Virus :/

04/04/2012 13:09 Mrxshamsi#1
I downloaded a file from here which was a virus, now a guy can access my computer.... Help?

[Edit]

I think it came from an **** hack in here.... It had the name DAVE :/

[Edit]

He may post a thread with my account..... I'll get banned :(
04/04/2012 13:15 Diablo_#2
You should scan your system with this program.

[Only registered and activated users can see links. Click Here To Register...]

Just download the free version, do a fullscan and show me the result. It could take some time.
04/04/2012 13:26 Mrxshamsi#3
I have Kaspersky 2012..... It found 2 Trojans now :')
04/04/2012 13:40 Diablo_#4
Quote:
Originally Posted by Mrxshamsi View Post
I have Kaspersky 2012..... It found 2 Trojans now :')
So did you scan with Kaspersky or Malwarebytes' Anti Malware?
04/04/2012 14:51 Mrxshamsi#5
Quote:
Originally Posted by Diablo_ View Post
So did you scan with Kaspersky or Malwarebytes' Anti Malware?
Both..... Still no use
04/04/2012 14:53 Diablo_#6
I need the results of both scans, otherwise I don't know what kind of malware it is.

What do you mean with "still no use"? Are there any symptoms?
04/04/2012 15:11 Mrxshamsi#7
Quote:
Originally Posted by Diablo_ View Post
I need the results of both scans, otherwise I don't know what kind of malware it is.

What do you mean with "still no use"? Are there any symptoms?
Yup, sometimes computer lags and I can't click on anything, other times whenever I try to start and program I get "You're not privileged"
04/04/2012 15:42 Diablo_#8
Ok, it seems that you're infected with a 0815 remote adminstration tool.

Do you have any results?
04/04/2012 16:43 Mrxshamsi#9
I got like 354 result on the malware..... :) I'm screwed, removed them all though.

With kaspersky 2012 in the middle of the scanning it gives me an error.
04/04/2012 18:11 Es19#10
Do you still have the link to the mentioned hack/virus by any chance?
04/04/2012 18:35 Mrxshamsi#11
I think this is it.

[Only registered and activated users can see links. Click Here To Register...]
04/04/2012 19:06 Es19#12
Okay...

1. The thread opener has been reported, the VT scans were obviously fake. Here are the real scans: [Only registered and activated users can see links. Click Here To Register...]

[Only registered and activated users can see links. Click Here To Register...]

2. About cleaning up your system, we'll first need to have an in-depth look at it.

IMPORTANT: To prevent the keylogger from communicating with the hacker, please do the following: Open the HOSTS File: C:\windows\system32\drivers\etc and add the following line:
Code:
127.0.0.1  maanz.kilu.de  #stops the keylogger from sending data to the hacker
Here's what were going to do: Download [Only registered and activated users can see links. Click Here To Register...] OTL and run it. Choose "Quick Scan", wait for it to finish and paste the content of the text file in here.

Afterwards we'll see what needs to be done.
04/04/2012 21:27 Mrxshamsi#13
Code:
OTL logfile created on: 4/4/2012 11:18:41 PM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\User\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.28% Memory free
5.85 Gb Paging File | 4.20 Gb Available in Paging File | 71.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 73.14 Gb Total Space | 3.88 Gb Free Space | 5.31% Space Free | Partition Type: NTFS
Drive D: | 224.85 Gb Total Space | 202.97 Gb Free Space | 90.27% Space Free | Partition Type: NTFS
Drive G: | 8.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/04/04 23:18:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/03 17:30:42 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/10 18:09:29 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
PRC - [2012/01/07 05:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012/01/06 22:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/01/05 03:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012/01/05 03:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011/12/21 20:42:34 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/09/01 17:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2010/12/28 12:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\tools\BitCometService.exe
PRC - [2009/10/01 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2008/03/20 20:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/03/27 06:28:43 | 000,444,400 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppgooglenaclpluginchrome.dll
MOD - [2012/03/27 06:28:42 | 003,915,248 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
MOD - [2012/03/27 06:27:17 | 000,122,880 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
MOD - [2012/03/27 06:27:16 | 000,220,672 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
MOD - [2012/03/27 06:27:14 | 001,747,456 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll
MOD - [2012/03/27 05:37:41 | 008,747,168 | ---- | M] () -- C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
MOD - [2012/01/07 05:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2012/01/06 22:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2010/12/28 12:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Running] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:[b]64bit:[/b] - [2009/07/14 05:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 23:14:37 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\Flash********dateService.exe -- (AdobeFlash********dateSvc)
SRV - [2012/03/27 16:10:25 | 003,417,376 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/03 17:30:42 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/06 22:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2012/01/06 22:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/01/05 03:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/01/05 03:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/08/08 01:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/01 12:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 12:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012/01/15 23:18:29 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2011/12/29 03:57:30 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:[b]64bit:[/b] - [2011/12/29 03:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:[b]64bit:[/b] - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:[b]64bit:[/b] - [2011/07/20 14:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:[b]64bit:[/b] - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:[b]64bit:[/b] - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:[b]64bit:[/b] - [2010/11/30 23:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2009/09/18 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:[/b] - [2009/07/14 05:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2009/07/14 05:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 05:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2009/07/14 05:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/14 04:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:[b]64bit:[/b] - [2009/07/14 01:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009/06/20 06:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2012/02/03 02:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/02/01 17:24:06 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = Yandex
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKLM\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=154468&text={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=101570&babsrc=SP_ss&mntrId=cc8c156000000000000000ffa8a701b5
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\..\SearchScopes\Moikrug: "URL" = http://moikrug.ru/persons/?clid=154468&charset=utf-8&keywords={searchTerms}&submitted=1
IE - HKCU\..\SearchScopes\Yandex: "URL" = http://yandex.ru/yandsearch?clid=154468&text={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=101570&babsrc=adbartrp&mntrId=cc8c156000000000000000ffa8a701b5&q="
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@vizzed.com/VizzedRGR: C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files (x86)\Real\RealPlayer\browserrecord [2012/01/10 18:09:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[Only registered and activated users can see links. Click Here To Register...]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[Only registered and activated users can see links. Click Here To Register...] [2012/02/25 18:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[Only registered and activated users can see links. Click Here To Register...]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[Only registered and activated users can see links. Click Here To Register...] [2012/02/25 18:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[Only registered and activated users can see links. Click Here To Register...]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[Only registered and activated users can see links. Click Here To Register...] [2012/02/25 18:06:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/02 14:29:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/22 15:51:13 | 000,000,000 | ---D | M]
 
[2012/01/10 20:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/04/04 19:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions
[2012/04/04 18:28:49 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2012/04/04 19:33:29 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2012/03/09 11:29:13 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/04/03 22:04:04 | 000,000,000 | ---D | M] ("Codec-V") -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[Only registered and activated users can see links. Click Here To Register...]
[2012/03/07 11:43:23 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[Only registered and activated users can see links. Click Here To Register...]
[2012/01/11 21:08:55 | 000,000,000 | ---D | M] (Яндекс.Бар) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[Only registered and activated users can see links. Click Here To Register...]
[2012/04/02 14:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/19 22:25:57 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[Only registered and activated users can see links. Click Here To Register...]
[2012/04/02 14:29:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/03 10:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012/03/28 12:48:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/07/27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2012/03/07 11:43:04 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/02/13 19:35:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/29 03:57:34 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2012/02/13 19:35:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files (x86)\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Vizzed Retro Game Room Plugin (Enabled) = C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2012/04/04 23:17:49 | 000,001,237 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O1 - Hosts: 127.0.0.1  maanz.kilu.de
O2:[b]64bit:[/b] - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (no name) - {91397D20-1446-11D4-8AF4-0040CA1127B6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll (Conduit Ltd.)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [uTorrent] C:\Users\User\Downloads\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:[b]64bit:[/b] - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:[b]64bit:[/b] - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:[b]64bit:[/b] - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: vizzed.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4A2817-4609-4881-8C95-F5C519FCF5F3}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/11/23 20:38:29 | 000,000,000 | ---D | M] - G:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/11/23 20:38:29 | 006,567,544 | R--- | M] (UBISOFT) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2011/11/23 20:38:29 | 000,147,034 | R--- | M] () - G:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011/11/23 20:38:29 | 000,000,047 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{754e6779-3dde-11e1-86dd-e839df46cbb2}\Shell - "" = AutoRun
O33 - MountPoints2\{754e6779-3dde-11e1-86dd-e839df46cbb2}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2011/11/23 20:38:29 | 006,567,544 | R--- | M] (UBISOFT)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/04/04 23:13:40 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/04/04 21:45:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012/04/04 20:36:01 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\New folder
[2012/04/04 19:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
[2012/04/04 18:28:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Charles
[2012/04/04 18:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Charles
[2012/04/04 15:29:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/04/04 15:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/04 15:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/04 15:28:49 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/04 15:28:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/04 14:36:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{94777832-034D-4F7D-9501-B1DAE188D604}
[2012/04/04 01:49:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\dclogs
[2012/04/04 01:47:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\lovely
[2012/04/03 15:07:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7AC4AD33-41C8-4DA7-9C02-85F16A4FB02D}
[2012/04/02 14:28:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{074CED3F-0787-4A54-A14B-110FED09D61A}
[2012/03/28 23:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
[2012/03/28 23:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoIt3
[2012/03/28 22:08:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{941ED83B-C94D-4259-B75B-0382EF2DCB44}
[2012/03/28 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1E25BC30-F797-46A5-ACBC-6CA16261375C}
[2012/03/28 12:56:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft
[2012/03/28 12:49:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/28 12:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/28 02:04:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5CB464CC-8EEB-4635-8BA2-7B5C35F62A37}
[2012/03/27 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012/03/27 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Akamai
[2012/03/27 16:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012/03/27 13:25:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3EE3E8BA-C973-48FD-AAE9-37B0DA705EEF}
[2012/03/27 13:25:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4C1F32DF-8A56-4BD4-91CB-A7C0C96CEE09}
[2012/03/27 00:04:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CED58E2F-88CC-4701-BA46-447E34B9BD4D}
[2012/03/27 00:04:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E625B31C-CC6C-4832-82A8-6AF749445F0E}
[2012/03/26 12:04:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B98D0C7C-CCB7-4ABC-A9B4-28619BAA95B9}
[2012/03/26 12:03:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{52938169-2CA2-49EE-8A5F-5E96E7C2DE4E}
[2012/03/26 00:03:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8D0FD8C4-4F15-4759-B04D-36F3E05A17FC}
[2012/03/26 00:03:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{93602288-1B09-4A98-87D4-13880F86599B}
[2012/03/17 14:33:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{44777A9E-C42C-4C3F-8AD0-AB1DFFC88A87}
[2012/03/17 14:32:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9DAFD0B7-3160-4626-9B0B-0F1E4F5E2149}
[2012/03/16 22:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/03/16 13:58:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D3388648-D6A5-4570-B79E-9E403D597D22}
[2012/03/16 13:58:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1363D0D5-88D1-42A7-A408-3A5264E09986}
[2012/03/16 01:16:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F809354A-98BC-4BB2-A61F-05BF1DE9A3B7}
[2012/03/16 01:16:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{94A11DEE-63DC-4624-BEB9-2CCC4682716D}
[2012/03/15 15:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2012/03/15 15:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2012/03/15 15:12:02 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Hotkeys
[2012/03/15 10:43:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AF39914E-ED4B-486E-B3C6-85309F4E78F7}
[2012/03/15 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E4B57E5D-39EE-4056-9BE3-1B4902099F4F}
[2012/03/14 23:06:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PMB Files
[2012/03/14 23:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/03/14 23:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/03/14 14:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Vizzed
[2012/03/14 13:12:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/14 13:09:42 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4A38DA36-E622-42DF-AAD4-518E8AAA01A8}
[2012/03/14 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6CB25050-03FB-4BF0-8912-FA602FB3D438}
[2012/03/13 13:05:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{950F5C02-AF77-4D97-AE3E-D2DE5965B879}
[2012/03/13 13:05:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C585A773-48D1-4B48-B9C9-BD3F42E08D57}
[2012/03/13 13:04:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AA4DFC4A-747C-4DF8-AD1C-F49446E17F33}
[2012/03/12 21:01:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4E761A4A-97C4-4BBB-84D1-633F6C4446B5}
[2012/03/12 21:01:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BD8DF0D5-6939-4571-863E-EBD156BBDF46}
[2012/03/10 20:01:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/10 20:00:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{C20C8CBE-810E-4A6A-8DBC-7FD4DA8C5454}
[2012/03/10 18:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodline Champions
[2012/03/10 18:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/03/10 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A308A822-204D-4D17-8CB4-60E518F8EA52}
[2012/03/10 12:32:47 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A8F9D26A-60AE-4437-B1E5-B662F8777883}
[2012/03/09 23:28:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DFFA81CC-BEA8-45E6-AFF4-5BECFB4FB905}
[2012/03/09 11:28:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6132AF09-B592-486D-ABE3-4B3DFBAFED0D}
[2012/03/09 11:28:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4F19A03F-EF94-4D6F-91F4-DD47FAE2C546}
[2012/03/09 00:04:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{37A014CF-673F-41D8-A75A-59E682C5A01C}
[2012/03/08 18:28:17 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\My Webcam Recordings
[2012/03/08 18:27:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\MessengerDiscovery
[2012/03/08 18:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MessengerDiscovery
[2012/03/08 18:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MessengerDiscovery
[2012/03/08 09:16:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1AC2D3B0-79DB-4D58-A8F4-C29A2AA76B73}
[2012/03/08 09:16:11 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EA1DEDB2-28B1-4330-82E1-86733D954913}
[2012/03/07 11:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/03/07 11:43:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Premiumplay Codec-C
[2012/03/07 11:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Premiumplay Codec-C
[2012/03/07 11:43:17 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/03/07 11:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012/03/07 11:43:03 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon
[2012/03/07 11:43:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon
[2012/03/07 11:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/07 11:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/03/07 02:26:22 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{AF3030B0-18F3-4BA1-A406-360EA526CA5D}
[2012/03/07 02:26:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4C107291-D9D3-4973-B269-A288560E963D}
[2012/03/06 14:25:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{68433690-1F72-4691-BDC3-2D27196169D5}
[2012/03/06 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{5FD7206B-B775-41CD-B6A6-52278FE51C1A}
[2012/03/06 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0AF2CC13-060E-413C-813B-21A05C02F380}
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/04/04 23:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328313248-1652724372-2662456543-1000UA.job
[2012/04/04 23:20:56 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 23:20:56 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/04 23:17:49 | 000,001,237 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/04 23:15:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/04 23:12:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/04 23:12:26 | 2356,592,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 21:46:27 | 000,000,194 | ---- | M] () -- C:\Windows\${FILENAME_INI}
[2012/04/04 19:33:29 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2012/04/04 17:51:10 | 000,000,555 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2012/04/04 16:12:40 | 000,000,911 | ---- | M] () -- C:\Users\User\AppData\Roaming\coreavc.ini
[2012/04/04 15:28:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 11:21:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328313248-1652724372-2662456543-1000Core.job
[2012/04/04 03:00:24 | 000,000,132 | ---- | M] () -- C:\Windows\SysWow64\arrag.ini
[2012/04/03 15:08:23 | 000,002,395 | ---- | M] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/04/03 00:14:01 | 000,782,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/03 00:14:01 | 000,662,722 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/03 00:14:01 | 000,121,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/02 22:43:16 | 000,000,214 | ---- | M] () -- C:\Windows\ItemConf.ini
[2012/03/28 22:51:23 | 000,000,132 | ---- | M] () -- C:\Windows\SysWow64\sedds.ini
[2012/03/17 15:19:39 | 000,023,225 | ---- | M] () -- C:\Users\User\Desktop\342px-Adobe_Photoshop_logo_svg.png
[2012/03/17 15:19:25 | 007,037,952 | ---- | M] () -- C:\Users\User\Desktop\T4MMapPad.exe
[2012/03/12 20:59:39 | 004,971,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 18:51:09 | 000,001,714 | ---- | M] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk
[2012/03/07 11:43:10 | 000,000,237 | ---- | M] () -- C:\user.js
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/04/04 23:15:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/04 21:45:04 | 000,000,194 | ---- | C] () -- C:\Windows\${FILENAME_INI}
[2012/04/04 19:33:29 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2012/04/04 18:26:26 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charles.lnk
[2012/04/04 17:51:10 | 000,000,555 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2012/04/04 15:28:50 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 22:43:16 | 000,000,214 | ---- | C] () -- C:\Windows\ItemConf.ini
[2012/04/02 14:32:38 | 000,000,132 | ---- | C] () -- C:\Windows\SysWow64\arrag.ini
[2012/03/28 18:00:15 | 000,000,132 | ---- | C] () -- C:\Windows\SysWow64\sedds.ini
[2012/03/17 15:19:39 | 000,023,225 | ---- | C] () -- C:\Users\User\Desktop\342px-Adobe_Photoshop_logo_svg.png
[2012/03/14 13:40:37 | 000,000,911 | ---- | C] () -- C:\Users\User\AppData\Roaming\coreavc.ini
[2012/03/14 13:12:59 | 000,002,395 | ---- | C] () -- C:\Users\User\Desktop\Google Chrome.lnk
[2012/03/14 13:11:53 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328313248-1652724372-2662456543-1000UA.job
[2012/03/14 13:11:52 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1328313248-1652724372-2662456543-1000Core.job
[2012/03/10 18:51:09 | 000,001,714 | ---- | C] () -- C:\Users\Public\Desktop\Bloodline Champions.lnk
[2012/03/07 11:43:09 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/03 17:30:44 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/03 17:30:42 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/08 19:36:18 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/21 15:49:29 | 000,018,944 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 23:20:54 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2012/01/11 05:46:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/10 22:09:08 | 000,795,368 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/03/28 12:56:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2012/03/07 11:43:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2012/04/04 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitComet
[2012/04/04 18:30:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Charles
[2012/01/21 18:51:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/04 01:50:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\dclogs
[2012/04/04 02:26:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\lovely
[2012/02/15 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mael
[2012/01/10 17:56:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2012/03/03 17:30:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PunkBuster
[2012/01/21 15:45:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Research In Motion
[2012/03/05 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity
[2012/03/28 03:35:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012/01/10 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Yandex
[2012/04/02 14:26:07 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2012/03/16 14:12:10 | 000,000,000 | ---D | M](C:\Windows\SysWow64\???T??) -- C:\Windows\SysWow64\ɮTھ疙
[2012/03/16 14:12:10 | 000,000,000 | ---D | C](C:\Windows\SysWow64\???T??) -- C:\Windows\SysWow64\ɮTھ疙
[2012/03/07 05:47:24 | 000,047,274 | ---- | M] ()
< End of report >
04/05/2012 13:34 Es19#14
Okay, let's go...

Open OTL again, then paste the following into the "Custom Scans/Fixes" Box:

Code:
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012/04/04 01:47:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\lovely

:Commands
[EMPTYTEMP]
and hit "Fix".

Your computer will restart. This should do the job. Please tell me if there are still anomalies in your system.