Same URL:Mal; http://i.trkjmp.com/crossdomain.xml; threat detection popup chrome

i have the “http://i.trkjmp.com/crossdomain.xml (DO NOT CLICK!~)” problem in chrome where i keep getting a message from avast that threat has been detected whenever i go to a website (i.e youtube, avast.com, etc.)

please help me

I am starting with adw log

EDIT: nvm after one of the programs (i think it was OTL) deleted my chrome settings and extensions, I deleted a k-codec extension, and voila! no more URL:Mal threat popup! Thanks for the help anyways and keep up the great work! :slight_smile:

MBAM log

btw i am following directions from this forum http://forum.avast.com/index.php?topic=53253.0

OTL part 1 log

OTL logfile created on: 9/17/2012 9:35:05 PM - Run 1
OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\Pirani\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 72.91% Memory free
12.00 Gb Paging File | 10.16 Gb Available in Paging File | 84.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 310.20 Gb Free Space | 44.41% Space Free | Partition Type: NTFS

Computer Name: PIRANI-PC | User Name: Pirani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/17 21:22:15 | 000,600,576 | ---- | M] (OldTimer Tools) – C:\Users\Pirani\Downloads\OTL.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/08/10 19:00:12 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) – C:\Users\Pirani\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/02 10:25:14 | 002,232,504 | ---- | M] (Giraffic) – C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 10:24:54 | 003,790,504 | ---- | M] (Giraffic) – C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 07:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) – C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) – c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/11/20 06:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) – C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2006/05/24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) – C:\Program Files (x86)\DesktopEarth\DesktopEarth.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast5\AvastSvc.exe – (avast! Antivirus)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] – C:\Program Files\SUPERAntiSpyware\SASCore64.exe – (!SASCORE)
SRV:64bit: - [2010/05/06 04:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] – C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe – (LBTServ)
SRV:64bit: - [2009/12/11 15:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] – C:\Windows\SysNative\atiesrxx.exe – (AMD External Events Utility)
SRV:64bit: - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] – C:\Windows\SysNative\nagasoft\vjocx.dll – (vvdsvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\appmgmts.dll – (AppMgmt)
SRV - [2012/09/10 14:13:54 | 004,537,664 | ---- | M] () [Auto | Running] – c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll – (Akamai)
SRV - [2012/09/07 09:09:18 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
SRV - [2012/08/30 12:23:26 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] – C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe – (HiPatchService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files (x86)\Skype\Updater\Updater.exe – (SkypeUpdate)
SRV - [2012/07/02 10:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] – C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe – (Giraffic)
SRV - [2012/06/23 20:38:01 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] – C:\Program Files (x86)\Common Files\Steam\SteamService.exe – (Steam Client Service)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe – (AdobeARMservice)
SRV - [2011/12/19 14:25:56 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] – C:\Program Files (x86)\LogMeIn\x64\ramaint.exe – (LMIMaint)
SRV - [2011/12/19 14:25:48 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] – C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe – (LMIGuardianSvc)
SRV - [2011/01/11 19:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] – C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe – (LogMeIn)
SRV - [2010/08/29 14:55:06 | 003,739,080 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] – C:\Windows\SysWOW64\GameMon.des – (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe – (SwitchBoard)
SRV - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] – c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe – (QBCFMonitorService)
SRV - [2009/09/23 21:59:24 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] – C:\Windows\SysWOW64\Nagasoft\vjocx.dll – (vvdsvc)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] – c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe – (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)

part 2 OTL

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysNative\drivers\mbam.sys – (MBAMProtector)
DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\SysNative\drivers\aswSnx.sys – (aswSnx)
DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswSP.sys – (aswSP)
DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswTdi.sys – (aswTdi)
DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswMonFlt.sys – (aswMonFlt)
DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswRdr2.sys – (aswRdr)
DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswFsBlk.sys – (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] – C:\Windows\SysNative\drivers\fs_rec.sys – (Fs_Rec)
DRV:64bit: - [2011/12/19 14:25:48 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] – C:\Windows\SysNative\LMIRfsClientNP.dll – (LMIRfsClientNP)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys – (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\saskutil64.sys – (SASKUTIL)
DRV:64bit: - [2011/05/16 18:35:14 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\VBoxNetAdp.sys – (VBoxNetAdp)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsata.sys – (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdxata.sys – (amdxata)
DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\LMIRfsDriver.sys – (LMIRfsDriver)
DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\lmimirr.sys – (lmimirr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HpSAMD.sys – (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbFlt.sys – (TsUsbFlt)
DRV:64bit: - [2010/07/16 22:43:31 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\pcouffin.sys – (pcouffin)
DRV:64bit: - [2010/03/18 04:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\LUsbFilt.sys – (LUsbFilt)
DRV:64bit: - [2010/03/18 04:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\LMouFilt.Sys – (LMouFilt)
DRV:64bit: - [2010/03/18 04:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\LHidFilt.Sys – (LHidFilt)
DRV:64bit: - [2010/03/18 03:59:04 | 000,030,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\L8042Kbd.sys – (L8042Kbd)
DRV:64bit: - [2010/03/03 22:20:38 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\sptd.sys – (sptd)
DRV:64bit: - [2010/01/27 11:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\RtHDMIVX.sys – (RTHDMIAzAudService)
DRV:64bit: - [2009/12/11 16:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atipmdag.sys – (amdkmdag)
DRV:64bit: - [2009/12/11 14:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmpag.sys – (amdkmdap)
DRV:64bit: - [2009/11/20 06:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\nusb3xhc.sys – (nusb3xhc)
DRV:64bit: - [2009/11/20 06:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\nusb3hub.sys – (nusb3hub)
DRV:64bit: - [2009/11/18 18:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\AtiHdmi.sys – (AtiHdmiService)
DRV:64bit: - [2009/11/08 22:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] – C:\Windows\SysNative\drivers\scdemu.sys – (SCDEmu)
DRV:64bit: - [2009/09/23 10:42:58 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hamachi.sys – (hamachi)
DRV:64bit: - [2009/08/20 11:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Rt64win7.sys – (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsbs.sys – (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lsi_sas2.sys – (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\stexstor.sys – (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\PxHlpa64.sys – (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\evbda.sys – (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\bxvbda.sys – (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\b57nd60a.sys – (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hcw85cir.sys – (hcw85cir)
DRV - [2012/02/01 14:50:44 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\SysWOW64\npptNT2.sys – (NPPTNT2)
DRV - [2011/01/11 19:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] – C:\Program Files (x86)\LogMeIn\x64\rainfo.sys – (LMIInfo)
DRV - [2010/05/15 00:23:27 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] – C:\Windows\gdrv.sys – (gdrv)
DRV - [2010/05/11 09:20:51 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] – C:\Users\Pirani\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys – (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\wimmount.sys – (WIMMount)

========== Standard Registry (SafeList) ==========

PART 3 OTL

========== Internet Explorer ==========

IE:64bit: - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM..\SearchScopes{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: “URL” = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us

IE - HKU.DEFAULT..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-18..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

IE - HKU\S-1-5-19..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 1D 48 B2 C1 27 CC 01 [binary data]
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001..\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://www.gobrs.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=MeKUTnOB
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001..\SearchScopes{9efd565a-9375-4bd7-a046-276dd8c1f023}: “URL” = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001..\SearchScopes{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: “URL” = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 1
IE - HKU\S-1-5-21-2282120906-698168335-1934523990-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyOverride” =

Part 4 OTL

========== FireFox ==========

FF - prefs.js…browser.search.selectedEngine: “Search”
FF - prefs.js…browser.search.useDBForOrder: true
FF - prefs.js…browser.startup.homepage: “http://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js…extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js…extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js…extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js…extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js…extensions.enabledItems: 5
FF - prefs.js…extensions.enabledItems: 2
FF - prefs.js…extensions.enabledItems: 2
FF - prefs.js…extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019
FF - prefs.js…extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.2.2
FF - prefs.js…extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js…extensions.enabledItems: printedit@DW-dev:4.2
FF - prefs.js…extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.5
FF - prefs.js…keyword.URL: “http://www.gobrs.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=MeKUTnOB&q=
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins@talk.google.com/GoogleTalkPlugin: C:\Users\Pirani\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins@talk.google.com/O3DPlugin: C:\Users\Pirani\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=3: C:\Users\Pirani\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins@tools.google.com/Google Update;version=9: C:\Users\Pirani\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

PART 5 OTL

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe Contribute CS5\Plugins\FirefoxPlugin{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/09/10 12:28:56 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/06/22 17:03:38 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/25 11:58:54 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/08/25 22:13:29 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/07 09:09:20 | 000,000,000 | —D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/17 21:07:05 | 000,000,000 | —D | M]

[2010/06/07 01:04:15 | 000,000,000 | —D | M] (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Extensions
[2010/06/07 01:04:15 | 000,000,000 | —D | M] (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2010/05/11 09:35:47 | 000,000,000 | —D | M] (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Extensions\prism@developer.mozilla.org
[2012/09/17 17:37:42 | 000,000,000 | —D | M] (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions
[2011/07/14 14:41:26 | 000,000,000 | —D | M] (Capture Fox) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\capturefoxmovie@advancity.net
[2010/03/22 13:15:21 | 000,000,000 | —D | M] (TVU Web Player) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\firefox@tvunetworks.com
[2012/09/17 17:38:22 | 000,000,000 | —D | M] (LavaFox V2) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\info@djzig.com
[2010/06/16 01:28:51 | 000,000,000 | —D | M] (Move Media Player) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\moveplayer@movenetworks.com
[2011/06/21 08:58:01 | 000,550,833 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\DivXWebPlayer@divx.com.xpi
[2012/09/01 18:28:44 | 001,625,368 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\firebug@software.joehewitt.com.xpi
[2012/08/29 22:01:48 | 000,146,901 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\Noia4Options@ArisT2.xpi
[2012/07/04 10:38:26 | 000,087,157 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\printedit@DW-dev.xpi
[2012/09/17 11:46:56 | 000,169,939 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\wikilook@testpilot.xpi
[2011/09/16 11:09:49 | 000,028,993 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi
[2012/07/27 21:59:48 | 000,741,958 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/29 18:13:18 | 000,434,392 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/09/13 09:25:20 | 000,698,867 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2012/09/14 18:13:49 | 000,270,876 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/04/12 19:13:37 | 000,685,019 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2011/04/16 02:22:40 | 000,518,144 | ---- | M] () (No name found) – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll
[2012/09/15 15:26:14 | 000,001,760 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\searchplugins\altavista.xml
[2011/06/22 17:04:10 | 000,001,919 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\searchplugins\bing-zugo.xml
[2011/10/10 20:09:17 | 000,004,378 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\searchplugins\espn-search.xml
[2011/10/04 12:18:31 | 000,000,355 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\searchplugins\flickr.xml
[2012/09/15 15:26:14 | 000,001,104 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\searchplugins\torrent-finder.xml
[2010/11/02 23:27:06 | 000,001,880 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\searchplugins\yourdictionary.xml
[2010/03/08 10:23:33 | 000,002,057 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Mozilla\Firefox\Profiles\tg58nt38.default\searchplugins\youtube-video-search.xml
[2012/09/07 09:09:08 | 000,000,000 | —D | M] (No name found) – C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 09:09:08 | 000,000,000 | —D | M] (Java Console) – C:\Program Files (x86)\Mozilla Firefox\extensions{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/07 09:09:19 | 000,266,720 | ---- | M] (Mozilla Foundation) – C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) – C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) – C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) – C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/29 15:24:12 | 000,002,465 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/06/21 08:31:37 | 000,002,252 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/08/01 09:34:58 | 000,002,185 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/08/29 15:24:12 | 000,002,253 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

part 6 OTL

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pirani\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pirani\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pirani\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pirani\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Pirani\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Pirani\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Pirani\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Pirani\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Pirani\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR - Extension: Premiumplay Codec-C = C:\Users\Pirani\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.8.13_0
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Pirani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

part 7 OTL

O1 HOSTS File: ([2010/09/10 13:47:54 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard)
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5

Sorry about this; I can’t attach the file. PArt 8 OTL

O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2{caffa8e9-273e-11df-86c6-6cf049566e18}\Shell - “” = AutoRun
O33 - MountPoints2{caffa8e9-273e-11df-86c6-6cf049566e18}\Shell\AutoRun\command - “” = J:\autorun.exe
O33 - MountPoints2\I\Shell - “” = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - “” = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk )
O35:64bit: - HKLM..comfile [open] – “%1” %

O35:64bit: - HKLM..exefile [open] – “%1” %*
O35 - HKLM..comfile [open] – “%1” %*
O35 - HKLM..exefile [open] – “%1” %*
O37:64bit: - HKLM.…com [@ = comfile] – “%1” %*
O37:64bit: - HKLM.…exe [@ = exefile] – “%1” %*
O37 - HKLM.…com [@ = comfile] – “%1” %*
O37 - HKLM.…exe [@ = exefile] – “%1” %*
O38 - SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/17 21:17:39 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes’ Anti-Malware
[2012/09/17 21:17:35 | 000,000,000 | —D | C] – C:\Program Files (x86)\Malwarebytes’ Anti-Malware
[2012/09/17 20:20:39 | 000,000,000 | —D | C] – C:\Users\Pirani\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/17 20:20:35 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/17 20:20:31 | 000,000,000 | —D | C] – C:\ProgramData\SUPERAntiSpyware.com
[2012/09/17 20:20:31 | 000,000,000 | —D | C] – C:\Program Files\SUPERAntiSpyware
[2012/09/17 19:34:30 | 000,000,000 | —D | C] – C:\ProgramData\Kaspersky Lab
[2012/09/17 19:25:16 | 020,463,528 | ---- | C] (SUPERAntiSpyware.com) – C:\Users\Pirani\Desktop\SUPERAntiSpyware.exe
[2012/09/17 19:22:55 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) – C:\Users\Pirani\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/17 18:59:06 | 000,448,512 | ---- | C] (OldTimer Tools) – C:\Users\Pirani\Desktop\TFC.exe
[2012/09/17 17:48:28 | 000,041,472 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/17 17:48:27 | 000,574,464 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\d3d10level9.dll
[2012/09/17 17:48:24 | 000,376,688 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\drivers\netio.sys
[2012/09/17 17:48:24 | 000,288,624 | ---- | C] (Microsoft Corporation) – C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 15:46:43 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zimbra Desktop
[2012/09/11 15:46:22 | 000,000,000 | —D | C] – C:\Program Files (x86)\Zimbra
[2012/09/11 12:56:54 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy SafeGuard
[2012/09/11 12:56:53 | 000,000,000 | —D | C] – C:\Program Files\PrivacySafeGuard
[2012/09/09 15:11:42 | 000,000,000 | —D | C] – C:\Users\Pirani\AppData\Roaming\Thunderbird
[2012/09/09 15:11:42 | 000,000,000 | —D | C] – C:\Users\Pirani\AppData\Local\Thunderbird
[2012/09/09 15:11:35 | 000,000,000 | —D | C] – C:\Program Files (x86)\Mozilla Thunderbird
[2012/09/09 11:22:15 | 000,000,000 | —D | C] – C:\Users\Pirani\AppData\Local\Zimbra
[2012/09/08 16:42:02 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\Java
[2012/09/08 16:41:48 | 000,246,760 | ---- | C] (Oracle Corporation) – C:\Windows\SysWow64\javaws.exe
[2012/09/08 16:41:36 | 000,095,208 | ---- | C] (Oracle Corporation) – C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/07 09:09:07 | 000,000,000 | —D | C] – C:\Program Files (x86)\Mozilla Firefox
[2012/09/05 03:03:50 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/05 03:03:49 | 000,000,000 | R–D | C] – C:\Program Files (x86)\Skype
[2012/09/05 03:03:49 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\Skype
[2012/09/03 10:30:42 | 000,000,000 | —D | C] – C:\ProgramData.mono
[2012/09/03 10:30:39 | 000,000,000 | —D | C] – C:\Users\Pirani\AppData\Roaming.mono
[2012/09/03 10:29:59 | 000,000,000 | -HSD | C] – C:\Windows\SysWow64\AI_RecycleBin
[2012/09/03 10:29:27 | 000,000,000 | —D | C] – C:\Users\Pirani\AppData\Roaming\Pokémon Trading Card Game Online
[2012/09/03 10:29:27 | 000,000,000 | —D | C] – C:\Users\Pirani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokémon Trading Card Game Online
[2012/08/31 15:35:09 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/08/31 15:31:31 | 000,000,000 | —D | C] – C:\Program Files (x86)\Microsoft Games
[2012/08/29 14:26:11 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Synchronization Services
[2012/08/29 14:26:11 | 000,000,000 | —D | C] – C:\Program Files\Microsoft SQL Server Compact Edition
[2012/08/29 14:26:05 | 000,000,000 | —D | C] – C:\Program Files (x86)\Microsoft Synchronization Services
[2012/08/29 14:25:22 | 000,000,000 | —D | C] – C:\Users\Pirani\Documents\Visual Studio 2010
[2012/08/29 14:25:00 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012/08/29 14:23:45 | 000,000,000 | —D | C] – C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012/08/29 14:23:45 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\Merge Modules
[2012/08/29 14:23:03 | 000,000,000 | —D | C] – C:\Windows\symbols
[2012/08/29 14:23:02 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Visual Studio 10.0
[2012/08/29 14:23:02 | 000,000,000 | —D | C] – C:\Program Files (x86)\Microsoft SDKs
[2012/08/29 14:23:02 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Help Viewer
[2012/08/29 13:51:03 | 000,000,000 | —D | C] – C:\Users\Pirani\Desktop\CSCE 1436 or COSC 1030
[2012/08/26 11:33:56 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/08/20 14:44:10 | 000,000,000 | —D | C] – C:\Users\Pirani\Desktop\UNT
[2010/07/16 22:43:31 | 000,082,816 | ---- | C] (VSO Software) – C:\Users\Pirani\AppData\Roaming\pcouffin.sys

Part 9 OTL

========== Files - Modified Within 30 Days ==========

[2012/09/17 21:17:39 | 000,001,069 | ---- | M] () – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/17 21:17:00 | 000,000,912 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2282120906-698168335-1934523990-1001UA.job
[2012/09/17 21:16:41 | 000,013,472 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 21:16:41 | 000,013,472 | -H-- | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 21:08:52 | 000,067,584 | --S- | M] () – C:\Windows\bootstat.dat
[2012/09/17 21:08:43 | 535,683,071 | -HS- | M] () – C:\hiberfil.sys
[2012/09/17 21:05:59 | 000,512,737 | ---- | M] () – C:\Users\Pirani\Desktop\adwcleaner.exe
[2012/09/17 20:42:16 | 000,783,334 | ---- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/17 20:42:16 | 000,663,184 | ---- | M] () – C:\Windows\SysNative\perfh009.dat
[2012/09/17 20:42:16 | 000,122,052 | ---- | M] () – C:\Windows\SysNative\perfc009.dat
[2012/09/17 20:32:39 | 000,000,512 | ---- | M] () – C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad87970a-a6ce-49d2-a76a-c2f279d72661.job
[2012/09/17 20:32:39 | 000,000,512 | ---- | M] () – C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e38eba8-67fb-420d-8f2a-c5fd819e3e4e.job
[2012/09/17 20:31:19 | 000,000,139 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Network Monitor II_Traffic.ini
[2012/09/17 20:20:36 | 000,001,768 | ---- | M] () – C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/17 19:33:37 | 135,873,528 | ---- | M] () – C:\Users\Pirani\Desktop\setup_11.0.0.1245.x01_2012_09_17_07_12.exe
[2012/09/17 19:28:32 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) – C:\Users\Pirani\Desktop\mbam-setup-1.65.0.1400.exe
[2012/09/17 19:27:07 | 020,463,528 | ---- | M] (SUPERAntiSpyware.com) – C:\Users\Pirani\Desktop\SUPERAntiSpyware.exe
[2012/09/17 18:59:07 | 000,448,512 | ---- | M] (OldTimer Tools) – C:\Users\Pirani\Desktop\TFC.exe
[2012/09/17 17:40:46 | 000,001,893 | ---- | M] () – C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/17 17:40:42 | 000,000,000 | ---- | M] () – C:\Windows\SysWow64\config.nt
[2012/09/17 16:07:44 | 000,424,855 | ---- | M] () – C:\Users\Pirani\Desktop\dwsup (1).pdf
[2012/09/17 15:48:37 | 000,000,120 | ---- | M] () – C:\Users\Pirani.screenleap
[2012/09/13 22:23:17 | 000,649,691 | ---- | M] () – C:\Users\Pirani\Desktop\dwsup.pdf
[2012/09/12 13:46:43 | 000,000,860 | ---- | M] () – C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2282120906-698168335-1934523990-1001Core.job
[2012/09/11 15:46:43 | 000,001,812 | ---- | M] () – C:\Users\Public\Desktop\Zimbra Desktop.lnk
[2012/09/11 15:08:07 | 000,734,091 | ---- | M] () – C:\Users\Pirani\Desktop\C++ Gotchas Avoiding Common Problems in Coding and Design.chm
[2012/09/11 12:56:56 | 000,000,660 | RHS- | M] () – C:\Users\Pirani\ntuser.pol
[2012/09/11 12:56:51 | 000,000,927 | ---- | M] () – C:\Users\Pirani\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/11 12:56:51 | 000,000,903 | ---- | M] () – C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/10 13:32:23 | 000,001,093 | ---- | M] () – C:\Users\Pirani\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/09/08 16:41:32 | 000,095,208 | ---- | M] (Oracle Corporation) – C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/08 16:41:31 | 000,246,760 | ---- | M] (Oracle Corporation) – C:\Windows\SysWow64\javaws.exe
[2012/09/08 16:41:30 | 000,821,736 | ---- | M] (Oracle Corporation) – C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/08 16:41:30 | 000,746,984 | ---- | M] (Oracle Corporation) – C:\Windows\SysWow64\deployJava1.dll
[2012/09/08 16:41:30 | 000,174,056 | ---- | M] (Oracle Corporation) – C:\Windows\SysWow64\javaw.exe
[2012/09/08 16:41:30 | 000,174,056 | ---- | M] (Oracle Corporation) – C:\Windows\SysWow64\java.exe
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) – C:\Windows\SysNative\drivers\mbam.sys
[2012/09/05 03:03:50 | 000,002,515 | ---- | M] () – C:\Users\Public\Desktop\Skype.lnk
[2012/09/03 10:29:50 | 000,001,291 | ---- | M] () – C:\Users\Pirani\Desktop\Pokémon Trading Card Game Online.lnk
[2012/09/01 12:27:30 | 000,002,455 | ---- | M] () – C:\Users\Pirani\Desktop\Google Chrome.lnk
[2012/08/31 15:35:09 | 000,002,027 | ---- | M] () – C:\Users\Public\Desktop\Halo.lnk
[2012/08/31 11:48:53 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/31 11:48:53 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/31 01:23:41 | 000,000,429 | ---- | M] () – C:\Users\Pirani\AppData\Roaming\Drives Monitor_Settings.ini
[2012/08/26 11:34:04 | 000,001,082 | -H-- | M] () – C:\IPH.PH
[2012/08/26 11:33:56 | 000,001,895 | ---- | M] () – C:\Users\Pirani\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2012/08/26 11:33:56 | 000,001,871 | ---- | M] () – C:\Users\Public\Desktop\AIM.lnk
[2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) – C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) – C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/21 04:12:33 | 000,041,224 | ---- | M] (AVAST Software) – C:\Windows\avastSS.scr
[2012/08/21 04:12:23 | 000,227,648 | ---- | M] (AVAST Software) – C:\Windows\SysWow64\aswBoot.exe
[2012/08/21 04:12:02 | 000,285,328 | ---- | M] (AVAST Software) – C:\Windows\SysNative\aswBoot.exe

Part 10 OTL

========== Files Created - No Company Name ==========

[2012/09/17 21:17:39 | 000,001,069 | ---- | C] () – C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/17 21:05:57 | 000,512,737 | ---- | C] () – C:\Users\Pirani\Desktop\adwcleaner.exe
[2012/09/17 20:21:00 | 000,000,512 | ---- | C] () – C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 3e38eba8-67fb-420d-8f2a-c5fd819e3e4e.job
[2012/09/17 20:20:58 | 000,000,512 | ---- | C] () – C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ad87970a-a6ce-49d2-a76a-c2f279d72661.job
[2012/09/17 20:20:36 | 000,001,768 | ---- | C] () – C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/17 19:20:58 | 135,873,528 | ---- | C] () – C:\Users\Pirani\Desktop\setup_11.0.0.1245.x01_2012_09_17_07_12.exe
[2012/09/17 16:07:36 | 000,424,855 | ---- | C] () – C:\Users\Pirani\Desktop\dwsup (1).pdf
[2012/09/17 15:42:59 | 000,000,120 | ---- | C] () – C:\Users\Pirani.screenleap
[2012/09/13 22:23:18 | 000,649,691 | ---- | C] () – C:\Users\Pirani\Desktop\dwsup.pdf
[2012/09/11 15:46:43 | 000,001,812 | ---- | C] () – C:\Users\Public\Desktop\Zimbra Desktop.lnk
[2012/09/11 15:08:00 | 000,734,091 | ---- | C] () – C:\Users\Pirani\Desktop\C++ Gotchas Avoiding Common Problems in Coding and Design.chm
[2012/09/11 12:56:56 | 000,000,660 | RHS- | C] () – C:\Users\Pirani\ntuser.pol
[2012/09/11 12:56:51 | 000,000,927 | ---- | C] () – C:\Users\Pirani\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/03 10:29:50 | 000,001,291 | ---- | C] () – C:\Users\Pirani\Desktop\Pokémon Trading Card Game Online.lnk
[2012/08/31 15:35:09 | 000,002,027 | ---- | C] () – C:\Users\Public\Desktop\Halo.lnk
[2012/08/15 03:25:33 | 000,000,139 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\Network Monitor II_Traffic.ini
[2012/08/10 16:01:00 | 000,000,520 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\GPU Monitor_GPU0_Settings.ini
[2012/08/07 13:42:40 | 000,000,429 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\Drives Monitor_Settings.ini
[2011/12/20 21:51:06 | 000,000,262 | ---- | C] () – C:\Windows{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/11/29 16:01:12 | 000,000,195 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\GPU Monitor_Settings.ini
[2011/09/30 16:45:53 | 000,001,456 | ---- | C] () – C:\Users\Pirani\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () – C:\Windows\SysWow64\xlive.dll.cat
[2011/09/26 11:46:06 | 000,212,916 | -H-- | C] () – C:\Windows\SysWow64\mlfcache.dat
[2011/08/10 16:26:10 | 000,000,132 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/01/21 17:23:04 | 000,000,021 | ---- | C] () – C:\Windows\SurCode.INI
[2010/10/29 21:44:35 | 000,000,056 | -H-- | C] () – C:\Windows\SysWow64\ezsidmv.dat
[2010/10/02 13:56:40 | 000,776,994 | ---- | C] () – C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/02 13:33:47 | 000,000,095 | ---- | C] () – C:\Windows\QBChanUtil_Trigger.ini
[2010/07/16 22:44:26 | 000,001,057 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\vso_ts_preview.xml
[2010/07/16 22:43:31 | 000,099,384 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\inst.exe
[2010/07/16 22:43:31 | 000,007,859 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\pcouffin.cat
[2010/07/16 22:43:31 | 000,001,167 | ---- | C] () – C:\Users\Pirani\AppData\Roaming\pcouffin.inf
[2010/03/30 15:37:26 | 000,000,098 | ---- | C] () – C:\Users\Pirani\webct_upload_applet.properties
[2010/02/07 20:26:14 | 000,007,598 | ---- | C] () – C:\Users\Pirani\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2010/10/06 11:26:31 | 000,000,087 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[1].txt
[2010/10/02 13:55:26 | 000,000,303 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
[2010/10/06 11:20:52 | 000,000,509 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
[2010/10/06 11:26:38 | 000,000,623 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
[2010/10/02 14:01:40 | 000,000,159 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addthis[2].txt
[2010/10/06 11:20:52 | 000,000,159 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addthis[3].txt
[2010/10/02 14:03:00 | 000,000,240 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adlegend[2].txt
[2010/10/06 11:17:54 | 000,000,227 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adlegend[3].txt
[2010/10/02 13:59:02 | 000,000,353 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adnxs[1].txt
[2010/10/06 11:26:39 | 000,000,354 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adnxs[2].txt
[2010/10/06 11:26:43 | 000,000,114 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.christianpost[2].txt
[2010/10/05 16:14:16 | 000,000,775 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[2].txt
[2010/10/03 11:33:22 | 000,000,108 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
[2010/10/02 14:02:06 | 000,000,217 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[2].txt
[2010/10/06 11:20:52 | 000,000,420 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@api.msappspace[2].txt
[2010/10/04 10:00:59 | 000,000,097 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[1].txt
[2010/10/02 13:55:05 | 000,000,191 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[1].txt
[2010/10/04 10:01:00 | 000,000,183 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
[2010/10/06 11:26:06 | 000,000,492 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blip[1].txt
[2010/10/02 14:04:27 | 000,000,495 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blip[2].txt
[2010/10/02 14:04:27 | 000,000,538 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluekai[1].txt
[2010/10/06 11:21:45 | 000,000,548 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluekai[3].txt
[2010/10/04 10:04:32 | 000,000,532 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bollywoodbackstage[1].txt
[2010/10/02 13:59:35 | 000,000,111 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[1].txt
[2010/10/04 10:01:21 | 000,000,109 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
[2010/10/06 11:26:27 | 000,000,080 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c26.lockfeed[1].txt
[2010/10/06 11:26:36 | 000,000,082 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c27.lockfeed[1].txt
[2010/10/02 14:01:29 | 000,000,735 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[2].txt
[2010/10/05 16:13:22 | 000,000,823 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chitika[3].txt

part 11 OTL

[2010/10/06 11:26:37 | 000,000,090 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.sellmeyourtraffic[1].txt
[2010/10/06 11:26:42 | 000,000,677 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[1].txt
[2010/10/05 16:11:12 | 000,000,084 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
[2010/10/06 11:26:43 | 000,001,524 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crwdcntrl[2].txt
[2010/10/02 14:02:28 | 000,000,102 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@data.cmcore[1].txt
[2010/10/02 13:55:52 | 000,000,115 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
[2010/10/06 11:22:58 | 000,000,115 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[3].txt
[2010/10/06 11:26:44 | 000,000,128 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc1e.3vg58t1[1].txt
[2010/10/06 11:22:38 | 000,000,166 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demdex[2].txt
[2010/10/02 14:01:37 | 000,000,121 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demr.opt.fimserve[1].txt
[2010/10/06 11:26:42 | 000,000,128 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demr.opt.fimserve[3].txt
[2010/10/06 11:20:51 | 000,000,121 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@desb.opt.fimserve[1].txt
[2010/10/05 16:11:11 | 000,000,127 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@displayads.liveuniversenetwork[2].txt
[2010/10/06 11:18:06 | 000,000,086 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dlqm[2].txt
[2010/10/02 13:54:28 | 000,000,115 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
[2010/10/03 11:33:15 | 000,000,116 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[2].txt
[2010/10/06 11:26:38 | 000,000,227 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eas.apm.emediate[2].txt
[2010/10/04 10:07:05 | 000,000,148 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ebay[1].txt
[2010/10/06 11:21:39 | 000,000,703 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exelator[1].txt
[2010/10/02 13:55:40 | 000,000,667 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exelator[2].txt
[2010/10/02 14:01:26 | 000,000,508 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ezinearticles[2].txt
[2010/10/05 16:13:14 | 000,000,509 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ezinearticles[3].txt
[2010/10/04 10:04:32 | 000,000,137 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@facebook[1].txt
[2010/10/06 11:26:42 | 000,000,072 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fimserve[1].txt
[2010/10/02 14:00:54 | 000,000,335 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@flickr[1].txt
[2010/10/06 11:26:31 | 000,000,483 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fwmrm[1].txt
[2010/10/02 14:04:43 | 000,000,473 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fwmrm[2].txt
[2010/10/02 14:02:07 | 000,000,123 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@g.doubleclick[1].txt
[2010/10/02 14:01:37 | 000,000,102 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gigya[1].txt
[2010/10/06 11:20:52 | 000,000,102 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gigya[2].txt
[2010/10/02 13:54:26 | 000,000,130 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[1].txt
[2010/10/03 11:33:13 | 000,000,131 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[2].txt
[2010/10/02 14:01:58 | 000,000,222 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
[2010/10/04 10:01:19 | 000,000,220 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[3].txt
[2010/10/06 11:21:03 | 000,000,557 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
[2010/10/06 11:26:28 | 000,000,103 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@linezing[1].txt
[2010/10/06 11:26:33 | 000,000,226 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@localpages[2].txt
[2010/10/05 16:12:46 | 000,000,169 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[2].txt
[2010/10/06 11:26:35 | 000,000,116 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lycos[1].txt

part 12

[2010/10/06 11:20:50 | 000,000,697 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
[2010/10/06 11:23:05 | 000,000,183 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[2].txt
[2010/10/06 11:20:52 | 000,000,464 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@msappspace[1].txt
[2010/10/06 11:26:38 | 000,000,093 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
[2010/10/02 14:01:38 | 000,001,004 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myspace[2].txt
[2010/10/06 11:21:03 | 000,001,232 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myspace[3].txt
[2010/10/02 13:59:02 | 000,000,103 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@openx[1].txt
[2010/10/05 16:13:23 | 000,000,101 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@openx[2].txt
[2010/10/02 14:01:37 | 000,000,338 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@opt.fimserve[1].txt
[2010/10/06 11:26:54 | 000,000,518 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@opt.fimserve[2].txt
[2010/10/05 16:14:16 | 000,000,173 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
[2010/10/06 11:20:56 | 000,000,136 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@profile.myspace[2].txt
[2010/10/02 13:57:26 | 000,000,199 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pubmatic[2].txt
[2010/10/05 16:12:47 | 000,000,200 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pubmatic[3].txt
[2010/10/02 13:55:40 | 000,000,099 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quantserve[1].txt
[2010/10/03 11:33:21 | 000,000,099 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quantserve[2].txt
[2010/10/06 11:18:05 | 000,000,195 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
[2010/10/04 10:04:34 | 000,000,125 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@recaptcha[1].txt
[2010/10/05 16:11:11 | 000,000,347 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revver[1].txt
[2010/10/06 11:26:39 | 000,000,234 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
[2010/10/02 13:54:30 | 000,000,134 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@s2.youtube[1].txt
[2010/10/03 11:33:15 | 000,000,135 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@s2.youtube[2].txt
[2010/10/02 14:04:27 | 000,000,108 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scorecardresearch[2].txt
[2010/10/06 11:26:45 | 000,000,113 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scorecardresearch[3].txt
[2010/10/06 11:26:44 | 000,000,227 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search123.uk[2].txt
[2010/10/02 14:04:58 | 000,000,658 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
[2010/10/04 10:03:59 | 000,000,634 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[2].txt
[2010/10/02 14:01:38 | 000,000,100 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sharethis[1].txt

part 13

[2010/10/06 11:21:04 | 000,000,100 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sharethis[2].txt
[2010/10/02 14:04:58 | 000,000,364 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
[2010/10/04 10:03:58 | 000,000,353 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[3].txt
[2010/10/02 13:59:35 | 000,000,099 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
[2010/10/04 10:01:21 | 000,000,099 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[2].txt
[2010/10/06 11:26:32 | 000,000,103 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@statcounter[2].txt
[2010/10/02 14:02:07 | 000,000,115 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@t.cpmadvisors[1].txt
[2010/10/05 16:11:11 | 000,000,189 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tag.admeld[2].txt
[2010/10/06 11:26:43 | 000,000,382 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@telemetryverification[2].txt
[2010/10/04 10:04:34 | 000,000,108 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tidaltv[1].txt
[2010/10/06 11:26:27 | 000,000,106 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficrevenue[1].txt
[2010/10/06 11:22:38 | 000,000,285 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tremor.demdex[2].txt
[2010/10/06 11:20:50 | 000,000,108 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@triggit[1].txt
[2010/10/02 13:55:07 | 000,000,088 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tubemogul[1].txt
[2010/10/06 11:20:33 | 000,000,088 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tubemogul[3].txt
[2010/10/06 11:26:42 | 000,000,086 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@turn[1].txt
[2010/10/02 14:01:41 | 000,000,092 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tynt[1].txt
[2010/10/06 11:21:06 | 000,000,092 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tynt[2].txt
[2010/10/06 11:21:03 | 000,000,458 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vids.myspace[2].txt
[2010/10/02 13:58:01 | 000,000,087 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vimeo[1].txt
[2010/10/05 23:09:56 | 000,000,088 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vimeo[2].txt
[2010/10/04 10:04:33 | 000,000,284 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@voicefive[2].txt
[2010/10/02 13:55:26 | 000,000,111 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w55c[1].txt
[2010/10/04 10:04:33 | 000,000,236 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.bollywoodbackstage[1].txt
[2010/10/02 14:01:33 | 000,000,127 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.myspace[1].txt
[2010/10/06 11:20:48 | 000,000,128 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.myspace[2].txt
[2010/10/02 13:55:40 | 000,000,081 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.songsrpeople[1].txt
[2010/10/05 16:12:58 | 000,000,080 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.songsrpeople[3].txt
[2010/10/06 11:26:32 | 000,000,354 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wwwadcntr[1].txt
[2010/10/02 14:00:55 | 000,000,087 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[1].txt
[2010/10/05 16:11:12 | 000,000,086 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[3].txt
[2010/10/06 11:26:39 | 000,000,813 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yellowpages.lycos[2].txt
[2010/10/06 11:26:07 | 000,000,283 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@youtube[1].txt
[2010/10/02 14:05:02 | 000,000,282 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@youtube[2].txt
[2010/10/06 11:26:38 | 000,000,597 | ---- | M] () – C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

part 14

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\aelupsvc.dll – (AeLookupSvc)
SRV:64bit: - [2010/11/20 08:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\appinfo.dll – (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\alg.exe – (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\qmgr.dll – (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\BFE.DLL – (BFE)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\lsass.exe – (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\es.dll – (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\es.dll – (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\browser.dll – (Browser)
SRV:64bit: - [2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\cryptsvc.dll – (CryptSvc)
SRV - [2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\cryptsvc.dll – (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dhcpcore.dll – (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\dhcpcore.dll – (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dnsrslvr.dll – (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\eapsvc.dll – (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\hidserv.dll – (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\hidserv.dll – (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\SysNative\ipnathlp.dll – (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\IPSECSVC.DLL – (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv

part 15

SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\swprv.dll – (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\SysNative\mmcss.dll – (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\netman.dll – (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\netprofm.dll – (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\netprofm.dll – (netprofm)
SRV:64bit: - [2010/11/20 08:27:22 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\nlasvc.dll – (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\nsisvc.dll – (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\umpnpmgr.dll – (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\spoolsv.exe – (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\lsass.exe – (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\rasauto.dll – (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\rasmans.dll – (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\seclogon.dll – (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\lsass.exe – (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wscsvc.dll – (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\srvsvc.dll – (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\shsvcs.dll – (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\shsvcs.dll – (ShellHWDetection)
No service found with a name of slsvc

part 16

SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\schedsvc.dll – (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\tapisrv.dll – (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysWOW64\tapisrv.dll – (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\themeservice.dll – (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\profsvc.dll – (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\VSSVC.exe – (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\audiosrv.dll – (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\audiosrv.dll – (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\sdrsvc.dll – (SDRSVC)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wevtsvc.dll – (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\MPSSVC.dll – (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wiaservc.dll – (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\msiexec.exe – (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysWow64\msiexec.exe – (msiserver)
SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wbem\WMIsvc.dll – (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wuaueng.dll – (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\dot3svc.dll – (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\wlansvc.dll – (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\SysNative\wkssvc.dll – (LanmanWorkstation)

< %SYSTEMDRIVE%*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 – C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 – C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 – C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

part 17

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 – C:$INPLACE.~TR\Machine\DATA\Windows\System32\drivers\etc\services
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 – C:\Windows\winsxs\amd64_microsoft-windows-w…nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2010/04/07 20:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 – C:\Program Files (x86)\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.CFG >
[2012/04/04 00:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 – C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R— | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E – C:\Windows\Installer$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2005/06/29 14:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 – C:\Program Files (x86)\Intuit\QuickBooks 2010\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB – C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 – C:\Windows\winsxs\amd64_microsoft-windows-s…ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 – C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

part 18

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\amd64_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-s…cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 – C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 – C:\Windows\winsxs\amd64_microsoft-windows-s…s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2011/01/17 18:52:22 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA – C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 18:51:48 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 – C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE – C:\Program Files (x86)\Malwarebytes’ Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 – C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D – C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe