:OTL
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.easysear.ch/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.easysear.ch/
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: URL = http://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=FR&userid=79ab82fd-440b-5889-9a47-cc14b9609b66&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/12/2013&type=hp1000
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: URL = http://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=FR&userid=79ab82fd-440b-5889-9a47-cc14b9609b66&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=15/12/2013&type=hp1000
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9d480271-a3be-496c-b1fb-3ee970713e33}: C:\Program Files\SelectionTool\150.xpi [2014/02/03 13:22:45 | 000,007,052 | ---- | M] ()
CHR - homepage: http://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=a8ad28840000000000000008d350115e
CHR - Extension: SelectionTool = C:\Documents and Settings\DJAM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\edjnbokkihlfclbddajclncbnmgggbie\1.150_0\
CHR - plugin: Software Update (Enabled) = C:\Program Files\Software\Update\1.3.25.0\npSoftwareUpdate3.dll 
O2 - BHO: (SelectionTool) - {1533472a-9aff-42d2-be53-efe825bc964a} - C:\Program Files\SelectionTool\150.dll ()
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\charge music P2P Rocket\RazaWebHook.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1993962763-725345543-1004\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1993962763-725345543-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-1993962763-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [upfst_fr_76.exe] C:\Documents and Settings\DJAM\Local Settings\Application Data\fst_fr_76\upfst_fr_76.exe () 
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2014/02/03 13:22:45 | 000,000,000 | ---D | C] -- C:\Program Files\SelectionTool
[2014/02/03 13:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2014/02/03 13:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DJAM\Local Settings\Application Data\SearchProtect
[2014/02/01 06:55:46 | 000,825,232 | ---- | C] (AnyProtect.com) -- C:\Documents and Settings\DJAM\Local Settings\Application Data\AnyProtectScannerSetup.exe
[2012/05/21 22:55:25 | 000,000,152 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dKQJcvEkRr7Jvtr
[2012/05/21 22:55:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-dKQJcvEkRr7Jvt
[2012/05/21 22:55:21 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dKQJcvEkRr7Jvt
[2011/11/27 11:33:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DJAM\ź8ź8
[2009/12/25 19:26:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DJAM\ź;ź;
[2009/11/29 12:01:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DJAM\ź9ź9
[2014/02/01 07:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\predm
[2014/02/03 13:22:45 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\SelectionTool Update.job
[2014/02/01 06:58:37 | 000,000,366 | ---- | C] () -- C:\WINDOWS\tasks\APSnotifierCA.job

:files
C:\Documents and Settings\DJAM\Local Settings\Application Data\fst_fr_76
C:\Program Files\fst_fr_76

:Commands
[purity] 
[emptytemp]