Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Missing Desktop Icons/Empty Start Menu & Folders

Started by cwjme, Mar 23 2012 09:23 AM

This topic is locked
Go to first unread post

30 replies to this topic

#21
cwjme

Posted 25 March 2012 - 05:11 PM

Regular Member

Honorary Members
76 posts

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e291dd68e12a034688c4230813be804d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-25 07:30:43
# local_time=2012-03-25 03:30:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=128806
# found=133
# cleaned=133
# scan_time=2663
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\0\43296140-6703670d a variant of Java/Agent.DT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\12\1187ad0c-66366d53 a variant of Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\36\5f7fa64-3894c878 a variant of Java/Exploit.CVE-2011-3544.S trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Chris\Application Data\Sun\Java\Deployment\cache\6.0\53\148d9175-287ddff8 a variant of Win32/Kryptik.YUV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\lnkmst.exe Win32/KeyLogger.Refog.615 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\Mpk.dll a variant of Win32/Monitor.MIPKOEmployeeMonitor.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\MPK.exe a variant of Win32/KeyLogger.Refog.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Chris\My Documents\Old Stuff\MPK\MPKView.exe a variant of Win32/KeyLogger.Refog.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\0\42cb71c0-45357f5d a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\750b9981-6d1054e2 Java/TrojanDownloader.Agent.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\11\32e91cb-33990630 a variant of Win32/Kryptik.YWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\12\f9046cc-11c8b182 a variant of Win32/Kryptik.YGP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\4f644652-76cac87c multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\5f65a812-786887b3 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\72176c93-3792f53f Java/Exploit.CVE-2011-3544.Y trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\3117ad42-4c327935 probably a variant of Win32/TrojanDownloader.Agent.YSESGH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\3aa4da42-779b3410 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\619fd554-3e40bccd a variant of Win32/Kryptik.ACDA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\1dccba96-6cc80d60 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\305fa216-450afec4 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\22\30f23856-53b09990 a variant of Java/Exploit.CVE-2011-3544.Q trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\33141117-641faf3f a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\24\5af05e58-1cb6d95b probably a variant of Win32/TrojanDownloader.Agent.YSESGH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\21fbfb19-7216f3e7 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\62516759-36b14bb9 a variant of Java/Exploit.CVE-2011-3544.AX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\26\44bde69a-2f69e8be a variant of Win32/Kryptik.YGY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\227948db-655cba06 a variant of Win32/Kryptik.YXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\27\4b57c39b-6da6123e a variant of Win32/Kryptik.YMK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\28\6aff9edc-7064d3a4 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\1b0b81d-78acbbb5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\2be4045d-6636abdb a variant of Win32/Kryptik.YXY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\29\45bc5fdd-21c05461 a variant of Win32/Kryptik.YZG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\3b6b9743-1a6464c0 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\670971c3-5afd52fa a variant of Win32/Kryptik.ACLH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\163c099f-7f4d3d4e a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\31\196b589f-288d6632 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\66992461-25ea4f31 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\33\7f4bc8a1-2c1c78de multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\214f6fe2-57ad8ee4 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\4eb96ee2-1c54d88b a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\5e2bd0e2-4b4d8dd0 a variant of Win32/Kryptik.YDP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\2091f363-664bd030 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\26ebc223-44cdba87 Win32/TrojanDownloader.Zurgop.AB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\36\209f30a4-581f1bb5 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\39\40ecb367-16a11a85 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\4\764ce04-73b8c6c8 a variant of Win32/Kryptik.YCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\41\52ecebe9-73cabb4f probably a variant of Win32/TrojanDownloader.Agent.YSESGH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\42\2d4937ea-57e047e6 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\43\72a066eb-37c8b1f9 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\1c905ad-3c9cc715 a variant of Java/Exploit.CVE-2011-3544.Q trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\45\70e9b06d-7849bd7f a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\2fd1b4ee-65cf71ff a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\46\3d099aae-1175c6bd a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-48e4ee5b a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\2f8cb32f-738429e6 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\47\6269146f-1dabc975 a variant of Win32/Kryptik.ABHO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\49\31c2ccb1-5e896f23 a variant of Win32/Kryptik.YWV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\50\37619df2-754fbd93 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\51\2bc3f6b3-790300de a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\51\33ce1c73-3b200732 a variant of Win32/Kryptik.YLL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\51\66fed433-60768764 a variant of Win32/Kryptik.YLA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\58007f34-2a64dfd8 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\671b4075-329bb982 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\53\6e5d04f5-5b8e6612 a variant of Win32/Kryptik.YBA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\40dcf279-3ed8d398 a variant of Win32/Kryptik.YEZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\57\5ec9a79-2fdca396 a variant of Win32/Kryptik.YMK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\38ec98ba-3321c652 a variant of Win32/Kryptik.YRJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\7f53cd3b-2cc84bb6 Java/Exploit.CVE-2011-3544.AX trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\6\3a0450c6-4680d366 a variant of Java/Exploit.CVE-2011-3544.Q trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\60\34e94e7c-47b32c92 a variant of Win32/Kryptik.YCK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\60\3d2866fc-2419b41b a variant of Java/Exploit.CVE-2011-3544.BA trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\6163393d-4df3df27 a variant of Java/TrojanDownloader.Agent.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\61\6995a2fd-685a364d a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\62\40a0837e-76886c91 a variant of Win32/Kryptik.ZFQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\63\40b3013f-6a6ac177 Java/Exploit.Blacole.AN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\8\39f00088-27b28158 a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\61dde289-417ef1be a variant of Java/Exploit.Blacole.AK trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\64a5ca89-17717a5f a variant of Java/TrojanDownloader.Agent.NDJ trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvax.dll.vir probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ipsec.sys.vir Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP501\A0109962.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP501\A0109985.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP501\A0110001.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP504\A0110053.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP505\A0111053.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP508\A0111091.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP509\A0111117.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP509\A0112117.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP512\A0112167.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113167.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113179.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113193.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113201.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113254.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113270.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0113280.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0114280.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115280.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115289.exe a variant of Win32/Kryptik.YUV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115291.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115301.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115317.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115358.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115369.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115377.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115385.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115393.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115401.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115415.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115426.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115440.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0115449.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116449.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116459.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116467.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116491.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116498.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116523.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116554.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116564.exe a variant of Win32/Kryptik.ABNT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP514\A0116565.exe a variant of Win32/Kryptik.YUV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116575.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116586.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116598.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116979.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0116991.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0117184.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118184.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118329.sys Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118364.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{4D720665-B569-4F58-A6DD-F61A105E9269}\RP515\A0118381.dll probably a variant of Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.03.2012_11.26.55\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.03.2012_11.26.55\tdlfs0000\tsk0004.dta Win32/Olmarik.XU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#22
Maniac

Posted 26 March 2012 - 01:54 AM

Forum Deity

Experts
16,986 posts

Gender:Male
Location:Bulgaria, EU

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#23
cwjme

Posted 26 March 2012 - 05:33 AM

Regular Member

Honorary Members
76 posts

OTL logfile created on: 3/26/2012 6:25:24 AM - Run 11
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Chris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.24 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 75.76% Memory free
5.08 Gb Paging File | 4.37 Gb Available in Paging File | 86.03% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 586.36 Gb Total Space | 433.25 Gb Free Space | 73.89% Space Free | Partition Type: NTFS
Drive H: | 9.77 Gb Total Space | 4.74 Gb Free Space | 48.54% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
PRC - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\qdvd.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SeagateDashboardService) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (sonypvs1) -- system32\DRIVERS\sonypvs1.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Chris\LOCALS~1\Temp\catchme.sys File not found
DRV - (BrScnUsb) -- system32\DRIVERS\BrScnUsb.sys File not found
DRV - (ASPI32) -- File not found
DRV - (Aldebaran) -- C:\WINDOWS\system32\Drivers\Aldebaran.sys File not found
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=11-07-2011
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBS_en
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2475029
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {83FEA686-C28B-437B-B276-01A4D5FB1548}:1.9.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{83FEA686-C28B-437B-B276-01A4D5FB1548}: C:\Documents and Settings\Chris\Local Settings\Application Data\{83FEA686-C28B-437B-B276-01A4D5FB1548}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6B166C6F-8C27-4926-9B7A-7EBEF389EEDC}: C:\Documents and Settings\Steven2\Local Settings\Application Data\{6B166C6F-8C27-4926-9B7A-7EBEF389EEDC}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DD94804E-2795-4898-BDE2-3D8D50C9735F}: C:\Documents and Settings\Brian\Local Settings\Application Data\{DD94804E-2795-4898-BDE2-3D8D50C9735F}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/13 05:50:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/13 05:50:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 20:18:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 07:59:43 | 000,000,000 | ---D | M]

[2009/04/11 20:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions
[2009/04/11 20:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/25 13:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions
[2010/04/29 21:04:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/27 08:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2010/04/27 08:30:19 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca}
[2010/05/06 20:26:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/29 12:07:46 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/29 21:04:37 | 000,000,000 | ---D | M] (FacePAD: Facebook Photo Album Downloader) -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\extensions\facepad@lazyrussian.com
[2010/12/15 16:12:32 | 000,000,923 | -H-- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\conduit.xml
[2010/10/26 20:10:51 | 000,002,232 | -H-- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\rapidpedia.xml
[2012/01/10 08:08:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/26 19:21:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/07/20 22:34:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\65YUMN1J.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\LOCAL SETTINGS\APPLICATION DATA\{83FEA686-C28B-437B-B276-01A4D5FB1548}
[2011/05/13 05:50:31 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/05/13 05:50:32 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/04/03 14:31:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/13 20:45:13 | 001,152,488 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll

========== Chrome ==========

O1 HOSTS File: ([2012/03/25 13:08:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [WinDVR SchSvr] C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\Common Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Documents and Settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Documents and Settings\Chris\Desktop\Misc\Programs\Offline Explorer Pro\Offline Explorer Enterprise\Add_AllO.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..Trusted Domains: llbean.com ([]* in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1237904923229 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://portal.llbea...perSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7AD30D5-826C-4BD6-8322-3AB9ACAE503F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/12 23:44:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 06:24:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/03/25 21:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\FT Video
[2012/03/25 21:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Desktop\Video Save
[2012/03/25 18:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/25 14:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/25 13:05:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/25 11:59:43 | 004,443,082 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2012/03/25 11:30:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/25 11:26:17 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe
[2012/03/24 20:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/03/24 18:28:21 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2012/03/24 17:53:25 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/24 17:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/24 09:55:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Activision Value
[2012/03/24 09:55:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DeductionPro 2009
[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Corel Photo Center
[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Content Transfer
[2012/03/24 09:54:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Brother
[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2010
[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2009
[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Free Video Converter
[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\eDATA Unerase
[2012/03/24 09:54:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Linksys
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVR 3
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterActual
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hulu Downloader
[2012/03/24 09:54:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\honestech
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SourceTec
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software995
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PaperPort 9.0
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXresizer
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCFriendly
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/24 09:54:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/24 09:54:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/24 09:54:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avidemux
[2012/03/24 09:54:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WALKMAN Guide
[2012/03/24 09:54:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\virtualStudio
[2012/03/24 09:54:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Triscape
[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WorldWinner Games
[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/03/24 09:54:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TaxCut 2008
[2012/03/20 20:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris\Application Data\U3
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 06:26:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/26 06:24:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris\Desktop\OTL.exe
[2012/03/26 06:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/26 06:20:39 | 000,364,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/25 21:49:35 | 000,436,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 21:49:35 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/25 21:48:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/25 21:34:59 | 000,144,384 | -H-- | M] () -- C:\Documents and Settings\Chris\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/25 18:13:14 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/25 18:12:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/25 13:08:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/25 11:59:56 | 004,443,082 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\ComboFix.exe
[2012/03/25 11:24:44 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Chris\Desktop\tdsskiller.exe
[2012/03/24 17:53:27 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/23 10:07:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Chris\Desktop\dds.scr
[2012/03/15 10:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/27 07:43:26 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 18:17:43 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/25 18:13:14 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/25 18:12:31 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/25 14:41:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/25 14:41:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/03/24 20:16:33 | 000,001,946 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
[2012/03/24 20:16:33 | 000,001,618 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/03/24 17:53:27 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/24 09:57:07 | 000,001,602 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/24 09:57:07 | 000,001,542 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/03/24 09:56:29 | 000,001,620 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/24 09:56:29 | 000,000,800 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/03/24 09:56:29 | 000,000,792 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/03/24 09:56:29 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/24 09:54:26 | 000,002,347 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/24 09:54:26 | 000,001,854 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/03/24 09:54:26 | 000,001,830 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/24 09:54:26 | 000,000,786 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/24 09:54:26 | 000,000,740 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
[2012/03/24 09:54:26 | 000,000,609 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/01/10 09:35:37 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pDr
[2012/01/10 09:35:36 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pD
[2012/01/10 09:35:31 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Vk3rxx1jwxy8pD
[2011/12/23 14:01:28 | 000,012,570 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k
[2011/11/15 12:05:27 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw54.bin
[2011/08/10 06:13:31 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/05/22 12:50:52 | 000,001,496 | ---- | C] () -- C:\WINDOWS\_isenv31.ini
[2011/05/22 12:50:52 | 000,000,436 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2011/05/22 12:50:22 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/05/10 08:16:02 | 000,352,256 | R--- | C] () -- C:\WINDOWS\713xRMTMon.exe
[2011/04/23 23:09:40 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cfetihir.dat
[2011/04/23 23:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ktoqujolijefedaw.bin
[2010/12/14 23:12:05 | 000,000,200 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/10/02 12:51:48 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\tc7.exe
[2010/07/26 06:14:10 | 000,203,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/17 05:49:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/17 05:49:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/17 05:49:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/17 05:49:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/17 05:49:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/20 13:39:21 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Icons
[2010/04/20 13:39:21 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Chris\Application Data\Hybrid Basic
[2010/04/20 13:39:21 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/04/20 13:39:21 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Instrument Library
[2010/04/20 13:38:02 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\Chris\Application Data\Horn Section
[2010/04/20 13:38:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/04/13 13:00:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2010/04/13 13:00:09 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010/04/13 13:00:08 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/04/13 12:13:18 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

========== LOP Check ==========

[2008/11/13 16:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/03/27 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/12 14:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/07/24 10:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2010/04/20 13:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/05/10 08:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2008/11/13 00:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/01/09 21:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2011/04/12 19:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2008/11/15 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/19 13:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/01/18 10:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/02/19 21:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/04/20 13:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/12/18 21:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2008/11/13 18:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/23 16:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2011/07/16 10:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/05/04 23:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/11 23:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/27 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ACAPsoft
[2011/07/24 10:00:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Ashampoo
[2011/04/24 09:04:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\avidemux
[2010/12/13 21:03:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2011/05/13 06:16:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\DDMSettings
[2011/07/24 09:47:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\DVDVideoSoft
[2010/12/14 23:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ElevatedDiagnostics
[2008/12/19 21:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FinalBurner Video DVD
[2011/04/13 22:21:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\FreeAudioPack
[2011/01/16 00:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FreeBurner
[2011/06/29 21:23:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\FreeVideoConverter
[2011/07/17 18:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\FxFotoDB
[2011/08/23 06:31:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Juniper Networks
[2010/11/28 13:31:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Leadertech
[2010/05/05 22:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Moyea
[2008/11/16 21:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\MSNInstaller
[2008/11/16 20:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Musicmatch
[2011/10/22 10:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Offline Explorer
[2010/05/06 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Orbit
[2010/01/05 14:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\PC-FAX TX
[2010/04/13 13:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\pdf995
[2009/02/17 13:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\ScanSoft
[2010/11/28 23:03:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Seagate
[2009/04/27 17:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Sinner
[2011/04/12 19:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\TaxCut
[2008/12/31 07:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris\Application Data\Ulead Systems
[2011/07/26 09:53:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent
[2011/04/24 22:12:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Xilisoft Corporation
[2011/06/27 01:11:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Eileen\Application Data\DDMSettings
[2009/04/04 16:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eileen\Application Data\Leadertech
[2011/07/10 21:15:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Eileen\Application Data\OpenCandy
[2008/11/17 08:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eileen\Application Data\ScanSoft
[2011/06/13 17:59:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Eileen\Application Data\Seagate
[2009/01/25 12:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eileen\Application Data\Ulead Systems
[2011/01/31 01:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Seagate
[2010/11/28 23:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Seagate
[2012/03/26 06:26:55 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >
****************************************************************************************************************

No "Extras.Txt" window was opened.

#24
Maniac

Posted 26 March 2012 - 07:04 AM

Forum Deity

Experts
16,986 posts

Gender:Male
Location:Bulgaria, EU

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-21-448539723-1202660629-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
[2010/12/15 16:12:32 | 000,000,923 | -H-- | M] () -- C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\conduit.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\CHRIS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\65YUMN1J.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
[2012/01/10 09:35:37 | 000,000,192 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pDr
[2012/01/10 09:35:36 | 000,000,280 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pD
[2012/01/10 09:35:31 | 000,000,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Vk3rxx1jwxy8pD
[2011/12/23 14:01:28 | 000,012,570 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k
[2010/10/02 12:51:48 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Chris\Application Data\tc7.exe
[2008/11/13 18:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/13 21:03:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\Azureus
[2011/07/26 09:53:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Chris\Application Data\uTorrent

:Commands
[emptytemp]
[clearallrestorepoints]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#25
cwjme

Posted 26 March 2012 - 04:52 PM

Regular Member

Honorary Members
76 posts

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-448539723-1202660629-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\65yumn1j.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pDr moved successfully.
C:\Documents and Settings\All Users\Application Data\~Vk3rxx1jwxy8pD moved successfully.
C:\Documents and Settings\All Users\Application Data\Vk3rxx1jwxy8pD moved successfully.
C:\Documents and Settings\All Users\Application Data\alxauq4k5hpr8ufb4pbn6k060p3k moved successfully.
C:\Documents and Settings\Chris\Application Data\tc7.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\torrents folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\tmp folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\subs folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\shares folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\rss folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\mlab folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\hvi folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\aefeatman_v folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\plugins folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\net folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\logs\save folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\logs folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\dht folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\devices folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus\active folder moved successfully.
C:\Documents and Settings\Chris\Application Data\Azureus folder moved successfully.
C:\Documents and Settings\Chris\Application Data\uTorrent\dlimagecache folder moved successfully.
C:\Documents and Settings\Chris\Application Data\uTorrent\apps folder moved successfully.
C:\Documents and Settings\Chris\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Brian Johnson

User: Chris
->Temp folder emptied: 672846 bytes
->Temporary Internet Files folder emptied: 181769516 bytes
->Java cache emptied: 232993 bytes
->FireFox cache emptied: 107050907 bytes
->Google Chrome cache emptied: 8035756 bytes
->Flash cache emptied: 74055 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Eileen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 21708 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 289866 bytes
->Flash cache emptied: 226064 bytes

User: Steven2

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 71478794 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 29548276 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 383.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 03262012_174656
Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_414.dat moved successfully.
File\Folder C:\WINDOWS\temp\TMP00000001B32C2CE35FB53C4E not found!
Registry entries deleted on Reboot...

#26
Maniac

Posted 27 March 2012 - 01:51 PM

Forum Deity

Experts
16,986 posts

Gender:Male
Location:Bulgaria, EU

How are things running now?

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#27
cwjme

Posted 30 March 2012 - 09:32 AM

Regular Member

Honorary Members
76 posts

The PC seems to be running very well. Is there anything else for me to do?

#28
Maniac

Posted 31 March 2012 - 03:42 AM

Forum Deity

Experts
16,986 posts

Gender:Male
Location:Bulgaria, EU

To clean this mess.

Please run OTL and click on CleanUp button. Next, uninstall ESET Online Scanner. Then manually delete mbam-clean.exe and unhide.exe .

Some malware preventions for you:
http://forums.malwar...=0

Safe surfing!

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#29
cwjme

Posted 31 March 2012 - 10:29 AM

Regular Member

Honorary Members
76 posts

Thank-you for your help.

#30
Maniac

Posted 31 March 2012 - 10:56 AM

Forum Deity

Experts
16,986 posts

Gender:Male
Location:Bulgaria, EU

You're welcome!

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here

#31
LDTate

Posted 31 March 2012 - 07:33 PM

Forum Deity

Moderators
20,060 posts

Gender:Male
Location:Missouri, USA

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Larry Tate
Consumer Support Specialist