pezdukie Posted December 6, 2011 ID:501640 Share Posted December 6, 2011 Alright, not to hijack this thread, but I've run into the same problem and am in the exact predicament as the OP (Tried the bleepingcomputer.com fix to no avail)Here's my OTL.txt:OTL logfile created on: 12/6/2011 12:03:19 AM - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam\Downloads64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.82% Memory free6.50 Gb Paging File | 5.20 Gb Available in Paging File | 80.03% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 911.51 Gb Total Space | 239.78 Gb Free Space | 26.31% Space Free | Partition Type: NTFSDrive D: | 7.79 Gb Total Space | 0.88 Gb Free Space | 11.23% Space Free | Partition Type: NTFSUnable to calculate disk information.Drive J: | 20.00 Gb Total Space | 19.91 Gb Free Space | 99.56% Space Free | Partition Type: NTFSDrive K: | 512.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDFComputer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/12/06 00:02:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exePRC - [2011/12/05 21:37:15 | 000,908,248 | ---- | M] (Mozilla Corporation) -- B:\Program Files\Mozilla Firefox\firefox.exePRC - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exePRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exePRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exePRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exePRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exePRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXEPRC - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Palm\PDK\tcprelay.exePRC - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe========== Modules (No Company Name) ==========MOD - [2011/08/18 21:31:44 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll========== Win32 Services (SafeList) ==========SRV:64bit: - [2011/03/21 10:17:46 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)SRV:64bit: - [2009/08/25 11:17:18 | 000,294,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)SRV - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)SRV - [2010/10/21 16:01:32 | 000,069,632 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe -- (NovacomD)SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2011/11/04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)DRV:64bit: - [2009/09/04 16:38:28 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)DRV:64bit: - [2009/06/17 10:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)DRV:64bit: - [2009/06/10 14:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) Intel®DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/28 14:48:16 | 000,509,056 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw18bda.sys -- (hcw18bda)DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2008/08/28 01:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)DRV:64bit: - [2007/01/12 17:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 05 0A 2D DE 98 CC 01 [binary data]IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.suggest.enabled: falseFF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.6.4FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Adam\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 20:07:44 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/18 21:31:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/18 21:03:58 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Adam\AppData\Roaming\Move Networks [2009/10/31 15:27:49 | 000,000,000 | -H-D | M][2010/01/10 03:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions[2010/01/10 03:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions[2010/01/20 02:51:03 | 000,000,000 | -H-D | M] (Favicon Picker 3) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}[2011/09/04 03:21:51 | 000,000,000 | -H-D | M] (Roomy Bookmarks Toolbarv) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\ALone-live@ya.ru[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\chachaguidebar@chacha.com[2011/11/28 14:19:57 | 000,000,000 | -H-D | M] ("Advanced Cookie Manager") -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\cookiemgr@jayapal.com[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\firegestures@xuldev.org[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\Foxdie@tanjihay.com[2010/11/28 19:44:01 | 000,000,000 | -H-D | M] (Foxdie for Firefox) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\foxdie_ext_ocelot@foxdie.us[2011/11/08 10:25:57 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\piclens@cooliris.com[2011/11/09 20:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2011/11/09 20:07:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll[2010/12/09 04:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll[2011/05/01 13:47:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2011/11/09 20:07:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dllCHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\gears.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dllCHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dllCHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dllCHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllCHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dllCHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dllCHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dllCHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLLCHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dllCHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dllCHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dllCHR - plugin: Google Update (Enabled) = C:\Users\Adam\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dllCHR - plugin: Facebook Plugin (Enabled) = C:\Users\Adam\AppData\Roaming\Facebook\npfbplugin_1_0_3.dllCHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: Mouse Stroke = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaoofnhgocdbnbeljkmbjdmhbcokfdb\1.9.5.2_0\O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO4:64bit: - HKLM..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent File not foundO4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [QSKDNYNxcKDRT.exe] C:\ProgramData\QSKDNYNxcKDRT.exe ()O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O7 - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7B4E7B-B9E3-4AD8-8175-2FF499561BF1}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B04135EE-1B9E-4716-AA6E-9CD0B96B0F52}: DhcpNameServer = 192.168.100.254O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not foundO20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2011/06/15 09:23:40 | 000,000,175 | R--- | M] () - K:\autorun.inf -- [ UDF ]O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell - "" = AutoRunO33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\AutoRun\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation)O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\configure\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation)O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\install\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation)O33 - MountPoints2\{809fe94c-d6a3-11df-b788-001a92c3e235}\Shell - "" = AutoRunO33 - MountPoints2\{809fe94c-d6a3-11df-b788-001a92c3e235}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=trueO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/12/05 23:58:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2011/12/05 22:27:56 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix[2011/12/05 21:59:25 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes[2011/12/05 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2011/12/05 21:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2011/12/05 21:59:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2011/12/05 21:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2011/12/05 21:49:35 | 009,852,544 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Adam\Desktop\mbam-setup-1.51.2.1300.exe[2011/12/05 21:47:57 | 001,566,512 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123coom.exe[2011/12/05 16:40:39 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Download Manager[2011/12/02 11:37:37 | 000,000,000 | ---D | C] -- C:\Windows\pss[2011/11/22 04:17:08 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc[2011/11/22 04:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc[2011/11/22 04:15:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys[2011/11/22 04:15:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys[2011/11/22 04:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc[2011/11/21 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox[2011/11/21 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle[2011/11/07 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN========== Files - Modified Within 30 Days ==========[2011/12/06 00:04:56 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2011/12/06 00:04:56 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2011/12/05 23:59:55 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2011/12/05 23:59:55 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2011/12/05 23:59:55 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2011/12/05 23:54:06 | 000,000,408 | ---- | M] () -- C:\ProgramData\jeezIQDWHGlfdM[2011/12/05 23:54:06 | 000,000,288 | ---- | M] () -- C:\ProgramData\~jeezIQDWHGlfdM[2011/12/05 23:54:06 | 000,000,200 | ---- | M] () -- C:\ProgramData\~jeezIQDWHGlfdMr[2011/12/05 23:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2011/12/05 23:53:18 | 2616,033,280 | -HS- | M] () -- C:\hiberfil.sys[2011/12/05 23:51:12 | 001,008,114 | -H-- | M] () -- C:\Users\Adam\Desktop\rkill.com[2011/12/05 22:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107165334-3125168533-1496286226-1000UA.job[2011/12/05 22:27:58 | 000,000,682 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk[2011/12/05 22:27:58 | 000,000,658 | -H-- | M] () -- C:\Users\Adam\Desktop\System Fix.lnk[2011/12/05 22:27:38 | 000,352,392 | ---- | M] () -- C:\ProgramData\jeezIQDWHGlfdM.exe[2011/12/05 22:18:25 | 000,445,064 | ---- | M] () -- C:\ProgramData\QSKDNYNxcKDRT.exe[2011/12/05 21:50:03 | 009,852,544 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Adam\Desktop\mbam-setup-1.51.2.1300.exe[2011/12/05 17:22:22 | 3166,840,832 | -H-- | M] () -- C:\Users\Adam\Documents\7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso[2011/12/05 11:40:48 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107165334-3125168533-1496286226-1000Core.job[2011/12/01 17:58:25 | 000,002,972 | -H-- | M] () -- C:\Users\Adam\.recently-used.xbel[2011/11/30 14:46:20 | 000,001,807 | -H-- | M] () -- C:\Users\Adam\Desktop\Spotify.lnk[2011/11/24 12:33:42 | 001,566,512 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123coom.exe[2011/11/22 04:17:09 | 000,000,966 | -H-- | M] () -- C:\Users\Adam\Desktop\MagicDisc.lnk[2011/11/21 22:10:18 | 000,001,109 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk[2011/11/20 23:48:54 | 000,224,987 | -H-- | M] () -- C:\Users\Adam\Documents\1.pdf[2011/11/20 23:46:09 | 000,195,447 | -H-- | M] () -- C:\Users\Adam\Documents\Untitled.pdf[2011/11/13 20:01:51 | 000,007,602 | -H-- | M] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg[2011/11/10 13:58:37 | 000,002,123 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk[2011/11/10 06:54:46 | 000,426,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2011/11/10 06:43:24 | 000,001,191 | -H-- | M] () -- C:\Users\Adam\.opgalaxy7.vr[2011/11/09 22:29:30 | 000,002,061 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk========== Files Created - No Company Name ==========[2011/12/05 23:51:11 | 001,008,114 | -H-- | C] () -- C:\Users\Adam\Desktop\rkill.com[2011/12/05 23:48:58 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk[2011/12/05 23:48:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk[2011/12/05 23:48:58 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk[2011/12/05 23:48:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk[2011/12/05 23:48:58 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk[2011/12/05 23:48:58 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk[2011/12/05 22:28:10 | 000,000,288 | ---- | C] () -- C:\ProgramData\~jeezIQDWHGlfdM[2011/12/05 22:28:10 | 000,000,200 | ---- | C] () -- C:\ProgramData\~jeezIQDWHGlfdMr[2011/12/05 22:27:58 | 000,000,682 | -H-- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk[2011/12/05 22:27:58 | 000,000,658 | -H-- | C] () -- C:\Users\Adam\Desktop\System Fix.lnk[2011/12/05 22:27:47 | 000,000,408 | ---- | C] () -- C:\ProgramData\jeezIQDWHGlfdM[2011/12/05 22:27:38 | 000,352,392 | ---- | C] () -- C:\ProgramData\jeezIQDWHGlfdM.exe[2011/12/05 22:21:25 | 000,445,064 | ---- | C] () -- C:\ProgramData\QSKDNYNxcKDRT.exe[2011/12/05 16:40:46 | 3166,840,832 | -H-- | C] () -- C:\Users\Adam\Documents\7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso[2011/12/01 17:58:25 | 000,002,972 | -H-- | C] () -- C:\Users\Adam\.recently-used.xbel[2011/11/30 14:46:20 | 000,001,807 | -H-- | C] () -- C:\Users\Adam\Desktop\Spotify.lnk[2011/11/30 14:46:20 | 000,001,793 | -H-- | C] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk[2011/11/22 04:17:09 | 000,000,966 | -H-- | C] () -- C:\Users\Adam\Desktop\MagicDisc.lnk[2011/11/21 22:10:18 | 000,001,109 | -H-- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk[2011/11/20 23:48:54 | 000,224,987 | -H-- | C] () -- C:\Users\Adam\Documents\1.pdf[2011/11/20 23:45:58 | 000,195,447 | -H-- | C] () -- C:\Users\Adam\Documents\Untitled.pdf[2011/09/12 16:43:12 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat[2011/03/07 21:10:20 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini[2011/03/07 21:09:09 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll[2011/03/07 21:09:09 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv[2011/01/04 15:30:55 | 000,001,940 | -H-- | C] () -- C:\Users\Adam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini[2010/12/23 20:44:50 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\dglesv2.dll[2010/12/23 20:44:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\dgles.dll[2010/12/23 20:44:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\SDL_mixer.dll[2010/12/23 20:44:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\SDL_image.dll[2010/12/23 20:44:00 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\SDL_ttf.dll[2010/12/23 20:43:52 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\SDL_net.dll[2010/12/23 20:43:36 | 000,270,336 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll[2010/07/09 11:47:40 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\libfreetype.dll[2010/06/25 11:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll[2010/03/31 19:51:35 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll[2010/03/31 19:51:35 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll[2010/03/11 01:43:26 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI[2010/01/22 00:34:57 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2010/01/14 00:10:21 | 000,350,720 | ---- | C] () -- C:\Program Files (x86)\hjsplit.exe[2009/11/16 19:20:36 | 000,007,602 | -H-- | C] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg[2009/11/10 00:56:03 | 000,000,336 | -H-- | C] () -- C:\Users\Adam\AppData\Roaming\settings.dat[2009/10/29 17:47:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll[2009/08/11 14:01:32 | 000,317,952 | ---- | C] () -- C:\Windows\SysWow64\libtiff-3.dll[2009/08/11 14:01:32 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\smpeg.dll[2009/08/11 14:01:32 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\libvorbis-0.dll[2009/08/11 14:01:32 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\libpng12-0.dll[2009/08/11 14:01:32 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\jpeg.dll[2009/08/11 14:01:32 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll[2009/08/11 14:01:32 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\libvorbisfile-3.dll[2009/08/11 14:01:32 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\libogg-0.dll[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2008/10/28 12:54:16 | 005,570,009 | ---- | C] () -- C:\Program Files (x86)\samurize_1.64.3_3.exe========== LOP Check ==========[2009/11/02 22:28:32 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\acccore[2011/04/17 23:04:06 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Downloaded Installations[2010/04/06 18:57:32 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Facebook[2011/07/06 23:27:02 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0[2010/05/12 19:17:04 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn[2009/10/29 17:58:07 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech[2011/11/21 01:40:38 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Nitro PDF[2011/03/07 21:10:22 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\pdf995[2011/12/05 18:33:01 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Spotify[2011/09/12 16:50:46 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Stamps.com Internet Postage[2010/04/06 18:23:29 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\StreamTorrent[2011/02/16 17:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\TaxCut[2010/03/11 01:41:55 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Teleca[2010/01/10 03:46:51 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Thunderbird[2009/11/03 23:31:57 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\TrueCrypt[2011/11/22 01:42:04 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\uTorrent[2009/10/28 21:42:47 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\WinBatch[2011/02/22 01:31:38 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Wireshark[2011/05/06 02:19:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT========== Purity Check ==========< End of report >And here's my Extras.txt:OTL Extras logfile created on: 12/6/2011 12:03:19 AM - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam\Downloads64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.82% Memory free6.50 Gb Paging File | 5.20 Gb Available in Paging File | 80.03% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 911.51 Gb Total Space | 239.78 Gb Free Space | 26.31% Space Free | Partition Type: NTFSDrive D: | 7.79 Gb Total Space | 0.88 Gb Free Space | 11.23% Space Free | Partition Type: NTFSUnable to calculate disk information.Drive J: | 20.00 Gb Total Space | 19.91 Gb Free Space | 99.56% Space Free | Partition Type: NTFSDrive K: | 512.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDFComputer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)[HKEY_USERS\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll"{48140058-E94F-4982-83E2-1EC0183218C4}" = Palm webOS SDK"{59525B55-DE3C-439F-82CC-D4578960DE73}" = Nitro PDF Professional"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{D5DEF071-24AD-4214-9623-3A9B63988E3B}" = Macrium Reflect - Free Edition"{E704008B-0515-490F-83E1-95AA2A7F4641}" = Oracle VM VirtualBox 4.1.6"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"705BB4107F4B3FAEECCDB213EAD10359BBFF3BFA" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"NVIDIA Drivers" = NVIDIA Drivers"WinRAR archiver" = WinRAR archiver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob"{23532305-7458-4592-9D3A-18F15803973A}" = OPNET Model Library Academic Edition 9.1"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 26"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support"{5F8F3C63-2F9F-47E6-B749-2DFE4684C671}" = H&R Block Wisconsin 2010"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{9A657E90-E2B7-44DE-8929-055948162595}" = SPSS 16.0"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool"{DBFA98B2-1D1D-488C-B80D-26057DA9A492}" = OPNET IT Guru Academic Edition 9.1"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint"7-Zip" = 7-Zip 4.65"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"AIM_7" = AIM 7"Audacity_is1" = Audacity 1.2.6"CCleaner" = CCleaner"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows"DeleteOnClick_is1" = DeleteOnClick"ENTERPRISER" = Microsoft Office Enterprise 2007"ImgBurn" = ImgBurn"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer"MagicDisc 2.7.106" = MagicDisc 2.7.106"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)"Pdf995" = Pdf995 (installed by H&R Block)"PdfEdit995" = PdfEdit995 (installed by H&R Block)"RealPlayer 12.0" = RealPlayer"SoftwareUpdUtility" = Download Updater (AOL LLC)"Spotify" = Spotify"Stamps.com" = Stamps.com"StarCraft II" = StarCraft II"StreamTorrent 1.0" = StreamTorrent 1.0"TrueCrypt" = TrueCrypt"uberOptions" = uberOptions 4.80.5"uTorrent" = µTorrent"VLC media player" = VLC media player 1.1.11"Winamp" = Winamp"WinGimp-2.0_is1" = Gimp 2.6.2 Debug"WinPcapInst" = WinPcap 4.1.2"WinX Blu-ray Decrypter_is1" = WinX Blu-ray Decrypter 2.0"Wireshark" = Wireshark 1.4.3"YTdetect" = Yahoo! Detect========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Facebook Plug-In" = Facebook Plug-In"Google Chrome" = Google Chrome"Move Media Player" = Move Media Player"MusicManager" = Music Manager"Spotify" = Spotify"Winamp Detect" = Winamp Detector Plug-in========== Last 10 Event Log Errors ==========[ Application Events ]Error - 11/22/2011 12:10:38 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .Error - 11/22/2011 12:10:38 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .Error - 11/22/2011 6:16:37 AM | Computer Name = Adam-PC | Source = Application Hang | ID = 1002Description = The program setup_magicdisc106.exe version 2.5.0.77 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10fc Start Time: 01cca8ff9ba7d5ed Termination Time: 15 Application Path: C:\Users\Adam\Downloads\setup_magicdisc106.exeReport Id: 0b67517a-14f3-11e1-8cfc-85a0718454f9 Error - 11/30/2011 3:06:08 AM | Computer Name = Adam-PC | Source = Application Hang | ID = 1002Description = The program firefox.exe version 8.0.0.4325 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: cfc Start Time: 01ccaf1c51e6d664 Termination Time: 114 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 9b1db835-1b21-11e1-a79d-001a92c3e235 Error - 12/1/2011 1:42:28 PM | Computer Name = Adam-PC | Source = Application Error | ID = 1000Description = Faulting application name: vlc.exe, version: 1.1.11.0, time stamp: 0x4e1edf37 Faulting module name: vlc.exe, version: 1.1.11.0, time stamp: 0x4e1edf37Exception code: 0xc0000005 Fault offset: 0x0000174c Faulting process id: 0x1020 Faulting application start time: 0x01ccb05093e2a503 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exeFaulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: d5c557e5-1c43-11e1-a79d-001a92c3e235Error - 12/2/2011 1:38:08 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .Error - 12/6/2011 12:22:15 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .Error - 12/6/2011 12:22:15 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .Error - 12/6/2011 12:22:30 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .Error - 12/6/2011 12:22:30 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. .[ OSession Events ]Error - 2/2/2010 12:26:19 AM | Computer Name = Adam-PC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40 seconds with 0 seconds of active time. This session ended with a crash.[ System Events ]Error - 5/12/2011 4:25:18 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2492386).Error - 5/12/2011 4:25:18 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2529073).Error - 5/12/2011 4:25:25 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB982018).Error - 5/12/2011 8:27:20 PM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7016Description = The NVIDIA Display Driver Service service has reported an invalid current state 32.Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2515325).Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2534366).Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2522422).Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2492386).Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2529073).Error - 5/12/2011 8:51:50 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20Description = Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB982018).< End of report >Any help would be greatly appreciated. The OTL report was run after RKill had already been run on this boot; I hope that doesn't affect the results? Also, the computer is a dual-booted Windows Vista/Windows 7 machine and only the Windows 7 hard drive is infected at this point. Let me know if there's any other information needed. Link to post Share on other sites More sharing options...
Staff screen317 Posted December 19, 2011 Staff ID:506475 Share Posted December 19, 2011 Hi and welcome to Malwarebytes. Please update MBAM, run a Quick Scan, and post its log. Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofix When the tool is finished, it will produce a report for you.Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system. Link to post Share on other sites More sharing options...
Recommended Posts