV2.zip
F:\My Downloads\SoftwareKeyStuff\PDUPDATE_1_6_92.exe
F:\My Downloads\SoftwareKeyStuff\POWERDIALER02192003.exe
F:\My Downloads\TellacomCOM\Macromedia Flash MX 2004 - good keygen.exe
F:\My Music\Music\Game Ops Stuff\happy trails van halen 192kb.mp3
F:\My Music\Music\New20082009\brass bonanza 192kb.mp3
F:\My Music\NewStuff\cactus cuties [cd rip].mp3
F:\My Music\NewStuff\cactus cuties[256k quality].snd
F:\My Music\NewStuff\kim leoni _medicine_.mp3
F:\My Music\NewStuff\national athem cactus cuties.mp3
F:\My Music\NewStuff\u wanna little of this - best track ever.mp3
F:\Program Files\Common Files\GMT\GatorStubSetup.exe
F:\Program Files\Common Files\GMT\GUninstaller.exe
F:\Program Files\WASTE\Downloads\Codecs\Divx\DivXPro 502.exe
F:\Program Files\WASTE\Downloads\Codecs\Divx\DivXPro502GAINBundle.exe
F:\Program Files\WASTE\Downloads\divx &MP3\Divx\DivXPro502GAINBundle.exe
F:\Program Files\WASTE\Downloads\super mario\spmario.zip
F:\Program Files\WASTE\Downloads\super mario\spmario\southpm2.exe

:Commands
[CLEARALLRESTOREPOINTS]
[emptytemp]

Click under the Custom Scan/Fixes box and paste the copied text.
Click the Run Fix button. If prompted... click OK. It may take a while - please be patient...
OTL may ask to reboot the machine. Please do so if asked.
When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
Please post the contents of report in your next reply.

Step 2.
Show Hidden and System files

Right click on Start, select Open.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the "Hidden files and folders" section
- SELECT "Show hidden files and folders"
- Remove check mark from check box "Hide extensions for known file types"
- Remove check mark from check box "Hide protected operating system files"
Click Apply to set. Click OK to exit.

Step 3.
Upload File/Files for testing

Please go to jotti.org or Virustotal
Copy/Paste the following files to upload them one by one for scanning:
C:\Documents and Settings\Administrator\My Documents\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe
C:\Documents and Settings\Kevin\My Documents\Google Talk Received Files\RevelationV2.zip
C:\Documents and Settings\Matthew\Application Data\Adobe\Adobe\afxjahc.dll
C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\rmdcdfchgi@rmdcdfchgi.org.xpi
C:\Documents and Settings\Matthew\Local Settings\Application Data\getdislike\ie\aplayers.dll
C:\Documents and Settings\Matthew\My Documents\andrewtaos\ADLSoft_UnCompressor.exe
C:\Documents and Settings\Matthew\My Documents\mincraft skins\iron.exe
C:\Documents and Settings\Matthew\My Documents\My Music\MP3+Rocket.exe
C:\Documents and Settings\Matthew\My Documents\taos photots\mp3rocket.exe
C:\Documents and Settings\Melanie\My Documents\AdvBHO.dll
C:\EVSInstallationFiles\TDK\setupnowTDK.exe
C:\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe
C:\Password Revealer\RevelationV2.zip
C:\Program Files\FLVPlayer\FLVPlayer.exe
C:\Program Files\FLVPlayer\Uninstall\Uninstall.exe
C:\Program Files\Hewlett-Packard\Firefox - HP Virtual Browser Edition\fslrdr\2\[_B_]SYSTEMDRIVE[_E_]\My Downloads\FixCleanerSetup.exe
C:\Program Files\Hewlett-Packard\Firefox - HP Virtual Browser Edition\fslrdr\2\[_B_]SYSTEMDRIVE[_E_]\My Downloads\LGWirelessUSBModemDrivers\setup_602944.exe
C:\WINDOWS\Installer\10f36135.msi
Press Submit - this will submit the file for testing.
Note: If you will see a message "File already analysed", please click on "Reanalyse" button.
Please wait for all the scanners to finish.
Then copy and paste every permalink (web address) in your next response.
Example of web address:

Please include in your next reply:

Do you have any problems executing the instructions?
Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
The resulting web links after online file scan by Virus Total.
Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed

by **moonlighting** » May 28th, 2013, 11:53 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\My Downloads\Avery Design Pro DPSetup.exe moved successfully.
C:\My Downloads\Avery Template U_0113_01_P.msi moved successfully.
C:\My Downloads\cnet2_Cell_Phone_Unlock_exe.exe moved successfully.
C:\My Downloads\cnet2_usr-gsm-support_exe.exe moved successfully.
C:\My Downloads\FLVPlayerSetup.exe moved successfully.
C:\My Downloads\how_to_unlock_samsung_sgh_a687.exe moved successfully.
C:\My Downloads\Install-Hd-4-5-0-0.zip moved successfully.
C:\My Downloads\m4a-to-mp3-converter.exe moved successfully.
C:\My Downloads\mp3rocket.exe moved successfully.
C:\My Downloads\NokiaFREEUnlockCalculator_downloader_by_NokiaFREEUnlockCalculator.exe moved successfully.
C:\My Downloads\playalotgames_1347.exe moved successfully.
C:\My Downloads\PWNAGE_setup.exe moved successfully.
C:\My Downloads\SMS_Stuff\GSMSMSActiveXDll3.6.rar moved successfully.
C:\Documents and Settings\Matthew\Desktop\MP3Rocket-Win(1).exe moved successfully.
C:\Documents and Settings\Matthew\Desktop\MP3Rocket-Win.exe moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaimpgmkokdnnbejampmiojdnmflmpgo\background.html moved successfully.
C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aaimpgmkokdnnbejampmiojdnmflmpgo\ContentScript.js moved successfully.
C:\Documents and Settings\Matthew\My Documents\Downloads\PDFCreatorSetup.exe moved successfully.
E:\Documents and Settings\Kevin Moon\Application Data\Sun\Java\Deployment\cache\6.0\8\14083888-16be18b3 moved successfully.
E:\Documents and Settings\Kevin Moon\My Documents\My Pictures\WinneThePooh\Poohs_Fluff_and_Stuff.exe moved successfully.
E:\My Downloads\Install-Hd-4-5-0-0.zip moved successfully.
E:\My Downloads\AMVVideoConverter\AMV_Convert_400.zip moved successfully.
E:\My Downloads\AMVVideoConverter\MSI.CAB moved successfully.
E:\My Downloads\CellUnlocker2\Setup.exe moved successfully.
E:\My Downloads\CellUnlocker2\Setup2.exe moved successfully.
E:\Program Files\MP3 Player Utilities 4.00\DelDrv.exe moved successfully.
E:\Program Files\Palm Media Studio\Palm Media Studio.Mobihand.exe moved successfully.
E:\Program Files\Radmin\radmin.exe moved successfully.
E:\WINNT\system32\r_server.exe moved successfully.
F:\data moved successfully.
F:\EVSInstallationFiles\TDK\setupnowTDK.exe moved successfully.
Invalid Switch: TrojanDownloader.GetCodec.gen
F:\GameOps20082009\drum roll 192kb.mp3 moved successfully.
F:\Gorillas\Themes\dontlookdown.exe moved successfully.
F:\InstallationStuff\Macromedia Flash MX v6.0.zip moved successfully.
F:\InstallationStuff\Gozilla\4.0\gozilla.exe moved successfully.
F:\InstallationStuff\Nero 6.0.0.11\Nero Burning ROM 6.0.0.11.exe moved successfully.
F:\InstallationStuff\WeatherBug\WxBugSetup27.exe moved successfully.
F:\MM Overload\Coldfusion Studio Pro.zip moved successfully.
F:\MM Overload\Flash MX keygen.zip moved successfully.
F:\My Downloads\DVDXCopy_v1.3_Keygen.rar moved successfully.
F:\My Downloads\Macromedia Flash MX (Final) with Key Gen (1).zip moved successfully.
F:\My Downloads\CDrive\My Downloads\RollyRemoteAdmin\RADMIN21.EXE moved successfully.
F:\My Downloads\CDrive\My Downloads\RollyRemoteAdmin\RemoteAdminCD_W_CODE.zip moved successfully.
F:\My Downloads\Codecs\DivX5 Pro Bundle.exe moved successfully.
F:\My Downloads\DVD Cloner\DVD Cloner 2.32 + Registration.exe moved successfully.
F:\My Downloads\HiJack\SDFix.exe moved successfully.
F:\My Downloads\HiJack\SmitfraudFix.exe moved successfully.
F:\My Downloads\jimmysputer\Downloads\IMesh\iMeshV3.exe moved successfully.
F:\My Downloads\KazaaLite\klitekpp210b3e.exe moved successfully.
F:\My Downloads\Password Revealer\RevelationV2.zip moved successfully.
F:\My Downloads\SoftwareKeyStuff\PDUPDATE_1_6_92.exe moved successfully.
F:\My Downloads\SoftwareKeyStuff\POWERDIALER02192003.exe moved successfully.
F:\My Downloads\TellacomCOM\Macromedia Flash MX 2004 - good keygen.exe moved successfully.
F:\My Music\Music\Game Ops Stuff\happy trails van halen 192kb.mp3 moved successfully.
F:\My Music\Music\New20082009\brass bonanza 192kb.mp3 moved successfully.
F:\My Music\NewStuff\cactus cuties [cd rip].mp3 moved successfully.
F:\My Music\NewStuff\cactus cuties[256k quality].snd moved successfully.
F:\My Music\NewStuff\kim leoni _medicine_.mp3 moved successfully.
F:\My Music\NewStuff\national athem cactus cuties.mp3 moved successfully.
F:\My Music\NewStuff\u wanna little of this - best track ever.mp3 moved successfully.
F:\Program Files\Common Files\GMT\GatorStubSetup.exe moved successfully.
F:\Program Files\Common Files\GMT\GUninstaller.exe moved successfully.
F:\Program Files\WASTE\Downloads\Codecs\Divx\DivXPro 502.exe moved successfully.
F:\Program Files\WASTE\Downloads\Codecs\Divx\DivXPro502GAINBundle.exe moved successfully.
F:\Program Files\WASTE\Downloads\divx &MP3\Divx\DivXPro502GAINBundle.exe moved successfully.
F:\Program Files\WASTE\Downloads\super mario\spmario.zip moved successfully.
F:\Program Files\WASTE\Downloads\super mario\spmario\southpm2.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: AD59A3~1

User: Administrator
->Temp folder emptied: 186739 bytes
->Temporary Internet Files folder emptied: 228129 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27468650 bytes
->Google Chrome cache emptied: 2267179 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: All Users

User: Andrew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kevin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matthew
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Melanie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 666359 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7427 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 29.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05282013_095756

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

by **moonlighting** » May 28th, 2013, 11:53 am

by **moonlighting** » May 28th, 2013, 11:54 am

Not noticing any other changes....things still running better.

Free Malware Removal Forum

bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Who is online