Jump to content

pezdukie


Recommended Posts

Alright, not to hijack this thread, but I've run into the same problem and am in the exact predicament as the OP (Tried the bleepingcomputer.com fix to no avail)

Here's my OTL.txt:

OTL logfile created on: 12/6/2011 12:03:19 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.82% Memory free

6.50 Gb Paging File | 5.20 Gb Available in Paging File | 80.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.51 Gb Total Space | 239.78 Gb Free Space | 26.31% Space Free | Partition Type: NTFS

Drive D: | 7.79 Gb Total Space | 0.88 Gb Free Space | 11.23% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive J: | 20.00 Gb Total Space | 19.91 Gb Free Space | 99.56% Space Free | Partition Type: NTFS

Drive K: | 512.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 00:02:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe

PRC - [2011/12/05 21:37:15 | 000,908,248 | ---- | M] (Mozilla Corporation) -- B:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

PRC - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

PRC - [2011/10/24 17:02:00 | 002,468,200 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

PRC - [2011/10/24 17:00:40 | 001,922,920 | ---- | M] () -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

PRC - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Palm\PDK\tcprelay.exe

PRC - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2011/08/18 21:31:44 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/21 10:17:46 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)

SRV:64bit: - [2009/08/25 11:17:18 | 000,294,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)

SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011/11/10 00:04:50 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)

SRV - [2011/10/24 17:02:04 | 000,520,040 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/03/21 10:17:56 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2010/12/23 20:45:00 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Palm\PDK\tcprelay.exe -- (Palm_TCP_Relay)

SRV - [2010/10/21 16:01:32 | 000,069,632 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files (x86)\Palm\SDK\bin\novacomd\amd64\novacomd.exe -- (NovacomD)

SRV - [2010/06/25 11:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/23 15:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/04 12:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/06 21:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)

DRV:64bit: - [2010/06/25 11:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/09/04 16:38:28 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)

DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/17 10:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV:64bit: - [2009/06/10 14:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) Intel®

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/28 14:48:16 | 000,509,056 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hcw18bda.sys -- (hcw18bda)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2009/01/13 09:48:18 | 001,187,840 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2008/08/28 01:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2007/01/12 17:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 05 0A 2D DE 98 CC 01 [binary data]

IE - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: chachaguidebar@chacha.com:1.2

FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6

FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4

FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: Foxdie@tanjihay.com:3.6.4

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Adam\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/09 20:07:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/18 21:31:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/18 21:03:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Adam\AppData\Roaming\Move Networks [2009/10/31 15:27:49 | 000,000,000 | -H-D | M]

[2010/01/10 03:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions

[2010/01/10 03:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions

[2010/01/20 02:51:03 | 000,000,000 | -H-D | M] (Favicon Picker 3) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}

[2011/09/04 03:21:51 | 000,000,000 | -H-D | M] (Roomy Bookmarks Toolbarv) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\ALone-live@ya.ru

[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\chachaguidebar@chacha.com

[2011/11/28 14:19:57 | 000,000,000 | -H-D | M] ("Advanced Cookie Manager") -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\cookiemgr@jayapal.com

[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\firegestures@xuldev.org

[2011/12/05 23:58:49 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\Foxdie@tanjihay.com

[2010/11/28 19:44:01 | 000,000,000 | -H-D | M] (Foxdie for Firefox) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\foxdie_ext_ocelot@foxdie.us

[2011/11/08 10:25:57 | 000,000,000 | -H-D | M] (Cooliris) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\a1r27n08.default\extensions\piclens@cooliris.com

[2011/11/09 20:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/11/09 20:07:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2010/12/09 04:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2011/05/01 13:47:33 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/09 20:07:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Adam\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Adam\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Adam\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Mouse Stroke = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeaoofnhgocdbnbeljkmbjdmhbcokfdb\1.9.5.2_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O4:64bit: - HKLM..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found

O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QSKDNYNxcKDRT.exe] C:\ProgramData\QSKDNYNxcKDRT.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E7B4E7B-B9E3-4AD8-8175-2FF499561BF1}: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B04135EE-1B9E-4716-AA6E-9CD0B96B0F52}: DhcpNameServer = 192.168.100.254

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/06/15 09:23:40 | 000,000,175 | R--- | M] () - K:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell - "" = AutoRun

O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\AutoRun\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\configure\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{08050827-0b9b-11e1-8cfc-85a0718454f9}\Shell\install\command - "" = K:\setup.exe -- [2010/06/25 10:48:12 | 001,100,664 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{809fe94c-d6a3-11df-b788-001a92c3e235}\Shell - "" = AutoRun

O33 - MountPoints2\{809fe94c-d6a3-11df-b788-001a92c3e235}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 23:58:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/12/05 22:27:56 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

[2011/12/05 21:59:25 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes

[2011/12/05 21:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/12/05 21:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/12/05 21:59:14 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/12/05 21:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/12/05 21:49:35 | 009,852,544 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Adam\Desktop\mbam-setup-1.51.2.1300.exe

[2011/12/05 21:47:57 | 001,566,512 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123coom.exe

[2011/12/05 16:40:39 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Download Manager

[2011/12/02 11:37:37 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011/11/22 04:17:08 | 000,000,000 | -H-D | C] -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/11/22 04:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc

[2011/11/22 04:15:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys

[2011/11/22 04:15:13 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys

[2011/11/22 04:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc

[2011/11/21 22:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox

[2011/11/21 22:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2011/11/07 15:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

========== Files - Modified Within 30 Days ==========

[2011/12/06 00:04:56 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/12/06 00:04:56 | 000,013,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/12/05 23:59:55 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/12/05 23:59:55 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/12/05 23:59:55 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/12/05 23:54:06 | 000,000,408 | ---- | M] () -- C:\ProgramData\jeezIQDWHGlfdM

[2011/12/05 23:54:06 | 000,000,288 | ---- | M] () -- C:\ProgramData\~jeezIQDWHGlfdM

[2011/12/05 23:54:06 | 000,000,200 | ---- | M] () -- C:\ProgramData\~jeezIQDWHGlfdMr

[2011/12/05 23:53:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/12/05 23:53:18 | 2616,033,280 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/05 23:51:12 | 001,008,114 | -H-- | M] () -- C:\Users\Adam\Desktop\rkill.com

[2011/12/05 22:43:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107165334-3125168533-1496286226-1000UA.job

[2011/12/05 22:27:58 | 000,000,682 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/05 22:27:58 | 000,000,658 | -H-- | M] () -- C:\Users\Adam\Desktop\System Fix.lnk

[2011/12/05 22:27:38 | 000,352,392 | ---- | M] () -- C:\ProgramData\jeezIQDWHGlfdM.exe

[2011/12/05 22:18:25 | 000,445,064 | ---- | M] () -- C:\ProgramData\QSKDNYNxcKDRT.exe

[2011/12/05 21:50:03 | 009,852,544 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Adam\Desktop\mbam-setup-1.51.2.1300.exe

[2011/12/05 17:22:22 | 3166,840,832 | -H-- | M] () -- C:\Users\Adam\Documents\7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso

[2011/12/05 11:40:48 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1107165334-3125168533-1496286226-1000Core.job

[2011/12/01 17:58:25 | 000,002,972 | -H-- | M] () -- C:\Users\Adam\.recently-used.xbel

[2011/11/30 14:46:20 | 000,001,807 | -H-- | M] () -- C:\Users\Adam\Desktop\Spotify.lnk

[2011/11/24 12:33:42 | 001,566,512 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123coom.exe

[2011/11/22 04:17:09 | 000,000,966 | -H-- | M] () -- C:\Users\Adam\Desktop\MagicDisc.lnk

[2011/11/21 22:10:18 | 000,001,109 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk

[2011/11/20 23:48:54 | 000,224,987 | -H-- | M] () -- C:\Users\Adam\Documents\1.pdf

[2011/11/20 23:46:09 | 000,195,447 | -H-- | M] () -- C:\Users\Adam\Documents\Untitled.pdf

[2011/11/13 20:01:51 | 000,007,602 | -H-- | M] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg

[2011/11/10 13:58:37 | 000,002,123 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2011/11/10 06:54:46 | 000,426,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/11/10 06:43:24 | 000,001,191 | -H-- | M] () -- C:\Users\Adam\.opgalaxy7.vr

[2011/11/09 22:29:30 | 000,002,061 | -H-- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/12/05 23:51:11 | 001,008,114 | -H-- | C] () -- C:\Users\Adam\Desktop\rkill.com

[2011/12/05 23:48:58 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2011/12/05 23:48:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2011/12/05 23:48:58 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2011/12/05 23:48:58 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2011/12/05 23:48:58 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2011/12/05 23:48:58 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2011/12/05 22:28:10 | 000,000,288 | ---- | C] () -- C:\ProgramData\~jeezIQDWHGlfdM

[2011/12/05 22:28:10 | 000,000,200 | ---- | C] () -- C:\ProgramData\~jeezIQDWHGlfdMr

[2011/12/05 22:27:58 | 000,000,682 | -H-- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk

[2011/12/05 22:27:58 | 000,000,658 | -H-- | C] () -- C:\Users\Adam\Desktop\System Fix.lnk

[2011/12/05 22:27:47 | 000,000,408 | ---- | C] () -- C:\ProgramData\jeezIQDWHGlfdM

[2011/12/05 22:27:38 | 000,352,392 | ---- | C] () -- C:\ProgramData\jeezIQDWHGlfdM.exe

[2011/12/05 22:21:25 | 000,445,064 | ---- | C] () -- C:\ProgramData\QSKDNYNxcKDRT.exe

[2011/12/05 16:40:46 | 3166,840,832 | -H-- | C] () -- C:\Users\Adam\Documents\7601.17514.101119-1850_x64fre_server_eval_en-us-GRMSXEVAL_EN_DVD.iso

[2011/12/01 17:58:25 | 000,002,972 | -H-- | C] () -- C:\Users\Adam\.recently-used.xbel

[2011/11/30 14:46:20 | 000,001,807 | -H-- | C] () -- C:\Users\Adam\Desktop\Spotify.lnk

[2011/11/30 14:46:20 | 000,001,793 | -H-- | C] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

[2011/11/22 04:17:09 | 000,000,966 | -H-- | C] () -- C:\Users\Adam\Desktop\MagicDisc.lnk

[2011/11/21 22:10:18 | 000,001,109 | -H-- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk

[2011/11/20 23:48:54 | 000,224,987 | -H-- | C] () -- C:\Users\Adam\Documents\1.pdf

[2011/11/20 23:45:58 | 000,195,447 | -H-- | C] () -- C:\Users\Adam\Documents\Untitled.pdf

[2011/09/12 16:43:12 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat

[2011/03/07 21:10:20 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini

[2011/03/07 21:09:09 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll

[2011/03/07 21:09:09 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv

[2011/01/04 15:30:55 | 000,001,940 | -H-- | C] () -- C:\Users\Adam\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2010/12/23 20:44:50 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\dglesv2.dll

[2010/12/23 20:44:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\dgles.dll

[2010/12/23 20:44:34 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\SDL_mixer.dll

[2010/12/23 20:44:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\SDL_image.dll

[2010/12/23 20:44:00 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\SDL_ttf.dll

[2010/12/23 20:43:52 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\SDL_net.dll

[2010/12/23 20:43:36 | 000,270,336 | ---- | C] () -- C:\Windows\SysWow64\SDL.dll

[2010/07/09 11:47:40 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\libfreetype.dll

[2010/06/25 11:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2010/03/31 19:51:35 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll

[2010/03/31 19:51:35 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll

[2010/03/11 01:43:26 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI

[2010/01/22 00:34:57 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/01/14 00:10:21 | 000,350,720 | ---- | C] () -- C:\Program Files (x86)\hjsplit.exe

[2009/11/16 19:20:36 | 000,007,602 | -H-- | C] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg

[2009/11/10 00:56:03 | 000,000,336 | -H-- | C] () -- C:\Users\Adam\AppData\Roaming\settings.dat

[2009/10/29 17:47:32 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/09/16 17:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll

[2009/08/11 14:01:32 | 000,317,952 | ---- | C] () -- C:\Windows\SysWow64\libtiff-3.dll

[2009/08/11 14:01:32 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\smpeg.dll

[2009/08/11 14:01:32 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\libvorbis-0.dll

[2009/08/11 14:01:32 | 000,131,072 | ---- | C] () -- C:\Windows\SysWow64\libpng12-0.dll

[2009/08/11 14:01:32 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\jpeg.dll

[2009/08/11 14:01:32 | 000,070,656 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[2009/08/11 14:01:32 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\libvorbisfile-3.dll

[2009/08/11 14:01:32 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\libogg-0.dll

[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2008/10/28 12:54:16 | 005,570,009 | ---- | C] () -- C:\Program Files (x86)\samurize_1.64.3_3.exe

========== LOP Check ==========

[2009/11/02 22:28:32 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\acccore

[2011/04/17 23:04:06 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Downloaded Installations

[2010/04/06 18:57:32 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Facebook

[2011/07/06 23:27:02 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0

[2010/05/12 19:17:04 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn

[2009/10/29 17:58:07 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech

[2011/11/21 01:40:38 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Nitro PDF

[2011/03/07 21:10:22 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\pdf995

[2011/12/05 18:33:01 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Spotify

[2011/09/12 16:50:46 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Stamps.com Internet Postage

[2010/04/06 18:23:29 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\StreamTorrent

[2011/02/16 17:11:48 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\TaxCut

[2010/03/11 01:41:55 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Teleca

[2010/01/10 03:46:51 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Thunderbird

[2009/11/03 23:31:57 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\TrueCrypt

[2011/11/22 01:42:04 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\uTorrent

[2009/10/28 21:42:47 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\WinBatch

[2011/02/22 01:31:38 | 000,000,000 | -H-D | M] -- C:\Users\Adam\AppData\Roaming\Wireshark

[2011/05/06 02:19:30 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

And here's my Extras.txt:

OTL Extras logfile created on: 12/6/2011 12:03:19 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Adam\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.82% Memory free

6.50 Gb Paging File | 5.20 Gb Available in Paging File | 80.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.51 Gb Total Space | 239.78 Gb Free Space | 26.31% Space Free | Partition Type: NTFS

Drive D: | 7.79 Gb Total Space | 0.88 Gb Free Space | 11.23% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Drive J: | 20.00 Gb Total Space | 19.91 Gb Free Space | 99.56% Space Free | Partition Type: NTFS

Drive K: | 512.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{48140058-E94F-4982-83E2-1EC0183218C4}" = Palm webOS SDK

"{59525B55-DE3C-439F-82CC-D4578960DE73}" = Nitro PDF Professional

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{D5DEF071-24AD-4214-9623-3A9B63988E3B}" = Macrium Reflect - Free Edition

"{E704008B-0515-490F-83E1-95AA2A7F4641}" = Oracle VM VirtualBox 4.1.6

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"705BB4107F4B3FAEECCDB213EAD10359BBFF3BFA" = Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1)

"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)

"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob

"{23532305-7458-4592-9D3A-18F15803973A}" = OPNET Model Library Academic Edition 9.1

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 26

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5F8F3C63-2F9F-47E6-B749-2DFE4684C671}" = H&R Block Wisconsin 2010

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9A657E90-E2B7-44DE-8929-055948162595}" = SPSS 16.0

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{DBFA98B2-1D1D-488C-B80D-26057DA9A492}" = OPNET IT Guru Academic Edition 9.1

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM_7" = AIM 7

"Audacity_is1" = Audacity 1.2.6

"CCleaner" = CCleaner

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"DeleteOnClick_is1" = DeleteOnClick

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ImgBurn" = ImgBurn

"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer

"MagicDisc 2.7.106" = MagicDisc 2.7.106

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)

"Pdf995" = Pdf995 (installed by H&R Block)

"PdfEdit995" = PdfEdit995 (installed by H&R Block)

"RealPlayer 12.0" = RealPlayer

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Spotify" = Spotify

"Stamps.com" = Stamps.com

"StarCraft II" = StarCraft II

"StreamTorrent 1.0" = StreamTorrent 1.0

"TrueCrypt" = TrueCrypt

"uberOptions" = uberOptions 4.80.5

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"Winamp" = Winamp

"WinGimp-2.0_is1" = Gimp 2.6.2 Debug

"WinPcapInst" = WinPcap 4.1.2

"WinX Blu-ray Decrypter_is1" = WinX Blu-ray Decrypter 2.0

"Wireshark" = Wireshark 1.4.3

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1107165334-3125168533-1496286226-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Facebook Plug-In" = Facebook Plug-In

"Google Chrome" = Google Chrome

"Move Media Player" = Move Media Player

"MusicManager" = Music Manager

"Spotify" = Spotify

"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/22/2011 12:10:38 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 11/22/2011 12:10:38 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 11/22/2011 6:16:37 AM | Computer Name = Adam-PC | Source = Application Hang | ID = 1002

Description = The program setup_magicdisc106.exe version 2.5.0.77 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 10fc Start

Time: 01cca8ff9ba7d5ed Termination Time: 15 Application Path: C:\Users\Adam\Downloads\setup_magicdisc106.exe

Report

Id: 0b67517a-14f3-11e1-8cfc-85a0718454f9

Error - 11/30/2011 3:06:08 AM | Computer Name = Adam-PC | Source = Application Hang | ID = 1002

Description = The program firefox.exe version 8.0.0.4325 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: cfc Start

Time: 01ccaf1c51e6d664 Termination Time: 114 Application Path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Report Id: 9b1db835-1b21-11e1-a79d-001a92c3e235

Error - 12/1/2011 1:42:28 PM | Computer Name = Adam-PC | Source = Application Error | ID = 1000

Description = Faulting application name: vlc.exe, version: 1.1.11.0, time stamp:

0x4e1edf37 Faulting module name: vlc.exe, version: 1.1.11.0, time stamp: 0x4e1edf37

Exception

code: 0xc0000005 Fault offset: 0x0000174c Faulting process id: 0x1020 Faulting application

start time: 0x01ccb05093e2a503 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Faulting

module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe Report Id: d5c557e5-1c43-11e1-a79d-001a92c3e235

Error - 12/2/2011 1:38:08 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 12/6/2011 12:22:15 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 12/6/2011 12:22:15 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 12/6/2011 12:22:30 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 12/6/2011 12:22:30 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ OSession Events ]

Error - 2/2/2010 12:26:19 AM | Computer Name = Adam-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 5/12/2011 4:25:18 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2492386).

Error - 5/12/2011 4:25:18 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2529073).

Error - 5/12/2011 4:25:25 AM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB982018).

Error - 5/12/2011 8:27:20 PM | Computer Name = Adam-PC | Source = Service Control Manager | ID = 7016

Description = The NVIDIA Display Driver Service service has reported an invalid

current state 32.

Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2515325).

Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2534366).

Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2522422).

Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2492386).

Error - 5/12/2011 8:51:41 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB2529073).

Error - 5/12/2011 8:51:50 PM | Computer Name = Adam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x800705b4: Update for Windows 7 for x64-based Systems (KB982018).

< End of report >

Any help would be greatly appreciated. The OTL report was run after RKill had already been run on this boot; I hope that doesn't affect the results? Also, the computer is a dual-booted Windows Vista/Windows 7 machine and only the Windows 7 hard drive is infected at this point. Let me know if there's any other information needed.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.