Jump to content

pezdukie

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. pezdukie
    Alright, not to hijack this thread, but I've run into the same problem and am in the exact predicament as the OP (Tried the bleepingcomputer.com fix to no avail) Here's my OTL.txt: OTL logfile created on: 12/6/2011 12:03:19 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.82% Memory free 6.50 Gb Paging File | 5.20 Gb Available in Paging File | 80.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 911.51 Gb Total Space | 239.78 Gb Free Space | 26.31% Space Free | Partition Type: NTFS Drive D: | 7.79 Gb Total Space | 0.88 Gb Free Space | 11.23% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive J: | 20.00 Gb Total Space | 19.91 Gb Free Space | 99.56% Space Free | Partition Type: NTFS Drive K: | 512.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/06 00:02:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe PRC - [2011/12/05 21:37:15 | 000,908,248 | ---- | M] (Mozilla Corporation) -- B:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE PRC - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Palm\PDK\tcprelay.exe PRC - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2011/08/18 21:31:44 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/03/21 10:17:46 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool) SRV:64bit: - [2009/08/25 11:17:18 | 000,294,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService) SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc) SRV - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay) SRV - [2010/10/21 16:01:32 | 000,069,632 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe -- (NovacomD) SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/11/04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/09/04 16:38:28 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb) DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009/06/17 10:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd) DRV:64bit: - [2009/06/10 14:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) Intel® DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 14:48:16 | 000,509,056 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw18bda.sys -- (hcw18bda) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2008/08/28 01:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2007/01/12 17:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 05 0A 2D DE 98 CC 01 [binary data] IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2 FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6 FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4 FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.6.4 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Adam\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 20:07:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/18 21:31:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/18 21:03:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Adam\AppData\Roaming\Move Networks [2009/10/31 15:27:49 | 000,000,000 | -H-D | M] [2010/01/10 03:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions [2010/01/10 03:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions [2010/01/20 02:51:03 | 000,000,000 | -H-D | M] (Favicon Picker 3) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67} [2011/09/04 03:21:51 | 000,000,000 | -H-D | M] (Roomy Bookmarks Toolbarv) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\ALone-live@ya.ru [2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\chachaguidebar@chacha.com [2011/11/28 14:19:57 | 000,000,000 | -H-D | M] ("Advanced Cookie Manager") -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\cookiemgr@jayapal.com [2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\firegestures@xuldev.org [2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\Foxdie@tanjihay.com [2010/11/28 19:44:01 | 000,000,000 | -H-D | M] (Foxdie for Firefox) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\foxdie_ext_ocelot@foxdie.us [2011/11/08 10:25:57 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\piclens@cooliris.com [2011/11/09 20:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/11/09 20:07:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2010/12/09 04:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011/05/01 13:47:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/09 20:07:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Update (Enabled) = C:\Users\Adam\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Adam\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mouse Stroke = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaoofnhgocdbnbeljkmbjdmhbcokfdb\1.9.5.2_0\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:64bit: - HKLM..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [QSKDNYNxcKDRT.exe] C:\ProgramData\QSKDNYNxcKDRT.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7B4E7B-B9E3-4AD8-8175-2FF499561BF1}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B04135EE-1B9E-4716-AA6E-9CD0B96B0F52}: DhcpNameServer = 192.168.100.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/06/15 09:23:40 | 000,000,175 | R--- | M] () - K:\autorun.inf -- [ UDF ] O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell - "" = AutoRun O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\AutoRun\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\configure\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\install\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{809fe94c-d6a3-11df-b788-001a92c3e235}\Shell - "" = AutoRun O33 - MountPoints2\{809fe94c-d6a3-11df-b788-001a92c3e235}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/05 23:58:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011/12/05 22:27:56 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011/12/05 21:59:25 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes [2011/12/05 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/12/05 21:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/12/05 21:59:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/12/05 21:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/12/05 21:49:35 | 009,852,544 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Adam\Desktop\mbam-setup-1.51.2.1300.exe [2011/12/05 21:47:57 | 001,566,512 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123coom.exe [2011/12/05 16:40:39 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Download Manager [2011/12/02 11:37:37 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/11/22 04:17:08 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/11/22 04:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2011/11/22 04:15:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys [2011/11/22 04:15:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys [2011/11/22 04:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc [2011/11/21 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2011/11/21 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2011/11/07 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ========== Files - Modified Within 30 Days ========== [2011/12/06 00:04:56 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/12/06 00:04:56 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/12/05 23:59:55 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/12/05 23:59:55 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/12/05 23:59:55 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/12/05 23:54:06 | 000,000,408 | ---- | M] () -- C:\ProgramData\jeezIQDWHGlfdM [2011/12/05 23:54:06 | 000,000,288 | ---- | M] () -- C:\ProgramData\~jeezIQDWHGlfdM [2011/12/05 23:54:06 | 000,000,200 | ---- | M] () -- C:\ProgramData\~jeezIQDWHGlfdMr [2011/12/05 23:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/12/05 23:53:18 | 2616,033,280 | -HS- | M] () -- C:\hiberfil.sys [2011/12/05 23:51:12 | 001,008,114 | -H-- | M] () -- C:\Users\Adam\Desktop\rkill.com [2011/12/05 22:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107165334-3125168533-1496286226-1000UA.job [2011/12/05 22:27:58 | 000,000,682 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk [2011/12/05 22:27:58 | 000,000,658 | -H-- | M] () -- C:\Users\Adam\Desktop\System Fix.lnk [2011/12/05 22:27:38 | 000,352,392 | ---- | M] () -- C:\ProgramData\jeezIQDWHGlfdM.exe [2011/12/05 22:18:25 | 000,445,064 | ---- | M] () -- C:\ProgramData\QSKDNYNxcKDRT.exe [2011/12/05 21:50:03 | 009,852,544 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Adam\Desktop\mbam-setup-1.51.2.1300.exe [2011/12/05 17:22:22 | 3166,840,832 | -H-- | M] () -- C:\Users\Adam\Documents\7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso [2011/12/05 11:40:48 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107165334-3125168533-1496286226-1000Core.job [2011/12/01 17:58:25 | 000,002,972 | -H-- | M] () -- C:\Users\Adam\.recently-used.xbel [2011/11/30 14:46:20 | 000,001,807 | -H-- | M] () -- C:\Users\Adam\Desktop\Spotify.lnk [2011/11/24 12:33:42 | 001,566,512 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123coom.exe [2011/11/22 04:17:09 | 000,000,966 | -H-- | M] () -- C:\Users\Adam\Desktop\MagicDisc.lnk [2011/11/21 22:10:18 | 000,001,109 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk [2011/11/20 23:48:54 | 000,224,987 | -H-- | M] () -- C:\Users\Adam\Documents\1.pdf [2011/11/20 23:46:09 | 000,195,447 | -H-- | M] () -- C:\Users\Adam\Documents\Untitled.pdf [2011/11/13 20:01:51 | 000,007,602 | -H-- | M] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg [2011/11/10 13:58:37 | 000,002,123 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2011/11/10 06:54:46 | 000,426,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/11/10 06:43:24 | 000,001,191 | -H-- | M] () -- C:\Users\Adam\.opgalaxy7.vr [2011/11/09 22:29:30 | 000,002,061 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk ========== Files Created - No Company Name ========== [2011/12/05 23:51:11 | 001,008,114 | -H-- | C] () -- C:\Users\Adam\Desktop\rkill.com [2011/12/05 23:48:58 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2011/12/05 23:48:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011/12/05 23:48:58 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2011/12/05 23:48:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011/12/05 23:48:58 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2011/12/05 23:48:58 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2011/12/05 22:28:10 | 000,000,288 | ---- | C] () -- C:\ProgramData\~jeezIQDWHGlfdM [2011/12/05 22:28:10 | 000,000,200 | ---- | C] () -- C:\ProgramData\~jeezIQDWHGlfdMr [2011/12/05 22:27:58 | 000,000,682 | -H-- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk [2011/12/05 22:27:58 | 000,000,658 | -H-- | C] () -- C:\Users\Adam\Desktop\System Fix.lnk [2011/12/05 22:27:47 | 000,000,408 | ---- | C] () -- C:\ProgramData\jeezIQDWHGlfdM [2011/12/05 22:27:38 | 000,352,392 | ---- | C] () -- C:\ProgramData\jeezIQDWHGlfdM.exe [2011/12/05 22:21:25 | 000,445,064 | ---- | C] () -- C:\ProgramData\QSKDNYNxcKDRT.exe [2011/12/05 16:40:46 | 3166,840,832 | -H-- | C] () -- C:\Users\Adam\Documents\7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso [2011/12/01 17:58:25 | 000,002,972 | -H-- | C] () -- C:\Users\Adam\.recently-used.xbel [2011/11/30 14:46:20 | 000,001,807 | -H-- | C] () -- C:\Users\Adam\Desktop\Spotify.lnk [2011/11/30 14:46:20 | 000,001,793 | -H-- | C] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2011/11/22 04:17:09 | 000,000,966 | -H-- | C] () -- C:\Users\Adam\Desktop\MagicDisc.lnk [2011/11/21 22:10:18 | 000,001,109 | -H-- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk [2011/11/20 23:48:54 | 000,224,987 | -H-- | C] () -- C:\Users\Adam\Documents\1.pdf [2011/11/20 23:45:58 | 000,195,447 | -H-- | C] () -- C:\Users\Adam\Documents\Untitled.pdf [2011/09/12 16:43:12 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat [2011/03/07 21:10:20 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini [2011/03/07 21:09:09 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll [2011/03/07 21:09:09 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv [2011/01/04 15:30:55 | 000,001,940 | -H-- | C] () -- C:\Users\Adam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/12/23 20:44:50 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\dglesv2.dll [2010/12/23 20:44:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\dgles.dll [2010/12/23 20:44:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\SDL_mixer.dll [2010/12/23 20:44:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\SDL_image.dll [2010/12/23 20:44:00 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\SDL_ttf.dll [2010/12/23 20:43:52 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\SDL_net.dll [2010/12/23 20:43:36 | 000,270,336 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll [2010/07/09 11:47:40 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\libfreetype.dll [2010/06/25 11:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010/03/31 19:51:35 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll [2010/03/31 19:51:35 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll [2010/03/11 01:43:26 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2010/01/22 00:34:57 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/01/14 00:10:21 | 000,350,720 | ---- | C] () -- C:\Program Files (x86)\hjsplit.exe [2009/11/16 19:20:36 | 000,007,602 | -H-- | C] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg [2009/11/10 00:56:03 | 000,000,336 | -H-- | C] () -- C:\Users\Adam\AppData\Roaming\settings.dat [2009/10/29 17:47:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll [2009/08/11 14:01:32 | 000,317,952 | ---- | C] () -- C:\Windows\SysWow64\libtiff-3.dll [2009/08/11 14:01:32 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\smpeg.dll [2009/08/11 14:01:32 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\libvorbis-0.dll [2009/08/11 14:01:32 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\libpng12-0.dll [2009/08/11 14:01:32 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\jpeg.dll [2009/08/11 14:01:32 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2009/08/11 14:01:32 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\libvorbisfile-3.dll [2009/08/11 14:01:32 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\libogg-0.dll [2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008/10/28 12:54:16 | 005,570,009 | ---- | C] () -- C:\Program Files (x86)\samurize_1.64.3_3.exe ========== LOP Check ========== [2009/11/02 22:28:32 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\acccore [2011/04/17 23:04:06 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Downloaded Installations [2010/04/06 18:57:32 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Facebook [2011/07/06 23:27:02 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0 [2010/05/12 19:17:04 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn [2009/10/29 17:58:07 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech [2011/11/21 01:40:38 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Nitro PDF [2011/03/07 21:10:22 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\pdf995 [2011/12/05 18:33:01 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Spotify [2011/09/12 16:50:46 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Stamps.com Internet Postage [2010/04/06 18:23:29 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\StreamTorrent [2011/02/16 17:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\TaxCut [2010/03/11 01:41:55 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Teleca [2010/01/10 03:46:51 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Thunderbird [2009/11/03 23:31:57 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\TrueCrypt [2011/11/22 01:42:04 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\uTorrent [2009/10/28 21:42:47 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\WinBatch [2011/02/22 01:31:38 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Wireshark [2011/05/06 02:19:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > And here's my Extras.txt: OTL Extras logfile created on: 12/6/2011 12:03:19 AM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.82% Memory free 6.50 Gb Paging File | 5.20 Gb Available in Paging File | 80.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 911.51 Gb Total Space | 239.78 Gb Free Space | 26.31% Space Free | Partition Type: NTFS Drive D: | 7.79 Gb Total Space | 0.88 Gb Free Space | 11.23% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive J: | 20.00 Gb Total Space | 19.91 Gb Free Space | 99.56% Space Free | Partition Type: NTFS Drive K: | 512.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{48140058-E94F-4982-83E2-1EC0183218C4}" = Palm webOS SDK "{59525B55-DE3C-439F-82CC-D4578960DE73}" = Nitro PDF Professional "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{D5DEF071-24AD-4214-9623-3A9B63988E3B}" = Macrium Reflect - Free Edition "{E704008B-0515-490F-83E1-95AA2A7F4641}" = Oracle VM VirtualBox 4.1.6 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "705BB4107F4B3FAEECCDB213EAD10359BBFF3BFA" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1) "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR archiver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob "{23532305-7458-4592-9D3A-18F15803973A}" = OPNET Model Library Academic Edition 9.1 "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 26 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5F8F3C63-2F9F-47E6-B749-2DFE4684C671}" = H&R Block Wisconsin 2010 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9A657E90-E2B7-44DE-8929-055948162595}" = SPSS 16.0 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5 "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{DBFA98B2-1D1D-488C-B80D-26057DA9A492}" = OPNET IT Guru Academic Edition 9.1 "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM_7" = AIM 7 "Audacity_is1" = Audacity 1.2.6 "CCleaner" = CCleaner "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "DeleteOnClick_is1" = DeleteOnClick "ENTERPRISER" = Microsoft Office Enterprise 2007 "ImgBurn" = ImgBurn "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0) "Pdf995" = Pdf995 (installed by H&R Block) "PdfEdit995" = PdfEdit995 (installed by H&R Block) "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "Spotify" = Spotify "Stamps.com" = Stamps.com "StarCraft II" = StarCraft II "StreamTorrent 1.0" = StreamTorrent 1.0 "TrueCrypt" = TrueCrypt "uberOptions" = uberOptions 4.80.5 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "WinGimp-2.0_is1" = Gimp 2.6.2 Debug "WinPcapInst" = WinPcap 4.1.2 "WinX Blu-ray Decrypter_is1" = WinX Blu-ray Decrypter 2.0 "Wireshark" = Wireshark 1.4.3 "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player "MusicManager" = Music Manager "Spotify" = Spotify "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/22/2011 12:10:38 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 11/22/2011 12:10:38 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 11/22/2011 6:16:37 AM | Computer Name = Adam-PC | Source = Application Hang | ID = 1002 Description = The program setup_magicdisc106.exe version 2.5.0.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10fc Start Time: 01cca8ff9ba7d5ed Termination Time: 15 Application Path: C:\Users\Adam\Downloads\setup_magicdisc106.exe Report Id: 0b67517a-14f3-11e1-8cfc-85a0718454f9 Error - 11/30/2011 3:06:08 AM | Computer Name = Adam-PC | Source = Application Hang | ID = 1002 Description = The program firefox.exe version 8.0.0.4325 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: cfc Start Time: 01ccaf1c51e6d664 Termination Time: 114 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 9b1db835-1b21-11e1-a79d-001a92c3e235 Error - 12/1/2011 1:42:28 PM | Computer Name = Adam-PC | Source = Application Error | ID = 1000 Description = Faulting application name: vlc.exe, version: 1.1.11.0, time stamp: 0x4e1edf37 Faulting module name: vlc.exe, version: 1.1.11.0, time stamp: 0x4e1edf37 Exception code: 0xc0000005 Fault offset: 0x0000174c Faulting process id: 0x1020 Faulting application start time: 0x01ccb05093e2a503 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: d5c557e5-1c43-11e1-a79d-001a92c3e235 Error - 12/2/2011 1:38:08 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12/6/2011 12:22:15 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12/6/2011 12:22:15 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12/6/2011 12:22:30 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12/6/2011 12:22:30 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . [ OSession Events ] Error - 2/2/2010 12:26:19 AM | Computer Name = Adam-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 5/12/2011 4:25:18 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2492386). Error - 5/12/2011 4:25:18 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2529073). Error - 5/12/2011 4:25:25 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB982018). Error - 5/12/2011 8:27:20 PM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7016 Description = The NVIDIA Display Driver Service service has reported an invalid current state 32. Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2515325). Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2534366). Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2522422). Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2492386). Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2529073). Error - 5/12/2011 8:51:50 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB982018). < End of report > Any help would be greatly appreciated. The OTL report was run after RKill had already been run on this boot; I hope that doesn't affect the results? Also, the computer is a dual-booted Windows Vista/Windows 7 machine and only the Windows 7 hard drive is infected at this point. Let me know if there's any other information needed.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.