Like a bunch of other people, i can't get rid of Sirefef.Y or Rootkit.0Access

[ThreeSloth]

I've been trying to use MalwareBytes, TDSSKiller, Rkill, Trend Micro, and Windows Defender Offline.

Defender Offline actually gets everything except Sirefef.Y, which it can't remove, then when I restart, everything is back. I had everything off for a couple days and then it all reappeared.

Not only did it reappear, it disabled Microsoft Essentials completely and suddenly, which was the only thing blocking the repropogating Sirefef.B

So hopefully someone can help out?

[Maniac]

Hello ThreeSloth and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[ThreeSloth]

I am currently caught again in the Windows Has A critical Problem and restarts in 1 minute loop, so the scan can't finish before it shuts down on me. Very annoying

[ThreeSloth]

Ok, after babysitter the process I had to kill MSE a few times and the scan finished.

OTL logfile created on: 7/1/2012 12:33:52 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Goat\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.58 Gb Available Physical Memory | 88.21% Memory free

35.99 Gb Paging File | 34.60 Gb Available in Paging File | 96.13% Paging File free

Paging file location(s): c:\pagefile.sys 0 0l:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 179.45 Gb Total Space | 67.03 Gb Free Space | 37.35% Space Free | Partition Type: NTFS

Drive D: | 14.53 Gb Total Space | 14.19 Gb Free Space | 97.66% Space Free | Partition Type: NTFS

Drive E: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 558.89 Gb Total Space | 331.74 Gb Free Space | 59.36% Space Free | Partition Type: NTFS

Drive I: | 74.51 Gb Total Space | 0.41 Gb Free Space | 0.54% Space Free | Partition Type: FAT32

Drive K: | 1863.01 Gb Total Space | 96.93 Gb Free Space | 5.20% Space Free | Partition Type: NTFS

Drive L: | 279.45 Gb Total Space | 7.59 Gb Free Space | 2.72% Space Free | Partition Type: NTFS

Drive N: | 100.01 Gb Total Space | 18.45 Gb Free Space | 18.45% Space Free | Partition Type: NTFS

Computer Name: BYZANTIUM | User Name: Goat | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 12:18:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Goat\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/04/05 19:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2010/11/20 06:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\snmp.exe -- (SNMP)

SRV:64bit: - [2010/04/15 19:02:06 | 002,430,304 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV:64bit: - [2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (wuauserv)

SRV - [2012/06/26 20:24:06 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/16 02:30:59 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/05/27 23:24:06 | 001,859,584 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\Mcx2Svc.dll -- (Mcx2Svc)

SRV - [2011/10/25 00:03:21 | 000,075,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2010/11/20 05:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)

SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/18 19:31:26 | 000,072,304 | R--- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)

SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/10 03:57:56 | 000,605,976 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/05 22:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/04/05 18:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/23 21:28:35 | 000,502,256 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/06/01 16:32:34 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)

DRV:64bit: - [2010/06/01 16:32:34 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)

DRV:64bit: - [2010/06/01 16:32:33 | 000,235,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)

DRV:64bit: - [2010/06/01 16:32:32 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)

DRV:64bit: - [2010/05/06 02:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/04/21 15:59:16 | 000,073,216 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)

DRV:64bit: - [2010/04/09 14:17:24 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2010/04/09 14:17:20 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2010/04/06 16:30:20 | 000,021,544 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)

DRV:64bit: - [2010/03/10 11:29:28 | 000,052,144 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)

DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2010/01/27 01:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/12/21 12:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/11/20 04:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/11/20 04:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/11/11 17:44:26 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2012/07/01 12:25:50 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2010/08/15 13:35:51 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)

DRV - [2010/08/15 13:33:43 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)

DRV - [2010/07/01 04:44:34 | 000,052,352 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys -- (AODDriver2)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 BD 00 2B 66 F9 CA 01 [binary data]

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\..\SearchScopes,DefaultScope = {8203D70F-899F-4341-8996-3F850C354306}

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\..\SearchScopes\{8203D70F-899F-4341-8996-3F850C354306}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.3: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}

CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Goat\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = G:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - Extension: YouTube = C:\Users\Goat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Goat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\Goat\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\

CHR - Extension: Gmail = C:\Users\Goat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/30 21:27:54 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)

O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)

O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)

O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe" File not found

O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [MSIAfterburner] C:\Program Files (x86)\MSI Afterburner\MSIAfterburnerWrapper.exe ()

O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)

O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\NagaTray.exe (Razer USA Ltd)

O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe" File not found

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1371545983-2961928761-602670508-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{090D488E-4431-402F-A819-E0BFE996257F}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/07/14 02:29:38 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]

O33 - MountPoints2\{1c34b3df-655d-11df-8c97-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{1c34b3df-655d-11df-8c97-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2009/07/14 02:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation)

O33 - MountPoints2\{71e79002-7eb0-11df-9ccc-000fb5444cb4}\Shell - "" = AutoRun

O33 - MountPoints2\{71e79002-7eb0-11df-9ccc-000fb5444cb4}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{bc374e2e-65d0-11df-8f9c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{bc374e2e-65d0-11df-8f9c-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Run.exe

O33 - MountPoints2\{eab1ee37-f782-11df-966a-000fb5444cb4}\Shell\Option1\Command - "" = M:\HBCD\Wintools\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 12:17:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Goat\Desktop\OTL.exe

[2012/07/01 02:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2012/07/01 02:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/06/30 21:09:57 | 000,000,000 | ---D | C] -- C:\Users\Goat\DoctorWeb

[2012/06/30 17:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/06/26 15:16:58 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware

[2012/06/19 19:43:12 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys

[2012/06/14 13:25:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2012/06/13 10:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/06/13 10:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT

[2012/06/13 10:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/06/13 10:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center

[2012/06/01 13:03:56 | 000,000,000 | ---D | C] -- C:\Users\Goat\Documents\Image Data Converter SR

========== Files - Modified Within 30 Days ==========

[2012/07/01 12:32:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/01 12:32:02 | 1071,816,702 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/01 12:27:42 | 000,029,220 | ---- | M] () -- C:\Windows\SysWow64\jcsball.dat

[2012/07/01 12:27:42 | 000,008,284 | ---- | M] () -- C:\Windows\SysWow64\jcsb.new

[2012/07/01 12:27:42 | 000,005,365 | ---- | M] () -- C:\Windows\SysWow64\jerror.dat

[2012/07/01 12:25:29 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/01 12:18:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Goat\Desktop\OTL.exe

[2012/07/01 02:51:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/07/01 02:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/01 02:50:24 | 000,743,364 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/07/01 02:50:24 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/01 02:50:24 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/01 02:49:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/01 02:49:21 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/01 02:47:32 | 000,729,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/01 02:45:35 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync

[2012/07/01 02:21:38 | 000,003,364 | ---- | M] () -- C:\Users\Goat\Desktop\firewall.reg

[2012/07/01 02:20:38 | 000,001,495 | ---- | M] () -- C:\Users\Goat\Desktop\bfe.reg

[2012/07/01 00:36:45 | 007,765,074 | ---- | M] () -- C:\Users\Goat\AppData\Local\census.cache

[2012/07/01 00:36:34 | 000,116,348 | ---- | M] () -- C:\Users\Goat\AppData\Local\ars.cache

[2012/07/01 00:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/30 21:27:54 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/06/30 16:21:13 | 1771,309,135 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/06/30 15:58:19 | 088,285,672 | ---- | M] () -- C:\Users\Goat\Desktop\a22c2r2w.exe

[2012/06/30 15:45:48 | 001,012,656 | ---- | M] () -- C:\Users\Goat\Desktop\rkill.exe

[2012/06/30 14:55:00 | 000,849,902 | ---- | M] () -- C:\Users\Goat\Desktop\Sooooo Newer stuff.m3u

[2012/06/30 00:52:38 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/06/29 02:16:56 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012/06/26 17:29:08 | 000,234,000 | ---- | M] () -- C:\Windows\RegBootClean64.exe

[2012/06/13 07:29:59 | 000,277,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/01 12:25:56 | 000,029,220 | ---- | C] () -- C:\Windows\SysWow64\jcsball.dat

[2012/07/01 12:25:56 | 000,008,284 | ---- | C] () -- C:\Windows\SysWow64\jcsb.new

[2012/07/01 12:25:56 | 000,005,365 | ---- | C] () -- C:\Windows\SysWow64\jerror.dat

[2012/07/01 02:50:26 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/07/01 02:44:34 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync

[2012/07/01 02:25:55 | 000,005,256 | ---- | C] () -- C:\Users\Goat\Desktop\wscsvc.reg

[2012/07/01 02:21:38 | 000,003,364 | ---- | C] () -- C:\Users\Goat\Desktop\firewall.reg

[2012/07/01 02:20:38 | 000,001,495 | ---- | C] () -- C:\Users\Goat\Desktop\bfe.reg

[2012/06/30 21:31:49 | 000,001,696 | ---- | C] () -- C:\Users\Goat\AppData\Local\{4accc2e2-2579-6676-a460-8a10e4736a7d}\U\00000001.@

[2012/06/30 19:26:01 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{4accc2e2-2579-6676-a460-8a10e4736a7d}\U\00000001.@

[2012/06/30 16:21:13 | 1771,309,135 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/06/30 15:53:15 | 088,285,672 | ---- | C] () -- C:\Users\Goat\Desktop\a22c2r2w.exe

[2012/06/30 15:45:48 | 001,012,656 | ---- | C] () -- C:\Users\Goat\Desktop\rkill.exe

[2012/06/26 20:27:31 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/06/26 20:27:20 | 000,743,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/06/26 17:29:08 | 000,234,000 | ---- | C] () -- C:\Windows\RegBootClean64.exe

[2012/06/26 14:07:59 | 1071,816,702 | -HS- | C] () -- C:\hiberfil.sys

[2012/06/22 16:37:19 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\LOL Recorder.lnk

[2012/05/27 23:24:06 | 001,859,584 | ---- | C] () -- C:\Windows\SysWow64\Mcx2Svc.dll

[2012/04/05 18:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/04/05 18:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2012/01/11 11:34:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{4accc2e2-2579-6676-a460-8a10e4736a7d}\@

[2012/01/11 11:34:29 | 000,002,048 | -HS- | C] () -- C:\Users\Goat\AppData\Local\{4accc2e2-2579-6676-a460-8a10e4736a7d}\@

[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

[2011/09/29 21:30:13 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011/09/29 21:30:12 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/06/17 18:25:36 | 007,765,074 | ---- | C] () -- C:\Users\Goat\AppData\Local\census.cache

[2011/06/17 18:25:29 | 000,116,348 | ---- | C] () -- C:\Users\Goat\AppData\Local\ars.cache

[2011/01/11 17:39:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/10/16 11:51:22 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI

[2010/10/16 11:50:57 | 000,000,792 | ---- | C] () -- C:\Windows\_delis32.ini

[2010/07/01 23:37:10 | 000,000,036 | ---- | C] () -- C:\Users\Goat\AppData\Local\housecall.guid.cache

[2010/05/22 11:51:57 | 000,000,918 | ---- | C] () -- C:\Users\Goat\AppData\Roaming\coreavc.ini

[2010/05/21 23:53:50 | 000,005,120 | ---- | C] () -- C:\Users\Goat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/21 21:05:46 | 000,007,624 | ---- | C] () -- C:\Users\Goat\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2012/02/29 22:00:50 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\.minecraft

[2010/05/21 22:51:33 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\Aim

[2010/11/23 21:28:06 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\DAEMON Tools Lite

[2012/04/30 14:41:37 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\dclogs

[2010/08/21 23:23:45 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\GonVisor

[2010/07/23 22:56:42 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\HD Tune Pro

[2011/05/28 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\LolClient

[2012/05/23 12:10:41 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\LolClient2

[2011/08/04 20:02:02 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\NCH Swift Sound

[2010/11/07 17:44:37 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\Octoshape

[2011/10/24 23:49:07 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\Origin

[2012/04/26 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\Publish Providers

[2010/10/25 18:51:29 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\RayV

[2010/06/12 08:22:04 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\runic games

[2012/04/26 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\Sony

[2012/04/02 02:13:29 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\Stellarium

[2010/05/21 22:03:48 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\SuperAdBlocker.com

[2012/04/30 14:44:38 | 000,000,000 | -HSD | M] -- C:\Users\Goat\AppData\Roaming\System Services

[2012/06/24 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\uTorrent

[2012/04/26 19:23:44 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\Xilisoft

[2011/01/22 14:55:52 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Users\Goat\Desktop\NO A NEW ONE.m3u:SummaryInformation

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1AAB2E68

< End of report >

OTL Extras logfile created on: 7/1/2012 12:33:52 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Goat\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

12.00 Gb Total Physical Memory | 10.58 Gb Available Physical Memory | 88.21% Memory free

35.99 Gb Paging File | 34.60 Gb Available in Paging File | 96.13% Paging File free

Paging file location(s): c:\pagefile.sys 0 0l:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 179.45 Gb Total Space | 67.03 Gb Free Space | 37.35% Space Free | Partition Type: NTFS

Drive D: | 14.53 Gb Total Space | 14.19 Gb Free Space | 97.66% Space Free | Partition Type: NTFS

Drive E: | 3.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Drive F: | 558.89 Gb Total Space | 331.74 Gb Free Space | 59.36% Space Free | Partition Type: NTFS

Drive I: | 74.51 Gb Total Space | 0.41 Gb Free Space | 0.54% Space Free | Partition Type: FAT32

Drive K: | 1863.01 Gb Total Space | 96.93 Gb Free Space | 5.20% Space Free | Partition Type: NTFS

Drive L: | 279.45 Gb Total Space | 7.59 Gb Free Space | 2.72% Space Free | Partition Type: NTFS

Drive N: | 100.01 Gb Total Space | 18.45 Gb Free Space | 18.45% Space Free | Partition Type: NTFS

Computer Name: BYZANTIUM | User Name: Goat | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0A54DE51-CD51-BF86-81EB-ED2D663FFBD1}" = ATI AVIVO64 Codecs

"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel

"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding

"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64

"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{94BC2440-7087-47E7-885D-EB8E5F22C201}" = Diskeeper 2010 Home

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F97742F0-03A7-11E1-868F-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)

"{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.1218.1 (x64)

"{FE51C8DE-03A7-11E1-88F8-F04DA23A5C58}" = MSVCRT Redists

"CrystalDiskMark_is1" = CrystalDiskMark 3.0.0e

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software

"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1

"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.3

"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese

"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish

"{30F8B542-330F-4B99-9813-7A6C5283D212}_is1" = iCare Data Recovery Software3.7.1

"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite

"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer

"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0409.1

"{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta

"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese

"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1

"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional

"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German

"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive

"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek

"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian

"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari

"{6BF3C41E-F498-430A-A41E-EEDB5FA2A8B9}_is1" = Partition Wizard Professional Edition 5.0

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0

"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common

"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English

"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish

"{9F64A0D3-B0D2-4EE1-9A9D-452BD4459D09}" = Razer Naga

"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A94B49C7-7642-4A61-9BC6-DE823C61D17B}_is1" = DiskGetor Data Recovery V2.52

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS

"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish

"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French

"{BEADA775-150E-F969-7ECC-23F9FDF9614D}" = MOTWizard

"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition

"{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean

"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian

"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor

"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center

"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29

"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian

"{DEAD48E5-E36C-431E-B83C-E61CE71AA13F}" = Livestream Procaster

"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish

"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com

"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Afterburner" = MSI Afterburner 1.6.1

"AOL Instant Messenger" = AOL Instant Messenger

"Battlelog Web Plugins" = Battlelog Web Plugins

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09

"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)

"Diablo II" = Diablo II

"ESN Sonar-0.70.0" = ESN Sonar

"ESN Sonar-0.70.3" = ESN Sonar

"Fraps" = Fraps (remove only)

"G.O.M" = G.O.M

"GonVisor_is1" = GonVisor 1.74

"Google Chrome" = Google Chrome

"HaaliMkx" = Haali Media Splitter

"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.1008.1

"InstallShield_{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}" = DAO

"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver

"InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.1218.1 (x64)

"LOLReplay" = LOLReplay

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Origin" = Origin

"PunkBusterSvc" = PunkBuster Services

"QCDrivers" = QuickCam Drivers

"R-Studio 5.064NSIS" = R-Studio 64 5.0

"StarCraft II" = StarCraft II

"StarCraft II Beta" = StarCraft II Beta

"Steam App 10" = Counter-Strike

"Steam App 12900" = Audiosurf

"Steam App 215" = Source SDK Base 2006

"Steam App 300" = Day of Defeat: Source

"Steam App 35140" = Batman: Arkham Asylum GOTY Edition

"Steam App 3900" = Sid Meier's Civilization IV

"Steam App 42120" = Lead and Gold - Gangs of the Wild West

"Steam App 43110" = Metro 2033

"Steam App 440" = Team Fortress 2

"Steam App 550" = Left 4 Dead 2

"Steam App 570" = Dota 2

"Steam App 58510" = Cities XL 2011

"Steam App 620" = Portal 2

"Steam App 630" = Alien Swarm

"Steam App 8980" = Borderlands

"Steam App 91310" = Dead Island

"Stellarium_is1" = Stellarium 0.11.2

"Undelete Plus_is1" = Undelete Plus 2.9

"ViewpointMediaPlayer" = Viewpoint Media Player

"webmmf" = WebM Media Foundation Components

"Winamp" = Winamp

"Winamp Toolbar" = Winamp Toolbar

"World of Warcraft" = World of Warcraft

"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1371545983-2961928761-602670508-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/19/2012 5:00:04 AM | Computer Name = Byzantium | Source = VSS | ID = 8194

Description =

Error - 3/21/2012 4:19:13 AM | Computer Name = Byzantium | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".

Dependent

Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/21/2012 4:19:20 AM | Computer Name = Byzantium | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 3/21/2012 8:12:27 PM | Computer Name = Byzantium | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 3c0e4 Start

Time: 01cd07c04a1db395 Termination Time: 53 Application Path: C:\Program Files\Internet

Explorer\iexplore.exe Report Id:

Error - 3/22/2012 5:46:04 AM | Computer Name = Byzantium | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".

Dependent

Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/22/2012 5:46:12 AM | Computer Name = Byzantium | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 3/22/2012 7:59:41 PM | Computer Name = Byzantium | Source = VSS | ID = 8194

Description =

Error - 3/23/2012 7:48:02 AM | Computer Name = Byzantium | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".

Dependent

Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/23/2012 7:48:08 AM | Computer Name = Byzantium | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 3/26/2012 5:00:00 AM | Computer Name = Byzantium | Source = VSS | ID = 8194

Description =

[ System Events ]

Error - 7/1/2012 3:32:10 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 7/1/2012 3:32:11 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1068

Error - 7/1/2012 3:32:16 PM | Computer Name = Byzantium | Source = DCOM | ID = 10005

Description =

Error - 7/1/2012 3:32:24 PM | Computer Name = Byzantium | Source = DCOM | ID = 10005

Description =

Error - 7/1/2012 3:32:25 PM | Computer Name = Byzantium | Source = DCOM | ID = 10005

Description =

Error - 7/1/2012 3:32:26 PM | Computer Name = Byzantium | Source = DCOM | ID = 10005

Description =

Error - 7/1/2012 3:32:28 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Provider

Host service which failed to start because of the following error: %%1068

Error - 7/1/2012 3:32:36 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7031

Description = The Microsoft Antimalware Service service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

15000 milliseconds: Restart the service.

Error - 7/1/2012 3:32:55 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7031

Description = The Microsoft Antimalware Service service terminated unexpectedly.

It has done this 2 time(s). The following corrective action will be taken in

15000 milliseconds: Restart the service.

Error - 7/1/2012 3:33:15 PM | Computer Name = Byzantium | Source = Service Control Manager | ID = 7034

Description = The Microsoft Antimalware Service service terminated unexpectedly.

It has done this 3 time(s).

< End of report >

[Maniac]

Step 1

Please uninstall the following applications:

YouTube Downloader Toolbar v4.6

Viewpoint Media Player

Winamp Toolbar

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
  FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
  O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
  O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
  O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
  O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
  O3 - HKU\S-1-5-21-1371545983-2961928761-602670508-1001\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL LLC.)
  O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
  [2012/06/30 21:31:49 | 000,001,696 | ---- | C] () -- C:\Users\Goat\AppData\Local\{4accc2e2-2579-6676-a460-8a10e4736a7d}\U\00000001.@
  [2012/06/30 19:26:01 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{4accc2e2-2579-6676-a460-8a10e4736a7d}\U\00000001.@
  [2012/01/11 11:34:29 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{4accc2e2-2579-6676-a460-8a10e4736a7d}\@
  [2012/01/11 11:34:29 | 000,002,048 | -HS- | C] () -- C:\Users\Goat\AppData\Local\{4accc2e2-2579-6676-a460-8a10e4736a7d}\@
  [2012/06/24 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Goat\AppData\Roaming\uTorrent
  
  :files
  C:\Program Files (x86)\YouTube Downloader Toolbar
  C:\Program Files (x86)\Viewpoint
  C:\Program Files (x86)\Winamp Toolbar
  C:\Program Files (x86)\Common Files\Spigot
  C:\Users\Goat\AppData\Local\{4accc2e2-2579-6676-a460-8a10e4736a7d}
  C:\Windows\Installer\{4accc2e2-2579-6676-a460-8a10e4736a7d}
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• OTL Fix log
  
• aswMBR log

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!