Sign in to follow this  
Followers 0
ferago

mixidj

12 posts in this topic

Hello, the other day my computer became infected with a toolbar called 'mixidj v8'. I seem to have gotten rid of the toolbar by disabling the addon in firefox but I'm still getting popups appearing from the bottom of the screen and some other odd behaviour.

I tried to post a DDS log but the program doesn't support XP pro x64.

Share this post


Link to post
Share on other sites

Hello ferago and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Hi, thanks for helping.

Here's the OLT log:

OTL logfile created on: 11/04/2013 12:23:08 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.88% Memory free

3.87 Gb Paging File | 3.43 Gb Available in Paging File | 88.64% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.50 Gb Total Space | 527.62 Gb Free Space | 56.64% Space Free | Partition Type: NTFS

Drive E: | 456.34 Gb Total Space | 45.24 Gb Free Space | 9.91% Space Free | Partition Type: NTFS

Computer Name: DAN-AEU4I5P5IE0 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/11 12:03:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2013/03/15 13:19:20 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe

PRC - [2013/03/15 01:48:20 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2007/10/16 12:35:42 | 000,626,176 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

PRC - [2007/09/06 12:19:14 | 001,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2007/10/16 12:35:42 | 000,626,176 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe

MOD - [2007/09/06 12:19:14 | 001,426,432 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe

MOD - [2007/08/16 23:40:58 | 000,208,896 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2009/07/15 12:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)

SRV:64bit: - [2007/10/12 18:03:52 | 000,918,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)

SRV:64bit: - [2007/10/12 18:03:12 | 000,178,176 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2013/03/15 13:19:20 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2013/03/15 01:48:20 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2013/03/08 18:10:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/20 02:48:29 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/08/18 02:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2008/07/25 12:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/02/17 01:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)

SRV - [2006/10/18 21:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV - [2005/03/25 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)

DRV - [2005/03/25 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT3227975

IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V8 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&CUI=UN67676009022138194&UM=2&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6

FF - prefs.js..extensions.enabledAddons: pricepeep%40getpricepeep.com:2.2.0.0

FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1

FF - prefs.js..extensions.enabledAddons: unplug%40compunach:2.054

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN67676009022138194&UM=&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2012/11/24 00:54:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/07 11:22:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 16.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2012/11/23 22:18:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 16.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins

[2013/01/20 01:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2013/01/20 01:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2013/04/09 11:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions

[2013/01/31 18:29:14 | 000,000,000 | ---D | M] (FT GraphiteGlow) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\{99e34760-2754-11e0-91fa-0800200c9a66}

[2013/03/29 21:49:47 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}

[2012/11/23 22:08:08 | 000,113,112 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\nosquint@urandom.ca.xpi

[2013/04/08 00:42:21 | 000,053,939 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\pricepeep@getpricepeep.com.xpi

[2012/11/30 21:29:04 | 000,008,001 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\tineye@ideeinc.com.xpi

[2013/01/29 02:23:44 | 000,142,907 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\unplug@compunach.xpi

[2013/01/04 16:02:18 | 000,007,491 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\virtual.keyboard@hot-virtual-keyboard.com.xpi

[2013/02/14 13:41:06 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/11/21 17:26:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/03/08 18:10:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/03/08 18:10:52 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/11/20 02:17:14 | 000,001,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml

[2012/11/20 02:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2013/01/11 14:29:16 | 000,001,453 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml

[2013/01/11 14:29:16 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2013/02/21 00:06:02 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/11/20 02:17:14 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml

[2012/11/20 02:17:14 | 000,001,309 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found

O3 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found

O3 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found

O3 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O3:64bit: - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll File not found

O3 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\SysWOW64\ieframe.dll (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found

O4:64bit: - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login File not found

O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()

O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2763265585-558305376-1988983592-1002..\Run: [CTFMON.EXE] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2763265585-558305376-1988983592-500..\Run: [ctfmon.exe] C:\WINDOWS\SysWOW64\ctfmon.exe (Microsoft Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O4 - HKU\S-1-5-21-2763265585-558305376-1988983592-1002..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2763265585-558305376-1988983592-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - %SystemRoot%\system32\mswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - %SYSTEMROOT%\system32\nvappfilter64.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\SysWOW64\nvappfilter.dll (NVIDIA)

O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2763265585-558305376-1988983592-500\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F3EA4E9-F43E-4938-948F-1067CBABD379}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\belarc - No CLSID value found

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found

O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\SysWOW64\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysWOW64\wiascr.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found

O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found

O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found

O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: System - (lsass.exe) - File not found

O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysWOW64\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\SysWow64\sysdm.cpl (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found

O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found

O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found

O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found

O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found

O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found

O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found

O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found

O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found

O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found

O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\SysWow64\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\SysWow64\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\SysWow64\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - C:\WINDOWS\SysWow64\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\EFS: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found

O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found

O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\SysWow64\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found

O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found

O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found

O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found

O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found

O21:64bit: - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found

O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\SysWOW64\webcheck.dll (Microsoft Corporation)

O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found

O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Program Files (x86)\Wallpaper Changer\Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Program Files (x86)\Wallpaper Changer\Wallpaper.bmp

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWow64\shell32.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)

O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\SysWow64\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\SysWow64\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\SysWow64\msnsspc.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\SysWow64\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/11/21 02:09:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/05/17 15:27:22 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{8169b91a-6708-11e2-b23e-001e8ce0e0af}\Shell - "" = AutoRun

O33 - MountPoints2\{8169b91a-6708-11e2-b23e-001e8ce0e0af}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{8169b91a-6708-11e2-b23e-001e8ce0e0af}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{bb7e74a7-3366-11e2-80da-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{bb7e74a7-3366-11e2-80da-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{bb7e74a7-3366-11e2-80da-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/11 12:02:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/04/09 18:05:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2013/04/08 11:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com

[2013/04/08 11:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2013/04/08 11:16:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2013/04/08 11:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/04/08 11:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc

[2013/04/08 00:51:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2013/04/08 00:44:39 | 000,688,992 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr

[2013/04/08 00:44:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

[2013/04/07 11:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V8

[2013/04/07 11:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect

[2013/04/07 11:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicViewer 3

[2013/04/07 11:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SearchProtect

[2013/04/06 22:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2013/03/24 23:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss

[2013/03/21 00:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Expendables

[2013/03/17 14:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Corrie.08.03.13

[2013/03/15 13:19:29 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe

[2013/03/15 13:19:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe

[2013/03/15 13:19:24 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe

[2013/03/15 13:19:24 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

[2013/03/15 13:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[4 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/11 12:03:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2013/04/11 11:00:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/04/10 23:37:34 | 000,158,402 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cLAC7.jpg

[2013/04/10 02:00:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-DAN-AEU4I5P5IE0-Administrator.job

[2013/04/09 18:25:39 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2013/04/09 18:25:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2013/04/09 15:26:33 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2013/04/09 12:48:43 | 034,813,253 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cswdcc50.mp3

[2013/04/08 18:37:15 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/04/08 16:26:25 | 002,878,817 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\confusedbrock.gif

[2013/04/08 16:19:18 | 000,096,971 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\undertaker WM 29.jpg

[2013/04/08 15:25:04 | 000,093,294 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\best MWO match.JPG

[2013/04/08 11:01:28 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk

[2013/04/08 00:44:39 | 000,688,992 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr

[2013/04/08 00:44:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

[2013/04/07 11:22:30 | 000,000,009 | ---- | M] () -- C:\END

[2013/04/06 22:48:24 | 000,248,100 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1nJGcv3.jpg

[2013/04/06 22:48:24 | 000,247,888 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\A2mCF5Z.jpg

[2013/04/06 22:48:24 | 000,233,900 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MpvvHEm.jpg

[2013/04/06 22:48:24 | 000,226,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\7hd3e2e.jpg

[2013/04/06 22:48:24 | 000,226,014 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rdRdXoe.jpg

[2013/04/06 22:48:24 | 000,222,099 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\uObmakD.jpg

[2013/04/06 22:48:24 | 000,219,370 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\m2S8djI.jpg

[2013/04/06 22:48:24 | 000,216,722 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WrF3hIt.jpg

[2013/04/06 22:48:24 | 000,203,562 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\b5fl6Vl.jpg

[2013/04/06 17:23:41 | 000,111,070 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\00850h_592x888.jpg

[2013/04/06 17:23:13 | 000,134,191 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\00290h_592x888.jpg

[2013/04/06 15:48:24 | 096,677,723 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ep4_Debbi.mp3

[2013/04/06 02:12:19 | 000,286,867 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\potato sack.jpg

[2013/04/05 23:21:55 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI

[2013/04/05 13:12:59 | 001,717,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\7hw8bDh.gif

[2013/04/05 13:12:02 | 004,966,872 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\2678.gif

[2013/04/05 13:10:53 | 002,394,091 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UOGT2hT.gif

[2013/04/05 01:52:04 | 000,051,710 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\5629_10151400405209900_69273618_n.jpg

[2013/04/05 01:51:15 | 000,014,403 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gerry_dick.jpg

[2013/04/05 01:23:15 | 000,517,857 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\0QITlpi.jpg

[2013/04/04 23:58:19 | 000,272,074 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nLHdzfd.jpg

[2013/04/03 16:18:11 | 000,302,757 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\35ddsaH.jpg

[2013/04/02 20:28:27 | 000,279,284 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eBVPUz9.jpg

[2013/04/02 20:28:22 | 000,300,249 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\reJXPkp.jpg

[2013/04/02 20:28:03 | 000,250,187 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MOPVoMQ.jpg

[2013/04/02 20:27:57 | 000,217,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Dq82qIT.jpg

[2013/04/02 20:27:50 | 000,236,114 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\yWo9QgY.jpg

[2013/04/02 20:19:46 | 000,070,059 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\vlAfPlg.jpg

[2013/04/02 20:00:22 | 000,282,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\xfcFHzN.png

[2013/04/02 01:01:48 | 001,791,373 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BadBoy.mp3

[2013/03/29 22:26:33 | 000,159,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\roman-outfit-101190-20120426123054.png

[2013/03/28 16:18:58 | 000,031,810 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tumblr_m8pb9kS0Jw1rvpgoco1_500.jpg

[2013/03/27 21:03:52 | 000,028,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\9857.jpg

[2013/03/27 21:02:28 | 000,062,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Indian-in-Bear-Fur-Costume.jpg

[2013/03/27 21:01:52 | 000,048,789 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\stupid_dress_as_bear.jpg

[2013/03/27 21:01:10 | 000,055,799 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\122410bearman_t300.jpg

[2013/03/27 20:45:31 | 000,024,575 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ageofconan20.jpg

[2013/03/27 18:20:48 | 000,468,711 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CeMt2ns.jpg

[2013/03/27 11:35:35 | 000,640,938 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpaceShuttleCockpit.jpg

[2013/03/26 20:13:18 | 000,241,868 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dH9ZlKH.jpg

[2013/03/26 17:23:02 | 000,329,732 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IvA0q.png

[2013/03/26 16:15:56 | 000,169,299 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hyrkanian_medium_armor_tier4.jpg

[2013/03/26 16:15:48 | 000,159,730 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\hyrkanian_medium_armor_tier1.jpg

[2013/03/26 12:43:39 | 000,117,893 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tumblr_lx4crsdZPG1qjsanxo1_400.jpg

[2013/03/25 19:31:09 | 000,133,602 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\XisPNFGh.jpg

[2013/03/25 19:31:02 | 000,127,928 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\7IYNKCVh.jpg

[2013/03/25 19:30:57 | 000,191,169 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\REwE0mE.jpg

[2013/03/25 19:30:46 | 000,328,209 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rodg91u.jpg

[2013/03/24 20:17:28 | 000,147,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\5P8OxAF.jpg

[2013/03/23 12:52:17 | 000,035,125 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\lG4X8Bm.jpg

[2013/03/22 20:33:11 | 000,071,227 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AjU7GwA.jpg

[2013/03/22 20:31:14 | 000,259,038 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\8VbtBs3.jpg

[2013/03/22 20:21:23 | 000,039,158 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\p13Op9E.jpg

[2013/03/19 15:51:17 | 000,131,737 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Beastmen_Gor.jpg

[2013/03/17 12:42:53 | 001,893,522 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\C47Mckx.gif

[2013/03/17 01:38:54 | 000,072,574 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\lol ur costume suks bro.jpg

[2013/03/17 01:38:37 | 001,894,334 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\S7zCeIe.gif

[2013/03/15 13:19:20 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

[2013/03/15 13:19:19 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\npDeployJava1.dll

[2013/03/15 13:19:19 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\deployJava1.dll

[2013/03/15 13:19:19 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe

[2013/03/15 13:19:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe

[2013/03/15 13:19:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe

[2013/03/15 13:19:19 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl

[2013/03/15 01:48:20 | 019,746,816 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvogl32.dll

[2013/03/15 01:48:20 | 017,551,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcompiler.dll

[2013/03/15 01:48:20 | 007,745,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuda.dll

[2013/03/15 01:48:20 | 006,074,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvopencl.dll

[2013/03/15 01:48:20 | 002,733,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvid.dll

[2013/03/15 01:48:20 | 002,490,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvapi.dll

[2013/03/15 01:48:20 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvenc.dll

[2013/03/15 00:33:55 | 000,123,481 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\wind in the willows.jpg

[2013/03/14 23:18:15 | 000,054,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvwddi.dll

[2013/03/14 15:56:25 | 000,014,306 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Receipt(1).pdf

[2013/03/14 15:54:36 | 000,013,394 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\drivers abstract.pdf

[2013/03/14 15:50:47 | 000,014,350 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Receipt.pdf

[2013/03/13 15:17:00 | 000,131,008 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OkQZMbE.jpg

[2013/03/12 14:59:51 | 001,873,690 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1363055446950.jpg

[2013/03/12 14:08:45 | 000,088,785 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ken_Griffey_Jr.'s_Winning_Run.png

[4 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/10 23:37:33 | 000,158,402 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cLAC7.jpg

[2013/04/09 12:48:24 | 034,813,253 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cswdcc50.mp3

[2013/04/08 16:26:36 | 002,878,817 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\confusedbrock.gif

[2013/04/08 16:19:30 | 000,096,971 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\undertaker WM 29.jpg

[2013/04/08 15:24:12 | 000,093,294 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\best MWO match.JPG

[2013/04/08 11:01:28 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk

[2013/04/08 11:01:28 | 000,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Belarc Advisor.lnk

[2013/04/07 11:21:58 | 000,000,009 | ---- | C] () -- C:\END

[2013/04/06 18:49:15 | 000,248,100 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1nJGcv3.jpg

[2013/04/06 18:49:15 | 000,247,888 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\A2mCF5Z.jpg

[2013/04/06 18:49:15 | 000,233,900 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MpvvHEm.jpg

[2013/04/06 18:49:15 | 000,226,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\7hd3e2e.jpg

[2013/04/06 18:49:15 | 000,226,014 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rdRdXoe.jpg

[2013/04/06 18:49:15 | 000,222,099 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\uObmakD.jpg

[2013/04/06 18:49:15 | 000,219,370 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\m2S8djI.jpg

[2013/04/06 18:49:15 | 000,216,722 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WrF3hIt.jpg

[2013/04/06 18:49:15 | 000,203,562 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\b5fl6Vl.jpg

[2013/04/06 17:23:40 | 000,111,070 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\00850h_592x888.jpg

[2013/04/06 17:23:13 | 000,134,191 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\00290h_592x888.jpg

[2013/04/06 15:47:24 | 096,677,723 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ep4_Debbi.mp3

[2013/04/06 02:12:19 | 000,286,867 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\potato sack.jpg

[2013/04/05 23:21:55 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2013/04/05 13:12:58 | 001,717,356 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\7hw8bDh.gif

[2013/04/05 13:12:00 | 004,966,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\2678.gif

[2013/04/05 13:10:10 | 002,394,091 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UOGT2hT.gif

[2013/04/05 01:52:04 | 000,051,710 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\5629_10151400405209900_69273618_n.jpg

[2013/04/05 01:51:15 | 000,014,403 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gerry_dick.jpg

[2013/04/05 01:23:14 | 000,517,857 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\0QITlpi.jpg

[2013/04/04 23:58:17 | 000,272,074 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nLHdzfd.jpg

[2013/04/03 16:18:11 | 000,302,757 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\35ddsaH.jpg

[2013/04/02 20:28:27 | 000,279,284 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eBVPUz9.jpg

[2013/04/02 20:28:22 | 000,300,249 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\reJXPkp.jpg

[2013/04/02 20:28:03 | 000,250,187 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MOPVoMQ.jpg

[2013/04/02 20:27:57 | 000,217,248 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Dq82qIT.jpg

[2013/04/02 20:27:50 | 000,236,114 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\yWo9QgY.jpg

[2013/04/02 20:19:46 | 000,070,059 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\vlAfPlg.jpg

[2013/04/02 20:00:21 | 000,282,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\xfcFHzN.png

[2013/04/02 01:01:47 | 001,791,373 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BadBoy.mp3

[2013/03/29 22:26:32 | 000,159,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\roman-outfit-101190-20120426123054.png

[2013/03/28 16:18:58 | 000,031,810 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tumblr_m8pb9kS0Jw1rvpgoco1_500.jpg

[2013/03/27 21:03:52 | 000,028,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\9857.jpg

[2013/03/27 21:02:28 | 000,062,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Indian-in-Bear-Fur-Costume.jpg

[2013/03/27 21:01:52 | 000,048,789 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\stupid_dress_as_bear.jpg

[2013/03/27 21:01:09 | 000,055,799 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\122410bearman_t300.jpg

[2013/03/27 20:45:31 | 000,024,575 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ageofconan20.jpg

[2013/03/27 18:20:48 | 000,468,711 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CeMt2ns.jpg

[2013/03/27 11:35:34 | 000,640,938 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpaceShuttleCockpit.jpg

[2013/03/26 20:13:17 | 000,241,868 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dH9ZlKH.jpg

[2013/03/26 17:23:02 | 000,329,732 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IvA0q.png

[2013/03/26 16:15:55 | 000,169,299 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hyrkanian_medium_armor_tier4.jpg

[2013/03/26 16:15:48 | 000,159,730 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\hyrkanian_medium_armor_tier1.jpg

[2013/03/26 12:43:38 | 000,117,893 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tumblr_lx4crsdZPG1qjsanxo1_400.jpg

[2013/03/25 19:31:09 | 000,133,602 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\XisPNFGh.jpg

[2013/03/25 19:31:02 | 000,127,928 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\7IYNKCVh.jpg

[2013/03/25 19:30:57 | 000,191,169 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\REwE0mE.jpg

[2013/03/25 19:30:46 | 000,328,209 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rodg91u.jpg

[2013/03/24 20:17:26 | 000,147,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\5P8OxAF.jpg

[2013/03/23 12:52:16 | 000,035,125 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\lG4X8Bm.jpg

[2013/03/22 20:33:11 | 000,071,227 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AjU7GwA.jpg

[2013/03/22 20:31:14 | 000,259,038 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\8VbtBs3.jpg

[2013/03/22 20:21:23 | 000,039,158 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\p13Op9E.jpg

[2013/03/19 15:51:17 | 000,131,737 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Beastmen_Gor.jpg

[2013/03/17 12:42:52 | 001,893,522 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\C47Mckx.gif

[2013/03/17 01:38:54 | 000,072,574 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\lol ur costume suks bro.jpg

[2013/03/17 01:38:36 | 001,894,334 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\S7zCeIe.gif

[2013/03/15 00:33:55 | 000,123,481 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\wind in the willows.jpg

[2013/03/14 15:56:25 | 000,014,306 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Receipt(1).pdf

[2013/03/14 15:54:36 | 000,013,394 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\drivers abstract.pdf

[2013/03/14 15:50:46 | 000,014,350 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Receipt.pdf

[2013/03/13 15:16:59 | 000,131,008 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OkQZMbE.jpg

[2013/03/12 14:59:49 | 001,873,690 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1363055446950.jpg

[2013/03/12 14:08:44 | 000,088,785 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ken_Griffey_Jr.'s_Winning_Run.png

[2013/03/01 21:58:56 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2012/12/27 03:26:20 | 000,112,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012/12/01 01:18:29 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

[2012/11/30 02:14:48 | 000,004,910 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\soulseek-client.dat

[2012/11/24 00:52:51 | 000,598,222 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2012/11/23 14:50:46 | 000,178,688 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll

[2012/11/22 20:55:08 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/21 17:02:35 | 000,024,576 | R--- | C] () -- C:\WINDOWS\SysWow64\AsIO.dll

[2012/11/21 17:02:35 | 000,013,632 | R--- | C] () -- C:\WINDOWS\SysWow64\drivers\AsIO.sys

[2012/11/21 17:02:32 | 000,012,096 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp64.sys

[2012/11/21 17:02:32 | 000,010,304 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\AsInsHelp32.sys

[2012/11/21 17:01:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\SysWow64\ChCfg.exe

[2012/11/21 17:00:55 | 000,044,136 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE

[2012/11/21 16:53:49 | 000,015,866 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2012/11/21 16:53:33 | 000,015,625 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2012/11/21 16:53:21 | 000,012,536 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\ASUSHWIO.SYS

[2012/11/21 12:21:52 | 000,001,158 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html

[2012/11/21 02:12:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/11/20 20:57:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== ZeroAccess Check ==========

[2012/11/24 00:52:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = %SystemRoot%\system32\shdocvw.dll

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2012/08/25 04:16:44 | 001,520,128 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\WINDOWS\system32\wbem\fastprox.dll

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 20:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\WINDOWS\system32\wbem\wbemess.dll

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 279 bytes -> C:\Documents and Settings\Administrator\My Documents\Warhammer 40k - Codex - Space Wolves 5th.pdf:ComicRackInfo

< End of report >

Share this post


Link to post
Share on other sites

Extras:

OTL Extras logfile created on: 11/04/2013 12:23:08 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop

64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.88% Memory free

3.87 Gb Paging File | 3.43 Gb Available in Paging File | 88.64% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 931.50 Gb Total Space | 527.62 Gb Free Space | 56.64% Space Free | Partition Type: NTFS

Drive E: | 456.34 Gb Total Space | 45.24 Gb Free Space | 9.91% Space Free | Partition Type: NTFS

Computer Name: DAN-AEU4I5P5IE0 | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html[@ = Waterfox Limited.Waterfox.html] -- Reg Error: Key error. File not found

.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1

.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1

.url [@ = InternetShortcut] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l

.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1

.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Waterfox Limited.Waterfox.html] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1

batfile [open] -- "%1" %*

batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1

cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1

cmdfile [open] -- "%1" %*

cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1

inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1

inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1

inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1

inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l

InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"

jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1

jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*

jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1

jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1

jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*

jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1

piffile [open] -- "%1" %*

regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1

regfile [merge] -- Reg Error: Key error.

regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1

txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1

txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"

vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1

vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*

vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1

vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1

vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*

vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1

wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1

wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*

wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1

wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard

"C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard

"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe" = C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War Kingdoms -- ( )

"C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe" = C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()

"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense -- (DOSBox Team)

"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe:*:Enabled:X-COM: UFO Defense -- ()

"C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe" = C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe:*:Enabled:E.Y.E: Divine Cybermancy Demo -- ()

"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)

"C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe" = C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe:*:Enabled:SoulseekQt -- ()

"C:\Program Files (x86)\SoulseekNS\slsk.exe" = C:\Program Files (x86)\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()

"C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe" = C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe:*:Enabled:Red Orchestra 2: Heroes of Stalingrad -- ()

"C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe" = C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe:*:Enabled:Company of Heroes Singleplayer Demo -- (THQ Canada Inc.)

"C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe" = C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe:*:Enabled:Batman: Arkham City™ -- (Rocksteady Studios Ltd.)

"C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat" = C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat:*:Enabled:Batman: Arkham City™ -- ()

"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

"C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe" = C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe:*:Enabled:Arma 3 Alpha Lite -- (Bohemia Interactive)

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

"C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard

"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe" = C:\Program Files (x86)\Steam\steamapps\common\medieval ii total war\Launcher.exe:*:Enabled:Medieval II: Total War Kingdoms -- ( )

"C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe" = C:\Program Files (x86)\Steam\steamapps\common\deus ex\System\DeusEx.exe:*:Enabled:Deus Ex: Game of the Year Edition -- ()

"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense -- (DOSBox Team)

"C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe" = C:\Program Files (x86)\Steam\steamapps\common\xcom ufo defense\XCOM\UFO Defense_Patched.exe:*:Enabled:X-COM: UFO Defense -- ()

"C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe" = C:\Program Files (x86)\Steam\steamapps\common\EYE Divine Cybermancy Demo\EYE.exe:*:Enabled:E.Y.E: Divine Cybermancy Demo -- ()

"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)

"C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe" = C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe:*:Enabled:SoulseekQt -- ()

"C:\Program Files (x86)\SoulseekNS\slsk.exe" = C:\Program Files (x86)\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()

"C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe" = C:\Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe:*:Enabled:Red Orchestra 2: Heroes of Stalingrad -- ()

"C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe" = C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes SP Demo\RelicCOH.exe:*:Enabled:Company of Heroes Singleplayer Demo -- (THQ Canada Inc.)

"C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe" = C:\Program Files (x86)\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe:*:Enabled:Batman: Arkham City™ -- (Rocksteady Studios Ltd.)

"C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat" = C:\Program Files (x86)\Steam\steamapps\common\batman2\RunLauncher.bat:*:Enabled:Batman: Arkham City™ -- ()

"C:\Program Files (x86)\Skype\Phone\Skype.exe" = C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()

"C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe" = C:\Program Files (x86)\Steam\steamapps\common\Arma 3 Alpha Lite\arma3demo.exe:*:Enabled:Arma 3 Alpha Lite -- (Bohemia Interactive)

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4E82E2E9-668B-4F8A-814A-78E163FCDBCD}" = IconHandler 64 bit

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C55B5B3C-7F46-40E6-B943-EFB6765FB828}" = Waterfox

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.15

"ie8" = Windows Internet Explorer 8

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64

"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1

"NVIDIA Drivers" = NVIDIA Drivers

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows x64 Service Pack" = Windows XP Service Pack 2

"WinRAR archiver" = WinRAR 4.20 (64-bit)

"WMFDist11-64" = Windows Media Format 11 runtime

"wmp11-64" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{1AED4ABF-0852-4B3F-9F87-00CF88F25CE0}" = IconHandler 32 bit

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{28F8F8F0-C278-454A-9507-46B344AAD188}" = Corel Painter 11

"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C77C734-D56C-486F-98F7-33C74444A556}" = Buzzsaw CD Ripper 3.2

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5B51BB5F-4E7C-4275-A653-E98534E9C1D2}" = Corel Painter 11 - ICA

"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7EC69F77-5494-4E1F-8BC6-956DAA5A91F2}" = Corel Painter 11 - IPM

"{840BF2FE-033D-437C-89D1-AAA206BA13B6}" = Langauge

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A7DEE6EE-6B52-490B-8716-885BFD85DE6D}_is1" = The Anglo Zulu war

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{B369483E-0728-405C-8F8C-3427B263B01F}" = Content

"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Audacity_is1" = Audacity 2.0.2

"Belarc Advisor" = Belarc Advisor 8.3

"CDisplay_is1" = CDisplay 1.8

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"GameFly" = GameFly

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"KLiteCodecPack_is1" = K-Lite Codec Pack 9.5.0 (Standard)

"LAME_is1" = LAME v3.99.3 (for Windows)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Mount&Blade Warband" = Mount&Blade Warband

"Mount&Blade: Warband - Napoleonic Wars" = Mount&Blade: Warband - Napoleonic Wars

"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Pen Tablet Driver" = Bamboo

"PokerTH 1.0" = PokerTH

"Soulseek2" = SoulSeek 157 NS 13e

"SoulseekQt" = SoulseekQt

"Steam App 228800" = Arma 3 Alpha Lite

"Steam App 57400" = Batman: Arkham City™

"Steam App 9300" = Company of Heroes Singleplayer Demo

"uTorrent" = µTorrent

"VLC media player" = VLC media player 2.0.5

"Winamp" = Winamp (remove only)

"WORD" = Microsoft Office Word 2007

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 06/03/2013 9:56:42 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = .NET Runtime | ID = 1026

Description = Application: EFLC.exe Framework Version: v4.0.30319 Description: The

process was terminated due to an unhandled exception. Exception Info: exception

code c0000005, exception address 00452D96

Error - 19/03/2013 2:00:01 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000

Description = Faulting application aam updates notifier.exe, version 1.0.175.0,

faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0004f0f3.

Error - 20/03/2013 2:00:01 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000

Description = Faulting application aam updates notifier.exe, version 1.0.175.0,

faulting module rpcrt4.dll, version 5.2.3790.4759, fault address 0x00015d71.

Error - 07/04/2013 1:53:04 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000

Description = Faulting application adobe help.exe, version 0.0.0.0, faulting module

adobe air.dll, version 1.5.3.9120, fault address 0x000ba201.

Error - 07/04/2013 1:53:04 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000

Description = Faulting application adobe help.exe, version 0.0.0.0, faulting module

adobe air.dll, version 1.5.3.9120, fault address 0x000ba201.

Error - 07/04/2013 1:53:04 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000

Description = Faulting application adobe help.exe, version 0.0.0.0, faulting module

adobe air.dll, version 1.5.3.9120, fault address 0x000ba201.

Error - 07/04/2013 1:53:04 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Error | ID = 1000

Description = Faulting application adobe help.exe, version 0.0.0.0, faulting module

adobe air.dll, version 1.5.3.9120, fault address 0x000ba201.

Error - 07/04/2013 11:22:26 AM | Computer Name = DAN-AEU4I5P5IE0 | Source = CltMngSvc | ID = 1000

Description =

Error - 08/04/2013 7:24:00 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = Application Hang | ID = 1002

Description = Hanging application mpc-hc.exe, version 1.6.5.6215, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 09/04/2013 7:09:11 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000

Description = EventType clr20r3, P1 mwopatcher.exe, P2 1.4.1.0, P3 50ef70e7, P4

system.windows.forms, P5 2.0.0.0, P6 4889dee7, P7 1521, P8 17, P9 system.invalidoperationexception,

P10 NIL.

[ System Events ]

Error - 11/04/2013 12:02:27 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:02:28 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:02:28 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:02:29 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:02:29 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:02:31 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:06:37 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:06:37 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:08:59 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 11/04/2013 12:08:59 PM | Computer Name = DAN-AEU4I5P5IE0 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Please uninstall this application: µTorrent

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT3227975
    FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V8 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&CUI=UN67676009022138194&UM=2&SearchSource=3&q={searchTerms}"
    FF - prefs.js..extensions.enabledAddons: pricepeep%40getpricepeep.com:2.2.0.0
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN67676009022138194&UM=&q="
    [2013/04/08 00:42:21 | 000,053,939 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\pricepeep@getpricepeep.com.xpi
    [2013/04/07 11:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V8
    [2013/04/07 11:22:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2013/04/07 11:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PicViewer 3
    [2013/04/07 11:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SearchProtect
    [2013/03/24 23:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
    :files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Here's the log:

All processes killed

========== OTL ==========

HKU\S-1-5-21-2763265585-558305376-1988983592-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "MixiDJ V8 Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&CUI=UN67676009022138194&UM=2&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: pricepeep%40getpricepeep.com:2.2.0.0 removed from extensions.enabledAddons

Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CUI=UN67676009022138194&UM=&q=" removed from keyword.URL

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zlrixjzl.default\extensions\pricepeep@getpricepeep.com.xpi moved successfully.

C:\Program Files (x86)\MixiDJ_V8 folder moved successfully.

C:\Program Files (x86)\SearchProtect\ffprotect folder moved successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images folder moved successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spsd folder moved successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images folder moved successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\spbd folder moved successfully.

C:\Program Files (x86)\SearchProtect\Dialogs\lib folder moved successfully.

C:\Program Files (x86)\SearchProtect\Dialogs folder moved successfully.

C:\Program Files (x86)\SearchProtect\bin folder moved successfully.

C:\Program Files (x86)\SearchProtect folder moved successfully.

C:\Program Files (x86)\PicViewer 3 folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect\Dialogs folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\ffprotect folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\Dialogs\spsd\images folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\Dialogs\spsd folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\Dialogs\spbd\images folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\Dialogs\spbd folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\Dialogs\lib folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\Dialogs folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\SearchProtect folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\dvdcss\SONSOFANARCHY_S1_D4-2009061111490500-0f3dff4fe7 folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\dvdcss\SONSOFANARCHY_S1_D3-2009061114014700-0f3dff4fe7 folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\dvdcss\SONSOFANARCHY_S1_D2-2009061019130200-0f3dff4fe7 folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\dvdcss\SONSOFANARCHY_S1_D1-2009061018322900-0f3dff4fe7 folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\dvdcss\CYBORGFF-1999081811183900-00ed432e96 folder moved successfully.

C:\Documents and Settings\Administrator\Application Data\dvdcss folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 9713849720 bytes

->Temporary Internet Files folder emptied: 25702379 bytes

->FireFox cache emptied: 75711771 bytes

->Flash cache emptied: 16372572 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1114333 bytes

%systemroot%\System32 .tmp files removed: 1164457 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 718628 bytes

Total Files Cleaned = 9,379.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04122013_125739

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Everything seems to be back to normal, is there anything else I should do?

Share this post


Link to post
Share on other sites

Yes, we should clean these tools and to take a look at some prevention tips. :)

Please run OTL and click on CleanUp button.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.