Jump to content

Recommended Posts

Hey guys,

So I'm fed up! I've had the google redirect issue for months now.. but just dealt with it. The last few weeks things have got a lot worse though! I have random audio adds play in the background, whenever I open a new firefox window, it will open another tab with some weird website, internet explore also opens up sometimes with a bunch of tabs.

Besides the google redirect issue.. the problems really started around two weeks ago, when that "system fix" totally raped my system. The poor girl hasn't been the same since.. please help me fix my baby! Thanks guys.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20

Run by David at 0:28:13 on 2011-11-30

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.1616 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\SysWoW64\svchost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

dPolicies-system: DisableTaskMgr = 1 (0x1)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D5DAD156-2A62-4B81-8873-E9DE6887B009} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{DCF46B23-958C-4EAD-A143-86AFB55D92CF} : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pioy6xvw.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111023&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 60061

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-29 2255464]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-19 366152]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-10 136176]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-11-30 04:47:39 794 ----a-w- C:\ProgramData\emhlbaa.tmp

2011-11-29 18:14:48 823 ----a-w- C:\ProgramData\moubbaa.tmp

2011-11-29 08:39:26 802 ----a-w- C:\ProgramData\yyifbaa.tmp

2011-11-28 19:50:40 841 ----a-w- C:\ProgramData\cjvkbaa.tmp

2011-11-28 07:47:36 856 ----a-w- C:\ProgramData\mivebaa.tmp

2011-11-27 18:03:02 817 ----a-w- C:\ProgramData\qwzebaa.tmp

2011-11-27 03:11:29 818 ----a-w- C:\ProgramData\khuwaaa.tmp

2011-11-26 16:14:44 787 ----a-w- C:\ProgramData\moyraaa.tmp

2011-11-24 18:04:34 828 ----a-w- C:\ProgramData\shsebaa.tmp

2011-11-24 04:39:39 844 ----a-w- C:\ProgramData\esgibaa.tmp

2011-11-23 17:32:39 802 ----a-w- C:\ProgramData\qgrwaaa.tmp

2011-11-23 04:20:03 856 ----a-w- C:\ProgramData\melqaaa.tmp

2011-11-22 17:34:34 845 ----a-w- C:\ProgramData\qicpaaa.tmp

2011-11-22 04:12:15 851 ----a-w- C:\ProgramData\uenoaaa.tmp

2011-11-21 18:50:38 855 ----a-w- C:\ProgramData\iqgqaaa.tmp

2011-11-21 04:37:14 855 ----a-w- C:\ProgramData\ojijaaa.tmp

2011-11-21 01:34:55 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2011-11-21 01:34:54 96768 ----a-w- C:\Windows\System32\fsutil.exe

2011-11-21 01:34:54 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2011-11-21 01:34:54 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2011-11-21 01:34:54 2566144 ----a-w- C:\Windows\System32\esent.dll

2011-11-21 01:34:54 187264 ----a-w- C:\Windows\System32\drivers\storport.sys

2011-11-21 01:34:54 1686016 ----a-w- C:\Windows\SysWow64\esent.dll

2011-11-21 01:34:54 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2011-11-21 01:34:54 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2011-11-21 01:34:54 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2011-11-21 01:34:53 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2011-11-20 10:19:13 804 ----a-w- C:\ProgramData\mweraaa.tmp

2011-11-20 09:25:50 -------- d-----w- C:\Users\David\AppData\Roaming\mffRRL9TXj

2011-11-20 09:25:50 -------- d-----w- C:\Users\David\AppData\Roaming\LeekIBONAu2i3n5

2011-11-20 09:25:42 -------- d-----w- C:\Users\David\AppData\Roaming\P6sWKfEEL9TZjCk

2011-11-20 09:25:41 -------- d-----w- C:\Users\David\AppData\Roaming\kAA0uvS2iF3pG5H

2011-11-20 09:25:40 -------- d-----w- C:\Users\David\AppData\Roaming\muuvS2obFpmGaQ6

2011-11-20 09:25:32 -------- d-----w- C:\Users\David\AppData\Roaming\ynGaHsWK7fL9Tqj

2011-11-20 09:25:31 -------- d-----w- C:\Users\David\AppData\Roaming\lOOyyxA0uS2i

2011-11-20 07:26:38 816 ----a-w- C:\ProgramData\euvqaaa.tmp

2011-11-20 03:56:22 848 ----a-w- C:\ProgramData\snvraaa.tmp

2011-11-20 02:54:35 787 ----a-w- C:\ProgramData\uynraaa.tmp

2011-11-20 01:01:21 803 ----a-w- C:\ProgramData\orgcbaa.tmp

2011-11-20 00:09:03 -------- d-----w- C:\Users\David\AppData\Local\Skyrim

2011-11-19 23:00:24 825 ----a-w- C:\ProgramData\srfgbaa.tmp

2011-11-19 17:04:13 849 ----a-w- C:\ProgramData\cpuhbaa.tmp

2011-11-18 07:25:15 -------- d-----w- C:\Program Files (x86)\92EA5

2011-11-18 07:25:03 -------- d-----w- C:\Users\David\AppData\Roaming\04C92

2011-11-18 07:25:03 -------- d-----w- C:\Program Files (x86)\LP

2011-11-18 07:24:54 -------- d-----w- C:\Users\David\AppData\Roaming\GGGG4aaQH6sK7fL

2011-11-18 07:24:54 -------- d-----w- C:\Users\David\AppData\Roaming\aNttxxA0ucS2bDp

2011-11-18 07:24:51 -------- d-----w- C:\Users\David\AppData\Roaming\u000yycS1ivD

2011-11-18 07:24:50 -------- d-----w- C:\Users\David\AppData\Roaming\OxxxP0ucS1iD3nG

2011-11-18 07:24:49 -------- d-----w- C:\Users\David\AppData\Roaming\yaaQQH66sW7fE9

2011-11-18 07:24:46 -------- d-----w- C:\Users\David\AppData\Roaming\FwwkkUUVelOtz0y

2011-11-18 07:24:45 -------- d-----w- C:\Users\David\AppData\Roaming\YwwwkUUVrlOBxPy

2011-11-18 07:24:43 -------- d-----we C:\Windows\system64

2011-11-09 04:24:53 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-09 04:24:53 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-09 04:24:26 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-09 04:23:55 3141120 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2011-11-18 19:05:29 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-11-18 19:05:29 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-11-18 19:04:13 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-10-01 03:21:20 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:59:14 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 0:35:50.75 ===============

Attach.txt

Link to post
Share on other sites

Hello Bonobo! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Step 2

  1. Download aswMBR.exe (1870KB) to your desktop.
  2. Double click the aswMBR.exe to run it
    aswMBR1.png
  3. Click the [scan] button to start scan
    aswMBR2.png
  4. On completion of the scan click [save log], save it to your desktop and post in your next reply.

In your next reply, please post the following log files:

  • OTL log with Extras.txt
  • aswMBR log

Link to post
Share on other sites

Hey Maniac! Thank you for taking the time to help me man!!

QTL

OTL logfile created on: 11/30/2011 11:59:14 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 73.36% Memory free

8.00 Gb Paging File | 6.84 Gb Available in Paging File | 85.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.79 Gb Total Space | 112.45 Gb Free Space | 48.31% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avcodec-52.dll ()

MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avformat-52.dll ()

MOD - C:\Program Files (x86)\Steam\bin\avutil-50.dll ()

MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()

MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )

DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z134&install_date=20111023'>http://www.msn.com/?pc=Z134&install_date=20111023

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 FF 64 24 4C B2 CA 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 75 5E D7 0D DE 51 EF 49 85 9C B5 3E 3A 9D 74 59 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z134&form=ZGAADF&install_date=20111023&q="

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 60061

FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/10/23 13:16:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 17:43:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/07/14 00:17:36 | 000,000,000 | ---D | M]

[2011/06/03 08:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions

[2011/10/29 21:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ni6lhpp9.default\extensions

[2011/09/24 22:19:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ni6lhpp9.default\extensions\{926767be-500d-41bd-810c-816cab31dfdd}

[2011/10/29 21:10:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ni6lhpp9.default\extensions\{cf0f7110-cfbb-4a34-b80b-b623b400b4c7}

[2011/10/29 21:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pioy6xvw.default\extensions

[2011/09/24 22:19:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pioy6xvw.default\extensions\{926767be-500d-41bd-810c-816cab31dfdd}

[2011/10/29 21:10:39 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pioy6xvw.default\extensions\{cf0f7110-cfbb-4a34-b80b-b623b400b4c7}

[2011/10/23 13:16:03 | 000,001,945 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\pioy6xvw.default\searchplugins\bing-zugo.xml

[2011/06/03 08:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/09 17:43:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/09 17:43:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2009/05/01 16:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\libdivx.dll

[2009/05/12 13:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdivx32.dll

[2009/05/18 17:41:32 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2009/05/01 16:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files (x86)\mozilla firefox\plugins\ssldivx.dll

[2011/10/01 18:27:34 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml

[2011/10/01 18:27:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

[2011/10/01 18:27:34 | 000,001,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml

[2011/10/01 18:27:34 | 000,002,364 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2011/11/09 17:43:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2011/10/01 18:27:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml

[2011/10/01 18:27:34 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [ctfmon.exe] C:\Windows\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5DAD156-2A62-4B81-8873-E9DE6887B009}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCF46B23-958C-4EAD-A143-86AFB55D92CF}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) -C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) -C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{7047d9a3-f90d-11df-864a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{7047d9a3-f90d-11df-864a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: cmdcopy - (C:\Windows\system32\dcom_moh.dll) - File not found

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/30 11:54:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

[2011/11/30 00:37:00 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\scanr

[2011/11/30 00:22:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\David\Desktop\dds.scr

[2011/11/20 20:35:16 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2011/11/20 20:35:15 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2011/11/20 20:35:15 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2011/11/20 20:35:14 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2011/11/20 20:35:14 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2011/11/20 20:35:14 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2011/11/20 20:35:14 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2011/11/20 20:35:14 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2011/11/20 20:35:14 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2011/11/20 20:35:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2011/11/20 20:35:14 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2011/11/20 20:35:14 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2011/11/20 20:35:14 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2011/11/20 20:35:14 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2011/11/20 20:35:03 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2011/11/20 20:35:03 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2011/11/20 20:35:02 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2011/11/20 20:35:01 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2011/11/20 20:34:54 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2011/11/20 20:34:54 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2011/11/20 20:34:54 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2011/11/20 20:34:54 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2011/11/20 20:34:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2011/11/20 20:34:54 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2011/11/20 20:34:53 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2011/11/20 04:25:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\mffRRL9TXj

[2011/11/20 04:25:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\LeekIBONAu2i3n5

[2011/11/20 04:25:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\P6sWKfEEL9TZjCk

[2011/11/20 04:25:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\kAA0uvS2iF3pG5H

[2011/11/20 04:25:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\muuvS2obFpmGaQ6

[2011/11/20 04:25:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ynGaHsWK7fL9Tqj

[2011/11/20 04:25:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\lOOyyxA0uS2i

[2011/11/19 23:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011/11/19 20:50:39 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe

[2011/11/19 20:25:37 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

[2011/11/19 19:09:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Skyrim

[2011/11/18 03:38:44 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\New folder (8)

[2011/11/18 02:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\92EA5

[2011/11/18 02:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP

[2011/11/18 02:25:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\04C92

[2011/11/18 02:24:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\GGGG4aaQH6sK7fL

[2011/11/18 02:24:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\aNttxxA0ucS2bDp

[2011/11/18 02:24:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\u000yycS1ivD

[2011/11/18 02:24:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\OxxxP0ucS1iD3nG

[2011/11/18 02:24:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\yaaQQH66sW7fE9

[2011/11/18 02:24:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\FwwkkUUVelOtz0y

[2011/11/18 02:24:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\YwwwkUUVrlOBxPy

[2011/11/18 02:24:43 | 000,000,000 | ---D | C] -- C:\Windows\system64

[2011/11/15 17:50:30 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Twin-Hand Movement

[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Users\David\Desktop\*.tmp files -> C:\Users\David\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/30 11:57:36 | 000,742,884 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/11/30 11:57:36 | 000,636,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/11/30 11:57:36 | 000,110,334 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/11/30 11:56:44 | 000,014,224 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/30 11:56:44 | 000,014,224 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/30 11:54:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

[2011/11/30 11:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At72.job

[2011/11/30 11:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At24.job

[2011/11/30 11:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At71.job

[2011/11/30 11:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At23.job

[2011/11/30 11:51:48 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/30 11:51:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job

[2011/11/30 11:51:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/11/30 11:51:33 | 3220,574,208 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/30 04:10:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/30 03:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At8.job

[2011/11/30 03:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At56.job

[2011/11/30 03:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At7.job

[2011/11/30 03:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At55.job

[2011/11/30 02:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At6.job

[2011/11/30 02:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At54.job

[2011/11/30 02:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At53.job

[2011/11/30 02:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At5.job

[2011/11/30 01:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At52.job

[2011/11/30 01:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job

[2011/11/30 01:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At51.job

[2011/11/30 01:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At3.job

[2011/11/30 00:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At50.job

[2011/11/30 00:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job

[2011/11/30 00:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At49.job

[2011/11/30 00:22:19 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\David\Desktop\dds.scr

[2011/11/29 23:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At96.job

[2011/11/29 23:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At48.job

[2011/11/29 23:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At95.job

[2011/11/29 23:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At47.job

[2011/11/29 17:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At84.job

[2011/11/29 17:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At36.job

[2011/11/29 17:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At83.job

[2011/11/29 17:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At35.job

[2011/11/29 16:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At82.job

[2011/11/29 16:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At34.job

[2011/11/29 16:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At81.job

[2011/11/29 16:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At33.job

[2011/11/29 15:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At80.job

[2011/11/29 15:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At32.job

[2011/11/29 15:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At79.job

[2011/11/29 15:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At31.job

[2011/11/29 14:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At78.job

[2011/11/29 14:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At30.job

[2011/11/29 14:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At77.job

[2011/11/29 14:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At29.job

[2011/11/29 13:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At76.job

[2011/11/29 13:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At28.job

[2011/11/29 13:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At75.job

[2011/11/29 13:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At27.job

[2011/11/29 12:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At74.job

[2011/11/29 12:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At26.job

[2011/11/29 12:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At73.job

[2011/11/29 12:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At25.job

[2011/11/29 04:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At58.job

[2011/11/29 04:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At10.job

[2011/11/29 04:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At9.job

[2011/11/29 04:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At57.job

[2011/11/28 22:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At94.job

[2011/11/28 22:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At46.job

[2011/11/28 22:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At93.job

[2011/11/28 22:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At45.job

[2011/11/27 21:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At92.job

[2011/11/27 21:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At44.job

[2011/11/27 21:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At91.job

[2011/11/27 21:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At43.job

[2011/11/27 20:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At90.job

[2011/11/27 20:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At42.job

[2011/11/27 20:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At89.job

[2011/11/27 20:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At41.job

[2011/11/27 19:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At88.job

[2011/11/27 19:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At40.job

[2011/11/27 19:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At87.job

[2011/11/27 19:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At39.job

[2011/11/27 10:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At70.job

[2011/11/27 10:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At22.job

[2011/11/27 10:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At69.job

[2011/11/27 10:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At21.job

[2011/11/27 09:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At68.job

[2011/11/27 09:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At20.job

[2011/11/27 09:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At67.job

[2011/11/27 09:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At19.job

[2011/11/27 08:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At66.job

[2011/11/27 08:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At18.job

[2011/11/27 08:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At65.job

[2011/11/27 08:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At17.job

[2011/11/27 07:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At64.job

[2011/11/27 07:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At16.job

[2011/11/27 07:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At63.job

[2011/11/27 07:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At15.job

[2011/11/27 06:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At62.job

[2011/11/27 06:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At14.job

[2011/11/27 06:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At61.job

[2011/11/27 06:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At13.job

[2011/11/27 05:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At60.job

[2011/11/27 05:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At12.job

[2011/11/27 05:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At59.job

[2011/11/27 05:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At11.job

[2011/11/26 18:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At86.job

[2011/11/26 18:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At38.job

[2011/11/26 18:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At85.job

[2011/11/26 18:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At37.job

[2011/11/21 12:39:31 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/11/20 04:25:51 | 000,001,978 | ---- | M] () -- C:\Users\David\Desktop\AV Protection 2011.lnk

[2011/11/19 23:11:56 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/19 21:01:37 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/19 20:50:42 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\tdsskiller.exe

[2011/11/19 20:48:00 | 001,008,092 | ---- | M] () -- C:\Users\David\Desktop\rkill.com

[2011/11/19 20:38:29 | 000,000,288 | ---- | M] () -- C:\ProgramData\~qE2lIsE9HvtyZk

[2011/11/19 20:25:39 | 000,000,216 | ---- | M] () -- C:\ProgramData\~qE2lIsE9HvtyZkr

[2011/11/19 20:25:37 | 000,000,673 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/19 20:25:37 | 000,000,649 | ---- | M] () -- C:\Users\David\Desktop\System Fix.lnk

[2011/11/19 20:25:33 | 000,000,336 | ---- | M] () -- C:\ProgramData\qE2lIsE9HvtyZk

[2011/11/19 12:10:07 | 000,000,000 | ---- | M] () -- C:\ProgramData\TQK4c3K0.dat

[2011/11/18 14:05:29 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011/11/18 14:05:29 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/11/18 14:04:13 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2011/11/16 12:01:48 | 000,196,308 | ---- | M] () -- C:\Users\David\Desktop\faa36efafa67ff6a370aee99b7999a27.jpg

[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[24 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[1 C:\Users\David\Desktop\*.tmp files -> C:\Users\David\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/23 12:38:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At96.job

[2011/11/23 12:38:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At94.job

[2011/11/23 12:38:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At95.job

[2011/11/23 12:38:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At93.job

[2011/11/23 12:38:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At92.job

[2011/11/23 12:38:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At90.job

[2011/11/23 12:38:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At91.job

[2011/11/23 12:38:01 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At88.job

[2011/11/23 12:38:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At89.job

[2011/11/23 12:38:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At87.job

[2011/11/23 12:38:00 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At86.job

[2011/11/23 12:37:59 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At84.job

[2011/11/23 12:37:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At85.job

[2011/11/23 12:37:58 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At82.job

[2011/11/23 12:37:58 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At83.job

[2011/11/23 12:37:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At80.job

[2011/11/23 12:37:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At81.job

[2011/11/23 12:37:56 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At78.job

[2011/11/23 12:37:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At79.job

[2011/11/23 12:37:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At77.job

[2011/11/23 12:37:55 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At76.job

[2011/11/23 12:37:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At75.job

[2011/11/23 12:37:54 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At74.job

[2011/11/23 12:37:54 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At72.job

[2011/11/23 12:37:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At73.job

[2011/11/23 12:37:53 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At70.job

[2011/11/23 12:37:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At71.job

[2011/11/23 12:37:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At69.job

[2011/11/23 12:37:52 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At68.job

[2011/11/23 12:37:52 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At66.job

[2011/11/23 12:37:52 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At67.job

[2011/11/23 12:37:52 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At65.job

[2011/11/23 12:37:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At64.job

[2011/11/23 12:37:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At62.job

[2011/11/23 12:37:51 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At63.job

[2011/11/23 12:37:50 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At60.job

[2011/11/23 12:37:50 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At61.job

[2011/11/23 12:37:50 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At59.job

[2011/11/23 12:37:49 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At58.job

[2011/11/23 12:37:49 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At56.job

[2011/11/23 12:37:49 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At57.job

[2011/11/23 12:37:48 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At54.job

[2011/11/23 12:37:48 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At55.job

[2011/11/23 12:37:47 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At52.job

[2011/11/23 12:37:47 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At53.job

[2011/11/23 12:37:47 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At51.job

[2011/11/23 12:37:46 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At50.job

[2011/11/23 12:37:46 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At49.job

[2011/11/20 04:25:51 | 000,001,978 | ---- | C] () -- C:\Users\David\Desktop\AV Protection 2011.lnk

[2011/11/19 23:11:56 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011/11/19 21:01:37 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/11/19 20:47:59 | 001,008,092 | ---- | C] () -- C:\Users\David\Desktop\rkill.com

[2011/11/19 20:25:39 | 000,000,216 | ---- | C] () -- C:\ProgramData\~qE2lIsE9HvtyZkr

[2011/11/19 20:25:38 | 000,000,288 | ---- | C] () -- C:\ProgramData\~qE2lIsE9HvtyZk

[2011/11/19 20:25:37 | 000,000,673 | ---- | C] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/11/19 20:25:37 | 000,000,649 | ---- | C] () -- C:\Users\David\Desktop\System Fix.lnk

[2011/11/19 20:25:33 | 000,000,336 | ---- | C] () -- C:\ProgramData\qE2lIsE9HvtyZk

[2011/11/19 18:51:05 | 000,274,320 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/11/19 12:10:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\TQK4c3K0.dat

[2011/11/19 12:10:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At48.job

[2011/11/19 12:10:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At46.job

[2011/11/19 12:10:06 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At47.job

[2011/11/19 12:10:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At44.job

[2011/11/19 12:10:05 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At45.job

[2011/11/19 12:10:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At42.job

[2011/11/19 12:10:04 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At43.job

[2011/11/19 12:10:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At40.job

[2011/11/19 12:10:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At41.job

[2011/11/19 12:10:03 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At39.job

[2011/11/19 12:10:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At38.job

[2011/11/19 12:10:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At36.job

[2011/11/19 12:10:02 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At37.job

[2011/11/19 12:10:01 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At34.job

[2011/11/19 12:10:01 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At35.job

[2011/11/19 12:10:00 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At32.job

[2011/11/19 12:10:00 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At33.job

[2011/11/19 12:09:59 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At30.job

[2011/11/19 12:09:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At31.job

[2011/11/19 12:09:59 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At29.job

[2011/11/19 12:09:58 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At28.job

[2011/11/19 12:09:58 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At27.job

[2011/11/19 12:09:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At26.job

[2011/11/19 12:09:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At24.job

[2011/11/19 12:09:57 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At25.job

[2011/11/19 12:09:56 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At22.job

[2011/11/19 12:09:56 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At23.job

[2011/11/19 12:09:55 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At20.job

[2011/11/19 12:09:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At21.job

[2011/11/19 12:09:55 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At19.job

[2011/11/19 12:09:54 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At18.job

[2011/11/19 12:09:54 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At16.job

[2011/11/19 12:09:54 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At17.job

[2011/11/19 12:09:53 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At14.job

[2011/11/19 12:09:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At15.job

[2011/11/19 12:09:53 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At13.job

[2011/11/19 12:09:52 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At12.job

[2011/11/19 12:09:52 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At11.job

[2011/11/19 12:09:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At8.job

[2011/11/19 12:09:51 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At10.job

[2011/11/19 12:09:51 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At9.job

[2011/11/19 12:09:50 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At6.job

[2011/11/19 12:09:50 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At7.job

[2011/11/19 12:09:50 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At5.job

[2011/11/19 12:09:49 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At4.job

[2011/11/19 12:09:48 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At2.job

[2011/11/19 12:09:48 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At3.job

[2011/11/19 12:09:47 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At1.job

[2011/11/16 12:01:47 | 000,196,308 | ---- | C] () -- C:\Users\David\Desktop\faa36efafa67ff6a370aee99b7999a27.jpg

[2011/11/02 10:40:05 | 280,426,074 | ---- | C] () -- C:\Users\David\Desktop\OL_DH.wmv

[2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011/07/03 20:33:56 | 000,019,110 | ---- | C] () -- C:\Users\David\AppData\Roaming\E51A.042

[2011/06/19 12:41:28 | 000,011,164 | -HS- | C] () -- C:\Users\David\AppData\Local\uo6g70ger150gv8y5a8ec20r263037

[2011/06/19 12:41:28 | 000,011,164 | -HS- | C] () -- C:\ProgramData\uo6g70ger150gv8y5a8ec20r263037

[2011/05/23 00:04:52 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2011/01/08 23:06:23 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/11/25 22:43:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2010/11/25 22:43:33 | 000,030,243 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2010/09/28 15:11:21 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe

[2010/07/11 11:52:31 | 000,068,206 | ---- | C] () -- C:\Users\David\AppData\Roaming\icarus-dxdiag.xml

[2010/03/21 02:10:06 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010/03/14 17:21:25 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010/03/14 14:08:38 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/03/14 14:08:18 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010/03/14 13:11:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 18:24:58 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009/04/02 15:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[2009/02/19 06:35:10 | 000,049,152 | R--- | C] () -- C:\Windows\DAOD.exe

========== LOP Check ==========

[2011/07/27 00:54:16 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.minecraft

[2011/11/20 04:32:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\04C92

[2011/11/18 02:24:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\aNttxxA0ucS2bDp

[2011/05/19 23:15:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Audacity

[2011/03/31 14:22:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DarksporeData

[2011/11/18 02:24:46 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\FwwkkUUVelOtz0y

[2011/11/18 02:24:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GGGG4aaQH6sK7fL

[2011/11/20 04:32:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\kAA0uvS2iF3pG5H

[2011/11/20 04:25:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LeekIBONAu2i3n5

[2011/11/20 04:25:31 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\lOOyyxA0uS2i

[2011/11/20 04:25:50 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\mffRRL9TXj

[2011/05/23 00:06:16 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MinMaxGames

[2011/11/20 04:25:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\muuvS2obFpmGaQ6

[2011/06/09 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Natural Selection 2

[2011/11/18 03:18:16 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OxxxP0ucS1iD3nG

[2011/11/20 04:25:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\P6sWKfEEL9TZjCk

[2011/11/18 13:47:27 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab

[2011/04/06 14:37:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\The Creative Assembly

[2011/11/18 02:24:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\u000yycS1ivD

[2011/11/18 02:24:49 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\yaaQQH66sW7fE9

[2011/11/20 04:25:32 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ynGaHsWK7fL9Tqj

[2011/11/18 02:24:45 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\YwwwkUUVrlOBxPy

[2011/11/30 11:51:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2011/11/29 04:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At10.job

[2011/11/27 05:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At11.job

[2011/11/27 05:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At12.job

[2011/11/27 06:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At13.job

[2011/11/27 06:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At14.job

[2011/11/27 07:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At15.job

[2011/11/27 07:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At16.job

[2011/11/27 08:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At17.job

[2011/11/27 08:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At18.job

[2011/11/27 09:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At19.job

[2011/11/30 00:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2011/11/27 09:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At20.job

[2011/11/27 10:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At21.job

[2011/11/27 10:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At22.job

[2011/11/30 11:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At23.job

[2011/11/30 11:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At24.job

[2011/11/29 12:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At25.job

[2011/11/29 12:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At26.job

[2011/11/29 13:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At27.job

[2011/11/29 13:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At28.job

[2011/11/29 14:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At29.job

[2011/11/30 01:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At3.job

[2011/11/29 14:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At30.job

[2011/11/29 15:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At31.job

[2011/11/29 15:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At32.job

[2011/11/29 16:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At33.job

[2011/11/29 16:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At34.job

[2011/11/29 17:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At35.job

[2011/11/29 17:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At36.job

[2011/11/26 18:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At37.job

[2011/11/26 18:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At38.job

[2011/11/27 19:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At39.job

[2011/11/30 01:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At4.job

[2011/11/27 19:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At40.job

[2011/11/27 20:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At41.job

[2011/11/27 20:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At42.job

[2011/11/27 21:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At43.job

[2011/11/27 21:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At44.job

[2011/11/28 22:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At45.job

[2011/11/28 22:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At46.job

[2011/11/29 23:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At47.job

[2011/11/29 23:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At48.job

[2011/11/30 00:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At49.job

[2011/11/30 02:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At5.job

[2011/11/30 00:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At50.job

[2011/11/30 01:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At51.job

[2011/11/30 01:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At52.job

[2011/11/30 02:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At53.job

[2011/11/30 02:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At54.job

[2011/11/30 03:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At55.job

[2011/11/30 03:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At56.job

[2011/11/29 04:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At57.job

[2011/11/29 04:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At58.job

[2011/11/27 05:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At59.job

[2011/11/30 02:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At6.job

[2011/11/27 05:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At60.job

[2011/11/27 06:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At61.job

[2011/11/27 06:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At62.job

[2011/11/27 07:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At63.job

[2011/11/27 07:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At64.job

[2011/11/27 08:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At65.job

[2011/11/27 08:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At66.job

[2011/11/27 09:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At67.job

[2011/11/27 09:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At68.job

[2011/11/27 10:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At69.job

[2011/11/30 03:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At7.job

[2011/11/27 10:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At70.job

[2011/11/30 11:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At71.job

[2011/11/30 11:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At72.job

[2011/11/29 12:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At73.job

[2011/11/29 12:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At74.job

[2011/11/29 13:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At75.job

[2011/11/29 13:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At76.job

[2011/11/29 14:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At77.job

[2011/11/29 14:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At78.job

[2011/11/29 15:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At79.job

[2011/11/30 03:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At8.job

[2011/11/29 15:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At80.job

[2011/11/29 16:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At81.job

[2011/11/29 16:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At82.job

[2011/11/29 17:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At83.job

[2011/11/29 17:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At84.job

[2011/11/26 18:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At85.job

[2011/11/26 18:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At86.job

[2011/11/27 19:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At87.job

[2011/11/27 19:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At88.job

[2011/11/27 20:54:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At89.job

[2011/11/29 04:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At9.job

[2011/11/27 20:54:01 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At90.job

[2011/11/27 21:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At91.job

[2011/11/27 21:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At92.job

[2011/11/28 22:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At93.job

[2011/11/28 22:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At94.job

[2011/11/29 23:54:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At95.job

[2011/11/29 23:54:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At96.job

[2011/11/29 12:34:56 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Extras

OTL Extras logfile created on: 11/30/2011 11:59:14 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\David\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.93 Gb Available Physical Memory | 73.36% Memory free

8.00 Gb Paging File | 6.84 Gb Available in Paging File | 85.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 232.79 Gb Total Space | 112.45 Gb Free Space | 48.31% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{837B34E3-7C30-493C-8F6A-2B0F04E2912C}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Battlelog Web Plugins" = Battlelog Web Plugins

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"ESN Sonar-0.70.0" = ESN Sonar

"iPod To Computer Transfer_is1" = iPod To Computer Transfer 6.2

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Basic)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"Natural Selection_is1" = Natural Selection 3.2

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PunkBusterSvc" = PunkBuster Services

"StarCraft II" = StarCraft II

"Steam App 218" = Source SDK Base - Orange Box

"Steam App 48210" = The Settlers 7: Paths to a Kingdom - Gold Edition

"Steam App 4920" = Natural Selection 2

"Steam App 72850" = The Elder Scrolls V: Skyrim

"Steam App 8930" = Sid Meier's Civilization V

"SystemRequirementsLab" = System Requirements Lab

"The Proxomitron - Universal Web Filter_is1" = The Proxomitron Ver. Naoko-4.5

"Veetle TV" = Veetle TV 0.9.18

"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-30 12:04:44

-----------------------------

12:04:44.993 OS Version: Windows x64 6.1.7600

12:04:44.993 Number of processors: 2 586 0x6B02

12:04:44.993 ComputerName: DAVID-PC UserName: David

12:04:48.425 Initialize success

12:05:09.773 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:05:09.789 Disk 0 Vendor: SAMSUNG_HD250HJ FH100-06 Size: 238474MB BusType: 3

12:05:11.817 Disk 0 MBR read successfully

12:05:11.817 Disk 0 MBR scan

12:05:11.817 Disk 0 Windows 7 default MBR code

12:05:11.817 Disk 0 MBR hidden

12:05:11.817 Service scanning

12:05:17.729 Modules scanning

12:05:17.729 Disk 0 trace - called modules:

12:05:17.745 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004907334]<<

12:05:17.745 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048dd060]

12:05:17.760 3 CLASSPNP.SYS[fffff880018dd43f] -> nt!IofCallDriver -> [0xfffffa80043679b0]

12:05:17.760 5 ACPI.sys[fffff88000fab781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800440c060]

12:05:17.760 \Driver\atapi[0xfffffa8004337970] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004907334

12:05:18.275 Scan finished successfully

12:05:34.515 Disk 0 MBR has been saved successfully to "C:\Users\David\Desktop\MBR.dat"

12:05:34.515 The log file has been saved successfully to "C:\Users\David\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60061
FF - prefs.js..network.proxy.type: 0
O36 - AppCertDlls: cmdcopy - (C:\Windows\system32\dcom_moh.dll) - File not found
[2011/11/20 04:25:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\mffRRL9TXj
[2011/11/20 04:25:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\LeekIBONAu2i3n5
[2011/11/20 04:25:42 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\P6sWKfEEL9TZjCk
[2011/11/20 04:25:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\kAA0uvS2iF3pG5H
[2011/11/20 04:25:40 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\muuvS2obFpmGaQ6
[2011/11/20 04:25:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ynGaHsWK7fL9Tqj
[2011/11/20 04:25:31 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\lOOyyxA0uS2i
[2011/11/18 02:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\92EA5
[2011/11/18 02:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011/11/18 02:25:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\04C92
[2011/11/18 02:24:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\GGGG4aaQH6sK7fL
[2011/11/18 02:24:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\aNttxxA0ucS2bDp
[2011/11/18 02:24:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\u000yycS1ivD
[2011/11/18 02:24:50 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\OxxxP0ucS1iD3nG
[2011/11/18 02:24:49 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\yaaQQH66sW7fE9
[2011/11/18 02:24:46 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\FwwkkUUVelOtz0y
[2011/11/18 02:24:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\YwwwkUUVrlOBxPy
[2011/11/20 04:25:51 | 000,001,978 | ---- | M] () -- C:\Users\David\Desktop\AV Protection 2011.lnk
[2011/11/19 20:38:29 | 000,000,288 | ---- | M] () -- C:\ProgramData\~qE2lIsE9HvtyZk
[2011/11/19 20:25:39 | 000,000,216 | ---- | M] () -- C:\ProgramData\~qE2lIsE9HvtyZkr
[2011/11/19 20:25:37 | 000,000,673 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
[2011/11/19 20:25:37 | 000,000,649 | ---- | M] () -- C:\Users\David\Desktop\System Fix.lnk
[2011/11/19 12:10:07 | 000,000,000 | ---- | M] () -- C:\ProgramData\TQK4c3K0.dat
[2011/07/03 20:33:56 | 000,019,110 | ---- | C] () -- C:\Users\David\AppData\Roaming\E51A.042
[2011/06/19 12:41:28 | 000,011,164 | -HS- | C] () -- C:\Users\David\AppData\Local\uo6g70ger150gv8y5a8ec20r263037
[2011/06/19 12:41:28 | 000,011,164 | -HS- | C] () -- C:\ProgramData\uo6g70ger150gv8y5a8ec20r263037

:files
C:\Windows\tasks\*.job

:Commands
[emptytemp]
[resethosts]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

All processes killed

========== OTL ==========

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 60061 removed from network.proxy.http_port

Prefs.js: 0 removed from network.proxy.type

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\cmdcopy deleted successfully.

C:\Users\David\AppData\Roaming\mffRRL9TXj folder moved successfully.

C:\Users\David\AppData\Roaming\LeekIBONAu2i3n5 folder moved successfully.

C:\Users\David\AppData\Roaming\P6sWKfEEL9TZjCk folder moved successfully.

C:\Users\David\AppData\Roaming\kAA0uvS2iF3pG5H folder moved successfully.

C:\Users\David\AppData\Roaming\muuvS2obFpmGaQ6 folder moved successfully.

C:\Users\David\AppData\Roaming\ynGaHsWK7fL9Tqj folder moved successfully.

C:\Users\David\AppData\Roaming\lOOyyxA0uS2i folder moved successfully.

C:\Program Files (x86)\92EA5 folder moved successfully.

C:\Program Files (x86)\LP\5570 folder moved successfully.

C:\Program Files (x86)\LP folder moved successfully.

C:\Users\David\AppData\Roaming\04C92 folder moved successfully.

C:\Users\David\AppData\Roaming\GGGG4aaQH6sK7fL folder moved successfully.

C:\Users\David\AppData\Roaming\aNttxxA0ucS2bDp folder moved successfully.

C:\Users\David\AppData\Roaming\u000yycS1ivD folder moved successfully.

C:\Users\David\AppData\Roaming\OxxxP0ucS1iD3nG folder moved successfully.

C:\Users\David\AppData\Roaming\yaaQQH66sW7fE9 folder moved successfully.

C:\Users\David\AppData\Roaming\FwwkkUUVelOtz0y folder moved successfully.

C:\Users\David\AppData\Roaming\YwwwkUUVrlOBxPy folder moved successfully.

C:\Users\David\Desktop\AV Protection 2011.lnk moved successfully.

C:\ProgramData\~qE2lIsE9HvtyZk moved successfully.

C:\ProgramData\~qE2lIsE9HvtyZkr moved successfully.

C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.

C:\Users\David\Desktop\System Fix.lnk moved successfully.

C:\ProgramData\TQK4c3K0.dat moved successfully.

C:\Users\David\AppData\Roaming\E51A.042 moved successfully.

C:\Users\David\AppData\Local\uo6g70ger150gv8y5a8ec20r263037 moved successfully.

C:\ProgramData\uo6g70ger150gv8y5a8ec20r263037 moved successfully.

========== FILES ==========

C:\Windows\tasks\At1.job moved successfully.

C:\Windows\tasks\At10.job moved successfully.

C:\Windows\tasks\At11.job moved successfully.

C:\Windows\tasks\At12.job moved successfully.

C:\Windows\tasks\At13.job moved successfully.

C:\Windows\tasks\At14.job moved successfully.

C:\Windows\tasks\At15.job moved successfully.

C:\Windows\tasks\At16.job moved successfully.

C:\Windows\tasks\At17.job moved successfully.

C:\Windows\tasks\At18.job moved successfully.

C:\Windows\tasks\At19.job moved successfully.

C:\Windows\tasks\At2.job moved successfully.

C:\Windows\tasks\At20.job moved successfully.

C:\Windows\tasks\At21.job moved successfully.

C:\Windows\tasks\At22.job moved successfully.

C:\Windows\tasks\At23.job moved successfully.

C:\Windows\tasks\At24.job moved successfully.

C:\Windows\tasks\At25.job moved successfully.

C:\Windows\tasks\At26.job moved successfully.

C:\Windows\tasks\At27.job moved successfully.

C:\Windows\tasks\At28.job moved successfully.

C:\Windows\tasks\At29.job moved successfully.

C:\Windows\tasks\At3.job moved successfully.

C:\Windows\tasks\At30.job moved successfully.

C:\Windows\tasks\At31.job moved successfully.

C:\Windows\tasks\At32.job moved successfully.

C:\Windows\tasks\At33.job moved successfully.

C:\Windows\tasks\At34.job moved successfully.

C:\Windows\tasks\At35.job moved successfully.

C:\Windows\tasks\At36.job moved successfully.

C:\Windows\tasks\At37.job moved successfully.

C:\Windows\tasks\At38.job moved successfully.

C:\Windows\tasks\At39.job moved successfully.

C:\Windows\tasks\At4.job moved successfully.

C:\Windows\tasks\At40.job moved successfully.

C:\Windows\tasks\At41.job moved successfully.

C:\Windows\tasks\At42.job moved successfully.

C:\Windows\tasks\At43.job moved successfully.

C:\Windows\tasks\At44.job moved successfully.

C:\Windows\tasks\At45.job moved successfully.

C:\Windows\tasks\At46.job moved successfully.

C:\Windows\tasks\At47.job moved successfully.

C:\Windows\tasks\At48.job moved successfully.

C:\Windows\tasks\At49.job moved successfully.

C:\Windows\tasks\At5.job moved successfully.

C:\Windows\tasks\At50.job moved successfully.

C:\Windows\tasks\At51.job moved successfully.

C:\Windows\tasks\At52.job moved successfully.

C:\Windows\tasks\At53.job moved successfully.

C:\Windows\tasks\At54.job moved successfully.

C:\Windows\tasks\At55.job moved successfully.

C:\Windows\tasks\At56.job moved successfully.

C:\Windows\tasks\At57.job moved successfully.

C:\Windows\tasks\At58.job moved successfully.

C:\Windows\tasks\At59.job moved successfully.

C:\Windows\tasks\At6.job moved successfully.

C:\Windows\tasks\At60.job moved successfully.

C:\Windows\tasks\At61.job moved successfully.

C:\Windows\tasks\At62.job moved successfully.

C:\Windows\tasks\At63.job moved successfully.

C:\Windows\tasks\At64.job moved successfully.

C:\Windows\tasks\At65.job moved successfully.

C:\Windows\tasks\At66.job moved successfully.

C:\Windows\tasks\At67.job moved successfully.

C:\Windows\tasks\At68.job moved successfully.

C:\Windows\tasks\At69.job moved successfully.

C:\Windows\tasks\At7.job moved successfully.

C:\Windows\tasks\At70.job moved successfully.

C:\Windows\tasks\At71.job moved successfully.

C:\Windows\tasks\At72.job moved successfully.

C:\Windows\tasks\At73.job moved successfully.

C:\Windows\tasks\At74.job moved successfully.

C:\Windows\tasks\At75.job moved successfully.

C:\Windows\tasks\At76.job moved successfully.

C:\Windows\tasks\At77.job moved successfully.

C:\Windows\tasks\At78.job moved successfully.

C:\Windows\tasks\At79.job moved successfully.

C:\Windows\tasks\At8.job moved successfully.

C:\Windows\tasks\At80.job moved successfully.

C:\Windows\tasks\At81.job moved successfully.

C:\Windows\tasks\At82.job moved successfully.

C:\Windows\tasks\At83.job moved successfully.

C:\Windows\tasks\At84.job moved successfully.

C:\Windows\tasks\At85.job moved successfully.

C:\Windows\tasks\At86.job moved successfully.

C:\Windows\tasks\At87.job moved successfully.

C:\Windows\tasks\At88.job moved successfully.

C:\Windows\tasks\At89.job moved successfully.

C:\Windows\tasks\At9.job moved successfully.

C:\Windows\tasks\At90.job moved successfully.

C:\Windows\tasks\At91.job moved successfully.

C:\Windows\tasks\At92.job moved successfully.

C:\Windows\tasks\At93.job moved successfully.

C:\Windows\tasks\At94.job moved successfully.

C:\Windows\tasks\At95.job moved successfully.

C:\Windows\tasks\At96.job moved successfully.

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David

->Temp folder emptied: 5986682 bytes

->Temporary Internet Files folder emptied: 36430034 bytes

->Java cache emptied: 2491420 bytes

->FireFox cache emptied: 793186797 bytes

->Flash cache emptied: 36350 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 187255302 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51405 bytes

RecycleBin emptied: 13018 bytes

Total Files Cleaned = 978.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12012011_144414

Files\Folders moved on Reboot...

C:\Users\David\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\fla19E9.tmp moved successfully.

File\Folder C:\Windows\temp\flaC660.tmp not found!

C:\Windows\temp\~DF082081D0C34AF447.TMP moved successfully.

C:\Windows\temp\~DF37DE38885356893A.TMP moved successfully.

C:\Windows\temp\~DFC3DA940BF3935913.TMP moved successfully.

C:\Windows\temp\~DFEEFDF272A3FB8A23.TMP moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.