Fake Antivirus Pop-Ups,Browser Redirected

[ru4real]

When searching in Google, I get redirected to sites I don't want to go to and keep getting pop-ups telling me I have a virus. Here are my logs......



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Johnson at 19:55:31.99 on Sat 01/15/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6109.4354 [GMT -6:00]

AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\qZone Games Player\GPlayer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Johnson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Users\Johnson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4822&r=173611096206p03c5v115k4881r22p
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Exetender] "C:\Program Files (x86)\qZone Games Player\GPlayer.exe" /runonstartup
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
dRun: [Exetender] "C:\Program Files (x86)\qZone Games Player\GPlayer.exe" /runonstartup
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://www.shockwave.com/content/tumblebugs/sis/axhost.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
IFEO: image file execution options - svchost.exe
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll
IFEO-X64: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://start.pogo.iplay.com/?o=shp
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: iWinGames Plugin: {98e34367-8df7-42b4-837b-20b892ff0849} - C:\ProgramData\iWin Games\firefox
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Tab Progress Bar: tabprogressbar@studio17.wordpress.com - %profile%\extensions\tabprogressbar@studio17.wordpress.com
FF - Ext: Favicon Picker 3: {446c03e0-2c35-11db-a98b-0800200c9a67} - %profile%\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: LogMeIn, Inc. Remote Access Plugin: LogMeInClient@logmein.com - %profile%\extensions\LogMeInClient@logmein.com
FF - Ext: Zoom Page: zoompage@DW-dev - %profile%\extensions\zoompage@DW-dev
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon Game Host: OberonGameHost@OberonGames.com - %profile%\extensions\OberonGameHost@OberonGames.com
FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: NCH EN Community Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - %profile%\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

============= SERVICES / DRIVERS ===============

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-7-1 352976]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 X5XSEx_Pr179;X5XSEx_Pr179;C:\Program Files (x86)\qZone Games Player\X5XSEx.sys [2011-1-8 55328]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-8-27 287960]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-27 138752]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HPHNDUSVC;HP Home Network Diagnostic Support Service;C:\Windows\system32\svchost.exe -k HPHNDUService [2009-7-13 27136]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2009-5-25 966144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-20 135664]
S4 iWinTrusted;iWinTrusted;C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2010-9-27 176408]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-27 240160]

=============== Created Last 30 ================

2011-01-14 08:19:05 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Malwarebytes
2011-01-14 08:18:57 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-14 08:18:57 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-14 08:18:53 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-14 08:18:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-13 07:10:17 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-01-13 07:10:17 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-01-13 07:10:17 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-01-13 07:10:17 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-01-13 07:10:17 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-01-13 07:10:12 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-01-13 07:10:11 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-01-10 07:17:40 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Bitstream
2011-01-08 10:35:34 -------- d-----w- C:\PROGRA~3\qZone Games Player
2011-01-08 10:35:27 -------- d-----w- C:\Remote Programs
2011-01-08 10:35:27 -------- d-----w- C:\Program Files (x86)\qZone Games (Purchase)
2011-01-08 10:35:23 -------- d-----w- C:\Program Files (x86)\qZone Games Player
2011-01-08 01:04:01 109240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-01-08 01:03:57 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-01-08 01:02:57 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2011-01-07 21:56:57 -------- d-----w- C:\PROGRA~3\Kaspersky Lab
2011-01-07 21:34:54 -------- d-----w- C:\PROGRA~3\Kaspersky Lab Setup Files
2011-01-07 10:27:05 -------- d-sh--w- C:\PROGRA~3\PIDFITS
2011-01-07 10:26:23 -------- d-sh--w- C:\PROGRA~3\da3680
2011-01-05 00:36:37 -------- d-----w- C:\PROGRA~3\Corel
2011-01-05 00:26:40 -------- d-----w- C:\Windows\pss
2011-01-04 08:31:42 -------- d-----w- C:\Program Files (x86)\Common Files\Corel
2011-01-04 07:47:34 -------- d-----w- C:\Program Files\Web Publish
2011-01-04 07:19:33 -------- d-----w- C:\Program Files (x86)\Corel
2010-12-28 02:03:25 -------- d-----w- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
2010-12-28 02:02:56 -------- d-----w- C:\PROGRA~3\Virtualized Applications
2010-12-26 06:49:50 -------- d-----w- C:\Downloads
2010-12-26 06:49:39 -------- d-----w- C:\Users\Johnson\AppData\Roaming\BitComet
2010-12-26 06:49:38 -------- d-----w- C:\Program Files (x86)\BitComet
2010-12-26 06:46:41 -------- d-----w- C:\Users\Johnson\AppData\Roaming\BitTorrent
2010-12-24 09:07:11 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Pogo Games
2010-12-24 02:20:41 -------- d-----w- C:\Users\Johnson\AppData\Roaming\Arkadium
2010-12-24 02:18:17 -------- d-----w- C:\Program Files (x86)\GamesBar
2010-12-24 02:18:16 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
2010-12-20 06:52:29 -------- d-----w- C:\PROGRA~3\magicJack
2010-12-19 10:48:23 -------- d-----w- C:\Program Files\iTunes
2010-12-19 10:48:23 -------- d-----w- C:\Program Files\iPod
2010-12-19 10:28:46 -------- d-----w- C:\Program Files\Bonjour
2010-12-19 10:04:36 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2010-12-18 17:55:29 -------- d-----w- C:\Program Files (x86)\PopCap Games
2010-12-18 17:55:29 -------- d-----w- C:\PROGRA~3\PopCap Games
2010-12-17 09:50:57 -------- d-----w- C:\PROGRA~3\regid.1986-12.com.adobe
2010-12-17 09:49:05 -------- d-----w- C:\PROGRA~3\ALM
2010-12-17 09:36:49 -------- d-----w- C:\set up ill

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

============= FINISH: 19:57:59.88 ===============

[ken545]

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.





OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

[ru4real]

Here are the logs you requested --


OTL logfile created on: 1/17/2011 7:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 34.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 803.16 Gb Free Space | 87.64% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Oberon Media\Parts\1.0.0.14\OberonParts.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)


========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/16 21:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/12/26 00:49:40 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/07 05:34:28 | 000,002,795 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.10 www.google.com
O1 - Hosts: 93.174.89.10 google.com
O1 - Hosts: 93.174.89.10 google.com.au
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 93.174.89.10 google.be
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 93.174.89.10 google.com.br
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 93.174.89.10 google.ca
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/def...x.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tum...sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/def...ploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2010/12/20 00:52:29 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2010/12/19 04:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2010/12/19 04:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/19 04:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/19 04:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/19 04:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2010/12/19 04:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/12/19 04:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010/12/19 04:04:36 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/17 18:42:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 18:09:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 18:09:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 12:42:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/15 19:59:51 | 000,003,942 | ---- | M] () -- C:\Users\Johnson\Desktop\Attach (2).zip
[2011/01/15 19:59:26 | 000,003,942 | ---- | M] () -- C:\Users\Johnson\Desktop\Attach.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:33:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/15 07:33:31 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:09:14 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 05:34:28 | 000,002,795 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/26 00:49:40 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/22 15:35:34 | 014,297,472 | ---- | M] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/19 04:48:47 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/19 04:04:36 | 000,001,275 | ---- | M] () -- C:\Users\Johnson\Desktop\Revo Uninstaller.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 19:59:51 | 000,003,942 | ---- | C] () -- C:\Users\Johnson\Desktop\Attach (2).zip
[2011/01/15 19:59:26 | 000,003,942 | ---- | C] () -- C:\Users\Johnson\Desktop\Attach.zip
[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:09:14 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/26 00:49:40 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/22 15:34:07 | 014,297,472 | ---- | C] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/21 18:29:11 | 000,164,741 | ---- | C] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/19 04:48:46 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/19 04:04:36 | 000,001,275 | ---- | C] () -- C:\Users\Johnson\Desktop\Revo Uninstaller.lnk
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== LOP Check ==========

[2010/11/27 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\A Gypsy's Tale - The Tower of Secrets
[2010/12/23 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2011/01/14 02:42:07 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2011/01/10 01:17:40 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2010/12/26 00:46:41 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/11/29 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Boomzap
[2010/05/31 22:51:20 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\FinalMediaPlayer
[2010/11/27 18:17:43 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\MumboJumbo
[2010/12/11 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\NCH Swift Sound
[2010/12/23 20:18:21 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Oberon Media
[2010/08/23 17:00:42 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Packard Bell
[2010/12/02 20:19:42 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\PandoraRecovery
[2010/12/24 03:07:11 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2011/01/15 07:12:02 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\SoftGrid Client
[2010/12/04 03:06:22 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Template
[2010/05/24 11:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\Tific
[2010/11/12 23:51:49 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\TP
[2010/12/13 02:03:58 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\WildTangent
[2010/12/27 20:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2010/04/21 23:04:14 | 000,000,294 | ---- | M] () -- C:\Windows\Tasks\Regwork.job
[2010/04/18 21:49:14 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(43).TXT
[2010/04/18 21:49:14 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(45).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(47).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(49).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(50).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(55).TXT
[2010/04/18 21:49:14 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(57).TXT
[2010/11/10 18:07:11 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >

[ru4real]

OTL Extras logfile created on: 1/17/2011 7:30:28 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 34.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 803.16 Gb Free Space | 87.64% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{7F05E704-30A6-421A-97A7-8EEB1C7FF011}" = Corel Shell Extension - 64Bit
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW(R) Graphics Suite X4 - Extra Content
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11F7808F-76AD-40E0-A8D9-6445DAEA3F5D}" = The Print Shop 23
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40a87585-3dea-47d0-8aac-c7c19689b431}" = Nero 9 Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80FDAE30-CDB6-4015-AFC7-86A762A5AD9B}" = CorelDRAW Graphics Suite X4 - Extra Content
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113269180}" = Mahjong Garden Deluxe
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{860D8515-58EE-4404-9C22-56B4EC1199A1}" = hp_pbk_knb_babygirl_playful01
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CAE7CB3-B7C0-41A2-B2E3-9BD16124A091}" = EasyInfo
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A914B055-D334-43D3-A8B7-E7519E10ACDE}" = qZone Games Player
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B314244C-753A-413B-B0F1-30972D6B58A0}" = HyperLoad - Mah Jongg
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Compact Wireless-G USB Adapter
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice's Magical Mahjong" = Alice's Magical Mahjong (remove only)
"Bejeweled 2" = Bejeweled 2 (remove only)
"BitComet" = BitComet 1.25
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ExpressBurn" = Express Burn Disc Burning Software
"FinalMediaPlayer_is1" = Final Media Player 2010
"GamesBar" = GamesBar 2.0.1.73
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest Mysteries 2 Trail of the Midnight Heart" = Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
"Jewel Quest Online Party" = Jewel Quest Online Party (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"Prism" = Prism Video Converter
"Revo Uninstaller" = Revo Uninstaller 1.90
"Rhapsody" = Rhapsody
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wordscape Online Party" = Wordscape Online Party (remove only)
"WT079623" = Zuma's Revenge
"WTA-00fad799-fe5e-44c6-94aa-468b3dec61ff" = Fishdom: Seasons Under the Sea
"WTA-034f4c36-09af-4489-be9d-f3a340505817" = Deer Drive
"WTA-0b176bba-62ec-4c98-89a7-16d71544dedb" = Polar Golfer Pineapple Cup
"WTA-16e8f3b8-90fd-408a-b350-69d7e2ce2ac8" = Bejeweled Twist
"WTA-1fb4af23-eb6e-4ae8-84a4-fc179861ed14" = Hoyle Enchanted Puzzles
"WTA-202049bf-d539-4da5-98d1-99746df50170" = 4 Elements
"WTA-393a93b8-5bc1-4bba-9924-a5f6b9a29af3" = A Gypsy's Tale: Tower of Secrets
"WTA-45e2a7c2-19a5-4fe1-9678-44bc7d4cfdb7" = World Mosaics 2
"WTA-4b186740-4ef2-4f43-ba55-ffde0a85dd5e" = Fishdom - Spooky Splash
"WTA-5ac90212-336e-44c2-8b0d-a6d916e74d4f" = LUXOR 5th Passage
"WTA-5fafbe07-d370-44b8-b885-39b08e85ffee" = Hunting Unlimited 2010
"WTA-79853c38-1b7a-40ab-a46c-84af6146dd80" = Hazen (R)
"WTA-9d24b586-7d2c-4747-a71d-500558737621" = Exorcist
"WTA-ae928fe4-3af6-49ba-8845-673228462388" = Dark Parables - Curse of Briar Rose
"WTA-bb1a6b26-365e-49a7-9e8e-ed3f6f17966f" = Chuzzle Deluxe
"WTA-cca5907f-c533-41e2-b0d6-da5ade39017f" = Hunting Unlimited 2008
"WTA-f396a328-3f2f-486e-a574-509ce58273ff" = Escape Whisper Valley (TM)
"WTA-f5ec34cc-2bb4-4887-b343-aaf6885af2de" = Hunting Unlimited 2011

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Liong The Lost Amulets" = Liong The Lost Amulets

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2010 3:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 4:23:41 AM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 10/11/2010 4:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 4:54:36 AM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 10/11/2010 5:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 6:17:57 AM | Computer Name = Johnson-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/11/2010 6:37:05 AM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 6:32:38 PM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

Error - 10/11/2010 6:37:05 PM | Computer Name = Johnson-PC | Source = Google Update | ID = 20
Description =

Error - 10/11/2010 7:37:08 PM | Computer Name = Johnson-PC | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
correctly. The malformed string is . The first DWORD in the Data section contains
the index value to the malformed string while the second and third DWORDs in the
Data section contain the last valid index values.

[ Media Center Events ]
Error - 5/19/2010 6:48:06 AM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 5:48:05 AM - Error connecting to the internet. 5:48:05 AM - Unable
to contact server..

Error - 5/19/2010 3:06:39 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 2:06:39 PM - Error connecting to the internet. 2:06:39 PM - Unable
to contact server..

Error - 5/19/2010 3:06:48 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 2:06:44 PM - Error connecting to the internet. 2:06:44 PM - Unable
to contact server..

Error - 11/10/2010 3:45:57 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 1:45:56 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 12/9/2010 3:12:30 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 1:12:20 PM - Failed to retrieve SportsSchedule (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 1/6/2011 3:44:19 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 1:44:18 PM - Error connecting to the internet. 1:44:18 PM - Unable
to contact server..

Error - 1/6/2011 4:44:29 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 2:44:28 PM - Error connecting to the internet. 2:44:28 PM - Unable
to contact server..

Error - 1/6/2011 5:44:41 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 3:44:41 PM - Error connecting to the internet. 3:44:41 PM - Unable
to contact server..

Error - 1/6/2011 6:46:42 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 4:46:41 PM - Error connecting to the internet. 4:46:41 PM - Unable
to contact server..

Error - 1/14/2011 5:39:11 PM | Computer Name = Johnson-PC | Source = MCUpdate | ID = 0
Description = 3:39:11 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)


[ System Events ]
Error - 1/14/2011 4:50:02 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126

Error - 1/14/2011 5:33:53 PM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/14/2011 5:35:54 PM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126

Error - 1/15/2011 9:16:30 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/15/2011 9:18:31 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126

Error - 1/15/2011 9:25:36 AM | Computer Name = Johnson-PC | Source = DCOM | ID = 10010
Description =

Error - 1/15/2011 9:25:41 AM | Computer Name = Johnson-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80080005: Security Update for Windows 7 for x64-based Systems (KB2419640).

Error - 1/15/2011 9:29:54 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/15/2011 9:34:02 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SymIM

Error - 1/15/2011 9:36:04 AM | Computer Name = Johnson-PC | Source = Service Control Manager | ID = 7023
Description = The HP Home Network Diagnostic Support Service service terminated
with the following error: %%126


< End of report >

[ken545]

Good Morning,

BitComet
BitTorrent
Using File Sharing programs like this is very dangerous, your downloading that file from an unknown source and a lot of those files are infected, its most likely how you infected your computer. I am going to ask you to uninstall them via Programs and Features in the Control Panel because basically if you do not you will become infected again and again and you will be wasting my time and the time of other helpers that may respond to your post.

• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, click the None button near the top (it may looked greyed out)
  
• In the window under Custom Scans/Fixes copy and paste the following
  
  :Commands
  [purity]
  [emptytemp]
  [RESETHOSTS]
  [start explorer]
  [Reboot]
  
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

[ru4real]

Hello....

This scan ran very quickly. I no sooner clicked the run scan button and the log immediately popped up. Anyway, this is what it showed:

OTL logfile created on: 1/18/2011 5:55:04 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 32.00% Memory free
12.00 Gb Paging File | 8.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 803.17 Gb Free Space | 87.64% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< :Commands >

< [purity] >

< [emptytemp] >

< [RESETHOSTS] >

< [start explorer] >

< [Reboot] >

< End of report >

[ken545]

Go ahead and run a new scan with OTL and post the log please

[ru4real]

I am sorry but did you want me to run the custom scan again or the first scan I did? Thanks so much!!

[ken545]

My bad, we need to run the fix again, do it this way and click on RUN FIX, not RUN SCAN


Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  Code:

  :Services
  :Commands
  [resethosts]
  [purity]
  [emptytemp]
  [createrestorepoint]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces.
• Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

[/list]

[ru4real]

Here are my logs...

All processes killed
Error: Unable to interpret <[resethosts]> in the current context!
Error: Unable to interpret <[purity]> in the current context!
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[createrestorepoint]> in the current context!

OTL by OldTimer - Version 3.2.20.2 log created on 01192011_143512

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...


And the second log.....

OTL logfile created on: 1/19/2011 2:39:26 PM - Run 3
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Johnson\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 5.00 Gb Available Physical Memory | 77.00% Memory free
12.00 Gb Paging File | 11.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 802.52 Gb Free Space | 87.57% Space Free | Partition Type: NTFS

Computer Name: JOHNSON-PC | User Name: Johnson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe (Hewlett-Packard Development Co. L.P.)


========== Modules (SafeList) ==========

MOD - C:\Users\Johnson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Updater Service) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe (Acer)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (iWinTrusted) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe (iWin Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (X5XSEx_Pr179) -- C:\Program Files (x86)\qZone Games Player\X5XSEx.sys (Exent Technologies Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v115k4881r22p
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://start.pogo.iplay.com/?o=shp"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: tabprogressbar@studio17.wordpress.com:0.6
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: zoompage@DW-dev:1.9
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1462
FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.2.5.2
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/12 01:39:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2010/11/12 21:57:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/26 00:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2011/01/07 19:03:19 | 000,000,000 | ---D | M]

[2010/11/08 18:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions
[2010/04/03 23:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/01/18 18:05:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/01/18 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/12/11 21:16:46 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\engine@conduit.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\foxmarks@kei.com
[2010/12/13 01:55:54 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\gamesbar@oberon-media.com
[2010/12/16 22:09:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\LogMeInClient@logmein.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\OberonGameHost@OberonGames.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\personas@christopher.beard
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] ("Tab Progress Bar") -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\tabprogressbar@studio17.wordpress.com
[2010/12/13 01:56:39 | 000,000,000 | ---D | M] (Zoom Page) -- C:\Users\Johnson\AppData\Roaming\mozilla\Firefox\Profiles\c1gyfajt.default\extensions\zoompage@DW-dev
[2010/11/23 12:16:00 | 000,000,915 | ---- | M] () -- C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\c1gyfajt.default\searchplugins\conduit.xml
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/10 18:17:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/07 19:04:01 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011/01/07 19:03:58 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/11/12 01:39:12 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2010/11/12 21:57:25 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2010/08/24 03:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/23 20:18:33 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober67310016.xml
[2010/12/09 20:51:07 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober79931215.xml
[2010/12/24 03:04:53 | 000,001,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\WebSearchober91690461.xml

O1 HOSTS File: ([2011/01/07 05:34:28 | 000,002,795 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.10 www.google.com
O1 - Hosts: 93.174.89.10 google.com
O1 - Hosts: 93.174.89.10 google.com.au
O1 - Hosts: 93.174.89.10 www.google.com.au
O1 - Hosts: 93.174.89.10 google.be
O1 - Hosts: 93.174.89.10 www.google.be
O1 - Hosts: 93.174.89.10 google.com.br
O1 - Hosts: 93.174.89.10 www.google.com.br
O1 - Hosts: 93.174.89.10 google.ca
O1 - Hosts: 93.174.89.10 www.google.ca
O1 - Hosts: 37 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.73\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Exetender] C:\Program Files (x86)\qZone Games Player\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} http://zone.msn.com/bingame/trix/def...x.1.0.0.87.cab (CPlayFirstTriJinxControl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} http://www.shockwave.com/content/tum...sis/axhost.cab (WildfireActiveXHost Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/def...ploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/19 14:34:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/19 01:42:48 | 082,812,200 | ---- | C] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 07:24:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/15 07:24:18 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/15 07:24:18 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/15 07:24:18 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/15 07:24:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/15 07:24:18 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/15 07:24:18 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/15 07:24:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/15 07:24:18 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/15 07:24:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/15 07:24:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/15 07:24:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/15 07:24:17 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/15 07:24:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/15 07:24:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/15 07:24:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/15 07:24:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/15 07:24:17 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/15 07:24:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/15 07:24:06 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/15 07:24:06 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/15 07:11:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:19:05 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Malwarebytes
[2011/01/14 02:18:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/14 02:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/14 02:18:53 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/01/14 02:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/01/14 02:17:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:08 | 000,287,240 | ---- | C] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 01:09:54 | 004,134,056 | ---- | C] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/10 01:17:40 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Bitstream
[2011/01/10 00:52:28 | 000,000,000 | ---D | C] -- C:\Users\Johnson\Documents\Corel User Files
[2011/01/08 04:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\qZone Games Player
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2011/01/08 04:35:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games (Purchase)
[2011/01/08 04:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\qZone Games Player
[2011/01/07 19:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2011
[2011/01/07 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/01/07 19:02:43 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 15:56:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/01/07 15:56:09 | 087,931,976 | ---- | C] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/01/07 15:34:47 | 111,998,120 | ---- | C] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 04:27:05 | 000,000,000 | -HSD | C] -- C:\ProgramData\PIDFITS
[2011/01/07 04:26:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\da3680
[2011/01/04 18:39:17 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Corel
[2011/01/04 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011/01/04 18:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011/01/04 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X4
[2011/01/04 18:26:40 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/01/04 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011/01/04 01:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2011/01/04 01:19:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2010/12/29 17:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2010/12/29 17:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/12/29 08:49:33 | 008,582,536 | ---- | C] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 20:03:25 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\{90140011-0062-0409-0000-0000000FF1CE}
[2010/12/27 20:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2010/12/26 00:49:50 | 000,000,000 | ---D | C] -- C:\Downloads
[2010/12/26 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitComet
[2010/12/26 00:49:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitComet
[2010/12/26 00:46:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\BitTorrent
[2010/12/24 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Pogo Games
[2010/12/24 00:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/12/23 20:20:41 | 000,000,000 | ---D | C] -- C:\Users\Johnson\AppData\Roaming\Arkadium
[2010/12/23 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2010/12/23 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2010/12/23 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2010/12/23 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/19 14:43:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 14:43:46 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/19 14:43:10 | 000,005,108 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/19 14:42:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/19 14:36:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/19 14:36:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/19 14:36:00 | 509,456,383 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/19 01:52:22 | 082,812,200 | ---- | M] (Apple Inc.) -- C:\Users\Johnson\Desktop\iTunes64Setup.exe
[2011/01/17 19:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\OTL.exe
[2011/01/15 19:55:12 | 000,624,128 | ---- | M] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/15 07:11:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Johnson\Desktop\TFC.exe
[2011/01/14 02:18:58 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/14 02:18:20 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Johnson\Desktop\mbam-setup-1.50.1.1100.exe
[2011/01/14 01:41:09 | 000,287,240 | ---- | M] (Oberon Media, Inc.) -- C:\Users\Johnson\Desktop\bejeweled_3_89819902-setup.exe
[2011/01/13 21:08:06 | 000,033,280 | ---- | M] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/13 20:45:15 | 005,845,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/01/13 20:17:50 | 000,081,408 | ---- | M] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/13 01:10:03 | 004,134,056 | ---- | M] (Kraft Foods) -- C:\Users\Johnson\Desktop\nwmj.exe
[2011/01/11 19:09:14 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,000,065 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:36:32 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/01/07 19:36:30 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:36:30 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/07 15:56:14 | 087,931,976 | ---- | M] ( ) -- C:\Users\Johnson\Desktop\setup_9.0.0.722_07.01.2011_22-36.exe
[2011/01/07 15:34:54 | 111,998,120 | ---- | M] (Kaspersky Lab) -- C:\Users\Johnson\Desktop\kis11.0.1.400_en_us.exe
[2011/01/07 05:34:28 | 000,002,795 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/01/02 20:55:17 | 000,037,376 | ---- | M] () -- C:\Users\Johnson\Documents\Book11 (Autosaved).xls
[2011/01/02 20:46:19 | 000,008,529 | ---- | M] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | M] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:24 | 000,016,711 | ---- | M] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:20 | 001,143,181 | ---- | M] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:42:55 | 000,210,603 | ---- | M] () -- C:\Windows\hpoins21.dat
[2011/01/01 05:34:17 | 002,740,320 | ---- | M] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/31 17:18:59 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2010/12/29 08:51:07 | 008,582,536 | ---- | M] (Mozilla) -- C:\Users\Johnson\Desktop\Firefox Setup 3.6.13.exe
[2010/12/27 19:56:56 | 327,118,416 | ---- | M] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/25 21:55:32 | 000,164,741 | ---- | M] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/24 03:06:26 | 000,002,212 | ---- | M] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 19:42:37 | 000,164,359 | ---- | M] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/22 15:35:34 | 014,297,472 | ---- | M] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 19:55:12 | 000,624,128 | ---- | C] () -- C:\Users\Johnson\Desktop\dds.scr
[2011/01/14 02:18:58 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/13 21:03:33 | 000,033,280 | ---- | C] () -- C:\Users\Johnson\Desktop\PrePaidphoneservice2007.DOC
[2011/01/11 19:09:14 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Alices Magical Mahjong.lnk
[2011/01/11 19:03:02 | 000,002,199 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.lnk
[2011/01/08 04:35:34 | 000,007,542 | ---- | C] () -- C:\Windows\Qwest.ico
[2011/01/08 04:35:34 | 000,000,065 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/01/07 19:03:52 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/01/07 19:03:52 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/01/02 20:46:19 | 000,008,529 | ---- | C] () -- C:\Users\Johnson\Documents\MetLife.eps.zip
[2011/01/02 20:45:50 | 000,010,581 | ---- | C] () -- C:\Users\Johnson\Documents\New_York_Life.eps.zip
[2011/01/02 20:45:23 | 000,016,711 | ---- | C] () -- C:\Users\Johnson\Documents\State_Farm_Insurance.eps.zip
[2011/01/02 16:53:16 | 001,143,181 | ---- | C] () -- C:\Users\Johnson\Documents\Dakota Poster.ai
[2011/01/01 05:39:06 | 000,210,586 | ---- | C] () -- C:\Windows\hpoins21.dat.temp
[2011/01/01 05:39:06 | 000,005,474 | ---- | C] () -- C:\Windows\hpomdl21.dat.temp
[2011/01/01 05:34:09 | 002,740,320 | ---- | C] () -- C:\Users\Johnson\Desktop\HPHNDU.exe
[2010/12/27 19:22:28 | 327,118,416 | ---- | C] () -- C:\Users\Johnson\Desktop\PS_AIO_02_Net_Full_Win_WW_130_140.exe
[2010/12/24 03:06:26 | 000,002,212 | ---- | C] () -- C:\Users\Johnson\Desktop\Mahjong Garden Deluxe.lnk
[2010/12/23 18:56:30 | 000,164,359 | ---- | C] () -- C:\Users\Johnson\Documents\dakota Child.ai
[2010/12/23 18:04:33 | 000,074,240 | ---- | C] () -- C:\Users\Johnson\Desktop\keygen.exe
[2010/12/22 15:34:07 | 014,297,472 | ---- | C] () -- C:\Users\Johnson\Documents\c01102249.pdf
[2010/12/21 18:29:11 | 000,164,741 | ---- | C] () -- C:\Users\Johnson\Documents\dakota.ai
[2010/12/03 10:26:26 | 000,229,370 | ---- | C] () -- C:\Users\Johnson\AppData\Local\clear.log
[2010/11/26 03:01:12 | 000,005,108 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/12 00:01:50 | 000,003,891 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/10 01:14:54 | 000,000,000 | ---- | C] () -- C:\Users\Johnson\AppData\Roaming\wklnhst.dat
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/25 11:08:19 | 000,081,408 | ---- | C] () -- C:\Users\Johnson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/14 19:20:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/03/09 18:28:54 | 000,000,160 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006/08/25 02:31:13 | 000,001,361 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:FF3DA68B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:5F132B4F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:C5CE2DF6
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:029E021F
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:7ACDD583
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:4EFDF5FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D6255023
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5095D8B1
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:972E051C

< End of report >